W3C home > Mailing lists > Public > site-comments@w3.org > May 2010

Database/SSL Security

From: John Carrell <carrell.john@gmail.com>
Date: Wed, 19 May 2010 20:35:26 +0000
Message-Id: <AANLkTil9hMcxZUYWuutZ7o8fcS8Lx6_NlF_4xMaYynkP@mail.gmail.com>
To: site-comments@w3.org
Hello. I'm new to web development though I've been experimenting with  
computer programming since I was young. I have some questions  
regarding security standards for a site I'm creating now. The site is  
for an eye doctor's practice. Most of it is just the usual information  
and pictures but we decided to add the functionality of an online  
medical history form.. Patients can go to the website and fill out  
their medical history for the office staff to retrieve. The patients  
don't have to "log in," they simply fill out the form and it's gone.  
They cannot access it to modify to it. The office staff can then  
retrieve the information, delete it and print it. The site is SSL  
secured and has a redirect to the HTTPS protocol. I'm wondering, as  
I'm sure there are legal ramifications for both the doctor and I to  
make sure that this data is secure (it does include the patient's SS  
#). In addition to the Secure Socket Layer what other security am I  
expected to enforce to keep this site up to the current standards? Are  
there guidelines for the administrative password to keep someone from  
being able to access that portion of the site. Is it necessary to  
encrypt the sensitive information when it's stored in the database?  
I've also heard about hackers being able to submit forms and trick the  
SQL query to return other information and do undesired things. How can  
I prevent this? I feel certain that someone has set a standard that we  
can stand by if a legal matter came up regarding the security of our  
site, not to mention having this would encourage our users to feel  
safe entering their data.

Please direct me to the right place or answer these questions directly  
if you can as I'm a bit lost on where else to look. Thank you in  
advance for your help!

-- 
John Carrell
1002 B W. Pine St.
Missoula, MT, 59802
630 650 5157
Received on Wednesday, 19 May 2010 20:39:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 24 October 2012 16:21:33 GMT