Website hosting (confidential data)

Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Billy Pilgrim replied

17 May 2010, 15:19
Originally posted by DaveB View Post

You're going to bump up against Data Protection legislation with this one. There are very strict rules on how and why you can store this kind of information.

Start here for the basics - Information Commissioners Office.

You dont just need to worry about SSL and passwords you need to worry about building a secure database and web interface that can stand up to any attempts to compromise it by a third party.

Without going into details, there are people on here far more qualified than me to do that, you need to be thinking about ensuring that unused services on the hosting server are disabled, that your web code is secure and not able to be exploited by known security loopholes ( cross site scripting, SQL injecttion etc ), that the data your underlying database is secure and that you properly authorise access to the site and database. This is just for starters.

Getting it wrong and losing sensitive personal data can land you in a lot of trouble so you need to be sure you get it right.

Cheers Dave - interesting reading
Leave a comment:
DaveB replied

5 May 2010, 15:13
You're going to bump up against Data Protection legislation with this one. There are very strict rules on how and why you can store this kind of information.

Start here for the basics - Information Commissioners Office.

You dont just need to worry about SSL and passwords you need to worry about building a secure database and web interface that can stand up to any attempts to compromise it by a third party.

Without going into details, there are people on here far more qualified than me to do that, you need to be thinking about ensuring that unused services on the hosting server are disabled, that your web code is secure and not able to be exploited by known security loopholes ( cross site scripting, SQL injecttion etc ), that the data your underlying database is secure and that you properly authorise access to the site and database. This is just for starters.

Getting it wrong and losing sensitive personal data can land you in a lot of trouble so you need to be sure you get it right.
Leave a comment:
Billy Pilgrim started a topic Website hosting (confidential data)

5 May 2010, 14:49
Website hosting (confidential data)

A friend has asked me whether I can knock together a database (web fronted) to store names/addresses/phone numbers etc.

I'm a bit concerned about the data security aspect though. Would it be suffiecient to use my existing ISP / Domain host ... make sure that the site is secure (SSL) and password protect user access OR are there guidelimes that MUST be followed when dealing with this type of data?

Any comments / help / links appreciated !!
Tags: None