1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Website hosting (confidential data)

Collapse
X
1 to 3 of 3 Previous template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
1 to 3 of 3 Previous template Next
    #1

    Website hosting (confidential data)

    A friend has asked me whether I can knock together a database (web fronted) to store names/addresses/phone numbers etc.

    I'm a bit concerned about the data security aspect though. Would it be suffiecient to use my existing ISP / Domain host ... make sure that the site is secure (SSL) and password protect user access OR are there guidelimes that MUST be followed when dealing with this type of data?

    Any comments / help / links appreciated !!
    Tags: None
    #2
    You're going to bump up against Data Protection legislation with this one. There are very strict rules on how and why you can store this kind of information.

    Start here for the basics - Information Commissioners Office.

    You dont just need to worry about SSL and passwords you need to worry about building a secure database and web interface that can stand up to any attempts to compromise it by a third party.

    Without going into details, there are people on here far more qualified than me to do that, you need to be thinking about ensuring that unused services on the hosting server are disabled, that your web code is secure and not able to be exploited by known security loopholes ( cross site scripting, SQL injecttion etc ), that the data your underlying database is secure and that you properly authorise access to the site and database. This is just for starters.


    Getting it wrong and losing sensitive personal data can land you in a lot of trouble so you need to be sure you get it right.
    "Being nice costs nothing and sometimes gets you extra bacon" - Pondlife.

    Comment

      #3
      Originally posted by DaveB View Post
      You're going to bump up against Data Protection legislation with this one. There are very strict rules on how and why you can store this kind of information.

      Start here for the basics - Information Commissioners Office.

      You dont just need to worry about SSL and passwords you need to worry about building a secure database and web interface that can stand up to any attempts to compromise it by a third party.

      Without going into details, there are people on here far more qualified than me to do that, you need to be thinking about ensuring that unused services on the hosting server are disabled, that your web code is secure and not able to be exploited by known security loopholes ( cross site scripting, SQL injecttion etc ), that the data your underlying database is secure and that you properly authorise access to the site and database. This is just for starters.


      Getting it wrong and losing sensitive personal data can land you in a lot of trouble so you need to be sure you get it right.
      Cheers Dave - interesting reading

      Comment

      Reply to Thread
      1 to 3 of 3 Previous template Next

      Advertisers

      1. Contracting
        1. General
          1. Brexit
        2. Business / Contracts
          1. Coronavirus Assistance
        3. Accounting / Legal
          1. Umbrella Companies
          2. HMRC Scheme Enquiries
          3. The Future of Contracting
          4. IR35 Reform
        4. Technical
        5. Welcome / FAQs
      2. Social
        1. Light Relief
        2. Social / Events
      Working...
      X