Are Web forms really secure?
Recently updated on
Filling out forms on Web sites is commonplace. Whether it is an online job application, an online purchase, information request - they all require Web site visitors to enter information into a form and press the submit button. Some of these - perhaps many - offer the opportunity to share sensitive information. Certainly in the case of an online job application or an online purchase, the form is likely to require some sensitive information.
So, how secure is that sensitive information?
Most people are familiar with the front-line form security - the secure Web page. This is the Web page that contains the form and is characterized by a lock icon appearing on the browser (also indicated in the address bar with https preceding the Web page address). A Web page is secured using a Secure Sockets Layer (SSL) Certificate.
The SSL Certificate has two main functions. First, it verifies that the visitor is on the expected Web page. Second, it scrambles the form information when the visitor submits it to the Web server computer. An SSL certificate costs less than $200 per year and is one of the easiest and least expensive forms of security on the Web.
Unfortunately, securing a Web page with an SSL Certificate is often where the security ends, but it shouldn't. Security is most likely to break down after the form information is securely transmitted to the server, where it is completely invisible to the user.
One of the most common actions taken by the server after form information is received is to send it in an email message to a site administrator. This is insecure.
In essence, it is taking the same information that was scrambled by the SSL Certificate when initially submitted and re-transmitting it unscrambled in an open text email message. This undermines the entire purpose of the SSL Certificate.
A better alternative would be to store the form information on the server. Then the server sends the administrator an email that just says, "Someone just submitted a form, click here to view it." This email does not contain any form information. Instead, it simply links back to an administrative Web page on the server. The administrator clicks on the link and is required to log in with a username and password. Once successfully logged in, the administrator can view the form information on the administrative Web page, secured using the same SSL certificate.
The final stage of security is to protect the form information while it is stored on the server. As described above, the submitted form information is stored on the server, in a database. Form after form is accumulated in this server database. The problem is that database information is stored in clear text.
Now, the server itself is probably secured (requiring usernames and passwords to gain access), but there may be a number of people with access to that server - staff at the company that hosts your site, staff at your Web development firm, other individuals with Web sites on the same server. Anyone with access to the server (or someone who is able to hack their logins) might be able to gain access to the database. This makes storing the accumulated form information in a clear text database a long-term and growing security risk.
To counteract this risk, the sensitive data can be scrambled within the database. For example, certain fields can be designated as sensitive (social security number, driver's license number, credit card number, etc.) and scrambled. Now, if someone gains access to the database, all of the sensitive information will be scrambled.
When the administrator logs in to view the form information, an additional password is required to unscramble the secure information.
The process outlined above is a belt-and-suspenders approach to form security and may be overkill in certain instances. However, each Web-based form should be scrutinized to see if sensitive information could be entered. Even a simple "Contact Us" form can contain sensitive information (for example, people can sometimes describe specific health conditions in the comments field of a hospital "Contact Us" form).
Make it a point to understand what happens to form information once it is received by the server. If you are receiving form information in email, be especially aware.
Updated: September 28, 2021 for link rot