sensitive data collection practices with ColdFusion

Question about collecting sensitive data. We have a form set up with an ssl cert On the form there is an tax id number / social security box The data gets posted to a mysql database a) do you recommend adding additional encryption to the data when we put it into the database b) there is an auto email sent to the client's backoffice where the data is received - what is a good practice for handling the sensitive data on the email? Thank you

> Question about collecting sensitive data. Any answer you're likely to get here will be incomplete - including mine. You may have specific statutes with which you must comply, also. > We have a form set up with an ssl cert > On the form there is an tax id number / social security box > The data gets posted to a mysql database > a) do you recommend adding additional encryption to the data when we put it > into the database A yes or no answer here isn't really that useful. What is the threat profile for the data? Where would you store encryption keys? Any time you start talking about encryption, that should really be the first question you address - where do the keys go? As a short answer, if you encrypt the data from your CF application, and the same CF application has the ability to decrypt the data, then if your CF application is compromised - which is the most likely outcome from an external attack - the encryption won't really provide much value. Ideally, your public-facing application would have the ability to encrypt data, but not decrypt it. You might have an internal, private-facing application on a separate server that can decrypt the data, but not encrypt it. > b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email? One option is to exclude the sensitive information from the email. The email could simply contain a link to a page that requires authentication to view the sensitive data. Alternatively, there are mechanisms for encrypting email, although I don't know offhand how well they play with CF. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite.

Thank you Dave, you made some good points and I'm grateful for your feedback. > Question about collecting sensitive data. Any answer you're likely to get here will be incomplete - including mine. You may have specific statutes with which you must comply, also. > We have a form set up with an ssl cert > On the form there is an tax id number / social security box > The data gets posted to a mysql database > a) do you recommend adding additional encryption to the data when we put it > into the database A yes or no answer here isn't really that useful. What is the threat profile for the data? Where would you store encryption keys? Any time you start talking about encryption, that should really be the first question you address - where do the keys go? As a short answer, if you encrypt the data from your CF application, and the same CF application has the ability to decrypt the data, then if your CF application is compromised - which is the most likely outcome from an external attack - the encryption won't really provide much value. Ideally, your public-facing application would have the ability to encrypt data, but not decrypt it. You might have an internal, private-facing application on a separate server that can decrypt the data, but not encrypt it. > b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email? One option is to exclude the sensitive information from the email. The email could simply contain a link to a page that requires authentication to view the sensitive data. Alternatively, there are mechanisms for encrypting email, although I don't know offhand how well they play with CF. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or onsite.

"> b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email?" Dont.. set up an admin interface and let them know they have data to attend to. Sending SSN's and TIN's over email is a bad idea. Stick the admin interface behind an SSL cert ----- Excess quoted text cut - see Original Post for more -----

That's an excellent point - thank you Scott "> b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email?" Dont.. set up an admin interface and let them know they have data to attend to. Sending SSN's and TIN's over email is a bad idea. Stick the admin interface behind an SSL cert > > Question about collecting sensitive data. > We have a form set up with an ssl cert > On the form there is an tax id number / social security box > The data gets posted to a mysql database > a) do you recommend adding additional encryption to the data when we put it > into the database > b) there is an auto email sent to the client's backoffice where the data is > received - what is a good practice for handling the sensitive data on the > email? > > Thank you > > >

> b) there is an auto email sent to the client's backoffice where the data > Is received - what is a good practice for handling the sensitive data on the email? I do exactly this on one of my sites. Instead of putting the data in an email I write out an encrypted password protected PDF file to a protected area on disk, then I attach the file to the email; then delete the file from disk. The email recipient knows the password to the PDF. This works very well. I can send you some code snips if you need but it's rather straight forward. Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or.  It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged __________ Information from ESET Smart Security, version of virus signature database 5326 (20100730) __________ The message was checked by ESET Smart Security. http://www.eset.com

Wow, nice technique - yes I would definitely like to see the code > b) there is an auto email sent to the client's backoffice where the data > Is received - what is a good practice for handling the sensitive data on the email? I do exactly this on one of my sites. Instead of putting the data in an email I write out an encrypted password protected PDF file to a protected area on disk, then I attach the file to the email; then delete the file from disk. The email recipient knows the password to the PDF. This works very well. I can send you some code snips if you need but it's rather straight forward. Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or.  It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged __________ Information from ESET Smart Security, version of virus signature database 5326 (20100730) __________ The message was checked by ESET Smart Security. http://www.eset.com

HOPE THIS HELPS... To create the PDF file:   <cfset pdfdocname="#CreateUUID()#.pdf">   <cfdocument format="PDF" userPassword="YOURPASSWORDHERE" encryption="128-bit" filename="rootpath\EXTENDEDPATHTOSECUREFOLDER\#pdfdocname#" permissions="AllowPrinting">     <cfoutput>     YOUR FORMATTED OUTPUT HERE     </cfoutput>   </cfdocument> To attach to email:   <cfmail from="YOURFROMADDRESS" to="YOURTOADDRESS" Subject="YOURSUBJECT" server="#smtpid#" type="html">     <cfmailparam file = "rootpath\EXTENDEDPATHTOSECUREFOLDER\#pdfdocname#">     <p>YOURMESSAGEHERE submitted at #TimeFormat(Now(),"HH:mm:ss")#, #DateFormat(Now(),"MM/DD/YY")#.</p>     <p>Details are in the attached file. This file is password protected.</p>   </cfmail> Afterwards delete the file... I'm doing it with a scheduled tasks that runs every 10 minutes and deletes any file that?s more than 10 minutes old. That gives the CFMAIL enough time to send the file before you delete it. Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or.  It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged Wow, nice technique - yes I would definitely like to see the code > b) there is an auto email sent to the client's backoffice where the data > Is received - what is a good practice for handling the sensitive data on the email? I do exactly this on one of my sites. Instead of putting the data in an email I write out an encrypted password protected PDF file to a protected area on disk, then I attach the file to the email; then delete the file from disk. The email recipient knows the password to the PDF. This works very well. I can send you some code snips if you need but it's rather straight forward. Robert B. Harrison Director of Interactive Services Austin & Williams 125 Kennedy Drive, Suite 100 Hauppauge NY 11788 P : 631.231.6600 Ext. 119 F : 631.434.7022 http://www.austin-williams.com Great advertising can't be either/or.  It must be &. Plug in to our blog: A&W Unplugged http://www.austin-williams.com/unplugged __________ Information from ESET Smart Security, version of virus signature database 5326 (20100730) __________ The message was checked by ESET Smart Security. http://www.eset.com