Security question

**A77** · 08-Jul-2007, 06:10 AM

Hi !
I paste this text from your lovely How- To Guides

"With Just HTTPS, form submissions insure

Worse still, the email may be stored on your server for some hours or days before you collect it. While it is stored, your customer's private information is viewableby people who have access to your server. "

I don't understand this part by people who have access to your server.
Do you mean by staff in my company or other people who has their website in the same server. Would you please explain this part for me ?

Your sincerely
Andre ( Sweden )

**russellr** · 08-Jul-2007, 12:32 PM

Hi Andre,

Let's say I send you this message by email:

This is a great secret...tell no one.

The email travels from my PC to my server to your server and awaits you to collect it.

It's stored in files on your server, and anyone who can login to your server and has access permissions to the file that the email is stored in, can read the message.

Depending on the security design of your server operating system and the security policy of your hosting provider, other people who share the physical server with you might be able to read the file and my secret message.

The hosting provider's staff, can certainly read it.

With a form submission using HTTPS, the message is secure until it is stored on your server awaiting collection from your email inbox.

**A77** · 08-Jul-2007, 03:00 PM

Ok ! Thank you for this info.

Your Sincerely
Andre

**russellr** · 08-Jul-2007, 08:03 PM

Hi,

Of course, that's where FormMailEncoder comes in. The form submission is strongly encrypted after it arrives on your server and before is sent to you by email.

It is unreadable by anyone no matter how long it is stored on your server's email inbox (and if your mail box is on a different server to your form, it is safe during tranmission between your wbe server and your mail server).

Only when you download it and decrypt it with FormMailDecoder, are you able to read it.