When you use database connectivity over the Internet, you must use the Secure Sockets Layer protocol to confidentially obtain credit card numbers, addresses, or any other information that should not be divulged to others.
The SSL protocol provides communication privacy over networks by using a combination of public key cryptography and bulk data encryption for data privacy. By using this protocol, clients and servers can communicate in a way that prevents eavesdropping, tampering, or message forgery.
For optimum efficiency, store the form requesting confidential information in a directory not enabled for SSL, but set the confidential information to return to an SSL-enabled directory. This directory is specified in the button used to submit the form, as illustrated in Figure 5.22.
Figure 5.22 SSL process and directory configuration
Step 1 shows the order form sent to the client from a directory that is not enabled for SSL. Step 2 demonstrates that the completed form, with address and credit card information, is sent back to an SSL-enabled directory by clicking Submit order, which runs the request https://orderdesk/secure/order.idc?parameters. Step 3 shows that the response is returned to the client through Order.htx.
For more information about SSL, see Chapter 3, "Server Security on the Internet."