+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12)
+--- Thread: Send message (/showthread.php?tid=65523)
Send message - davy_yg - 06-22-2016
Hello,
I have one question: what is the purpose of encrypting messages?
Like if I have a contact form do I have to encrypted it?
What is the point?
When do we need to use encryption?
Thanks.
RE: Send message - InsiteFX - 06-22-2016
Anytime that you need to keep personal user data secure so that hackers cannot get their information.
RE: Send message - TopCoder - 07-14-2016
For most general purposes simple SSL will be sufficient, I would say about 99.9999% of website contact forms do not send encrypted messages.
RE: Send message - davy_yg - 07-16-2016
SSL = https:\\ ?
Yes, why do I need to use encrypted messages for contact form? Is it easy to hack?
I thought it is difficult to hack contact form message that coded with CI ?
RE: Send message - Muzikant - 07-17-2016
You should encrypt messages to keep privacy of your users. It is a good practice now.
RE: Send message - ivantcholakov - 07-17-2016
1. If your site uses https protocol then the traffic between the web-server and the browser gets encrypted. I man-in-the-middle while is sniffing this traffic would not be able to decrypt it and to see the information. Especially people that use public unencrypted wi-fi points are vulnerable if https protocol is not enforced.
2. If your contact form uses the email library to provide confirmation messages when the contact form is submitted, then you have to watch how the web-server connects to the mailer server. If SMTP is used, set this protocol to apply 'tls' encryption (or the older 'ssl' encryption if this is the only available option). The reason is obvious - protection against sniffing of the traffic between the web-server and the email-server.
3. Every other existing communication of the web-server with other remote servers (accessing database server through TCP/IP protocol, accessing external web-services, etc.) is good to be encrypted too, measures and options to be chosen vary. External web-services usually use https protocol.