AnswersSearchHelp
Boston University home page
Secure Transactions
  Overview
  Introduction
  Install PGP
  Create Keys
  Backup/Upload
  Create Secure Forms
  Notify Webmaster
  Test Your Forms
    Also see
  Importing your keys
 


Create Secure Forms

If you have not yet created the forms which will use PGP encryption, find out about forms at Boston University.

If you've already created your forms, add the following tag to your forms' HTML code:

<input type="hidden" name="encrypt" value="yes">

Note: The e-mail address to which the forms' data is sent must match the departmental e-mail address specified during the installation of PGP software. The PGP-encrypted form data will be unreadable if sent to any other address. In many cases, those who have access to this e-mail address are not those producing the web forms, so the two groups will have to test the forms together.

Create a new location for your secure form

As any insecure form you have used in the past might be linked to from remote sites, you should create a new location for your secure form when adding PGP encryption to an existing form. This will ensure that outdated records of the older form's web address (in e-mail messages, in web browser bookmarks, on hand-written notes, etc.) will not be used to access the form via the insecure http protocol.

Make your form submit securely using SSL

The Secure Sockets Layer (SSL), or "https" protocol, allows you to transmit information securely. In order to ensure that information is transmitted securely to our server, you must make sure that the HTML code of your form contains "https" in the following tag:

<form method="post" action="https://www.bu.edu/htbin/ponyexpress2">

For more about the http protocol, read about the components of a web address.

Link to your form with SSL

Creating links to your form with the secure "https" protocol instead of the regular "http" protocol will initiate the secure connection before your visitors see the form. This ensures that any resulting security-related messages visitors might see will occur before they load the form--instead of during the form submission, when it can cause needless concern.

Link to your return page with SSL

A return page is most often a thank you message that the visitor gets after clicking the Submit button on your form. If you give the full address to your return page using "https" in your form's return tag (one of the hidden form tags), you can delay leaving the secure connection (and any alerts that your visitors might see as a result) until after your visitors have seen the confirmation page.

When you link from a secure form to a thank you page, make sure to use the regular http protocol on all links from the thank you page. You need to do this in order to terminate the secure connection with the web server.

 
WebCentral UsingPublishingLearningTrainingConsultingWebCentral
AnswersSearchHelp
NIS  |  OIT  |  Boston University  |   October 21, 2003