Good Afternoon everyone,

I was wondering if something like this would be safe or not....

I am doing a web page for a mortgage company. Now they want to be able to have a vistor fill out a quick application (php form), which requires their SSN. Very risky, I know. Would the following suffice?

1. Customer fills out form via SSL cert.
2. Form data sent to e-mail address
3. Client uses POP3 SSL to retreive data.

Is this an okay way of doing this? Or is the information still at risk?

Any thoughts would be appreciated.

Thanks,

No, it's still insecure. PHP sending the information to the mail server is not secure, even though the Pop3 can be.

The best way is to store the info in an encrypted database and send a notification email to the client that a new record was added and give them link to a SSL site. The SSL site needs to require a login. Once logged in they should be able to see a list of visitor info, including SSN.

I knew you were going to say that :) But I'm glad I asked. Now I need to research a way to encrypt the information in a database.

Thanks for your assistance :)