stackoom
  简体   繁体   中英

How Can I Encrypt a File Uploaded via Contact Form 7 in Wordpress and Decrypt it Before Sending it By Email Over TLS

 原文  2016-03-18 13:39:13       wordpress/ encryption/ attachment

Question

I am developing a WordPress web site for a health care organisation where data from users of the website must be treated very securely. Users of the website can use a contact form to send information to the organisation. The form is built using Contact Form 7. The web site uses HTTPS with a valid certificate. So data is transferred from the form on the browser to the web server where it is immediately sent via email over TLS to the organisation's mail server which is configured for TLS. No data from the form is stored on the server either in file or in a database. The data in only ever in unencrypted form (in memory) for as long as the HTTPS request / response cycle.

However, the organisation now wants to let users upload a file along with the contact form data. Contact Form 7 supports file upload. The connection is still HTTPS so the file will be encrypted on the way up to the web server. The file will be stored temporarily on the web server before being attached to the email that is sent over TLS to the mail server. The file will be deleted once the email has been sent.

So there is now a chink in the armour. That chink is the file that is stored "temporarily" on the server. Using the default upload option, the file will be stored in unencrypted format. This means that the data exists outside of process memory in a decrypted format for a period of time. Furthermore, although the intention is that the file is only kept in decrypted format for a short period of time, this may not always be the case. For example, the file deletion may fail or may not even happen due to some prior error.

So my question is whether it is possible to ensure that the uploaded file is only ever stored in encrypted form on the web server AND additionally is decrypted in memory before sending via email.

I can't find a way of doing this with Contact Form 7. Also I haven't been able to find another plugin that does this.

Any ideas or suggestions?

Thanks.

1 answers

solution1
 0  2016-03-18 14:09:34

First of all, plugin recommendation requests are off-topic on SO.

Secondly, and most importantly, what you are trying to do with the contact form, the personal data involved and encryption has huge legal liabilities when you do things wrong.

You need to know know - and possibly your employer needs to know, too, being a health organization - that you're dealing with federal law, specifically HIPAA. Read http://www.hhs.gov/hipaa/

Tell your employer to hire a professional with experience in HIPAA compliant servers and data storage principles.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How can I encrypt form data from Contact Form 7 on WordPress? how can I filter before contact form 7 (wordpress) send email and later go back to my normal flow? I can't file uploaded contact form 7 Wordpress Contact Form - sending form to group email Connecting a form to email via Contact Form 7 on Wordpress Wordpress - Contact Form 7 Not Sending to Certain Email Sending an email to all users via contact form How to submit a Contact Form without sending email? How to change data before sending in Contact form 7? contact form 7 3.5.2 not sending email fter upgrading wordpress 3.6
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM