be Smart.
be Secure.
Phone: 800-441-6612

Can your web and PDF forms save to an Encrypted Database?

Many web form processing systems allow you to save the form posts in a database.  However, for security and compliance reasons, that is not really very secure.  Of course, if your form processing and the database are in a secure, compliant environment (e.g. a HIPAA-compliant dedicated server), then the situation is better and it may be OK to have your form data saved unencrypted in your database.

However, as the person doing your compliance risk analysis will tell you, it is always better to have data encrypted at rest if you have a choice.  That greatly reduces your risk of breach / compromise.  The problem is: these web form processing systems and plugins will not encrypt your data for you and it is not easy to get a database that is itself fully encrypted.

So — what can you do to lock down your data?

LuxSci SecureForm with MySQL Data Encryption

LuxSci’s SecureForm service allows you to to do all kinds of things with your posted form data, including saving that data (and files) to a MySQL database.  SecureForm will also, if desired, encrypt all of  your posted web and PDF form data  in your MySQL database using AES encryption.

With SecureForm MySQL data encryption, your level of risk is greatly reduced because:

  1. All form data posted will be encrypted at rest
  2. All posted/uploaded files will be encrypted at rest
  3. The encryption key is fully secured and not saved anywhere on your database server or on your web site hosting server itself.

You can still easily access your form data:

  1. LuxSci provides a web interface for viewing the form post data saved to your database.  This system audits your access to the data, restricts access to the specific user or users that you choose, and works seamlessly with encrypted and non-encrypted SecureForm data.
  2. You can connect to your MySQL database directly and use the native MySQL AES_DECRYPT command, together with your encryption key, to decrypt and access all of your encrypted form data.

You have encryption at rest without any loss of usability or access.

How does the encryption work?

When you enable MySQL data encryption for your SecureForm posts (which you can do any time in the”To Database” SecureForm configuration tab):

  1. A complex, random encryption key is generated.  This key is generated to be unique to each SecureForm configuration.
  2. The encryption key is itself encrypted and stored in a secured separate database on a separate server.
  3. The SecureForm system has the ability to access this database, decrypt the key and use it to save new posts to your database, decrypt posts so deliver data to you, and to present you with the key so you can access the data yourself.
  4. When SecureForm receives a form post, instead of saving the raw data (and files) in your database, it instead uses the native-MySQL “AES_ENCRYPT” command, together with your encryption key, to separately encrypt each form field and chunk of file data.
  5. When you wish to access the data in your database, you can use the native MySQL AES_DECRYPT command, together with your encryption key.
  6. LuxSci support staff does not have access to these encryption keys, unless you permit them access to your account.  Only senior operations staff technically has access to them.

This is pretty simple.  The key points are that:

  • Every piece of submitted data is encrypted at rest
  • The password to encrypt the data is secured and not available on any of your hosted servers for an attacker to grab.  E.g. even if an attacker broken into your web server and stole ALL of the data and scripts, that attacker would not be able to decrypt your encrypted form data.
  • Every SecureForm can use a different encryption key … so if somehow you let your encryption key “leak,” that does not endanger any data encrypted by any other SecureForm configuration (in your account or any account).

What else can you do? SecureForm MySQL encryption also supports:

  1. Changing your encryption key on demand
  2. Encrypting unencrypted form posts.  E.g. if you have been using SecureForm without encryption, you can turn it on and then have SecureForm automatically encrypt all of your existing form posts so everything is encrypted.

Give it a try — use a LuxSci Free Trial Account

Already have an account? Enable SecureForm MySQL encryption in your SecureForm “To Database” configuration tab.

Leave a Comment

You must be logged in to post a comment.

• Access Anywhere
• Fast and Robust
• Super Secure
• Tons of Features
• Customizable
• Mobile Friendly

Send and receive email from your favorite programs, including:

 Microsoft Outlook
 Mozilla Thunderbird
 Apple Mail
 Windows Mail

... Virtually any program that supports POP, IMAP, or SMTP

Keep your email, contacts, and calendars in sync:

 Apple iPhone and iPad
 Android Devices
 Windows Phone

... Any device with Exchange ActiveSync (EAS) support

Relay your server's mail through LuxSci via smarthost:

• Resolve issues with ISP sending limits and restrictions
• Improve deliverability with better IP reputation and IP masking
• Take advantage of Email Archival and HIPAA Compliance
• Even setup smarthosting from Google Apps!

Free web site hosting with any email account:

• Start with up to 10 web sites and MySQL databases
• DNS services for one domain included
• Tons of features and fully HIPAA capable

LuxSci's focus on security and privacy:

• Read The Case for Email Security
• Read Mitigating Security & Privacy Threats
• Review our Privacy Policy

The most accurate, flexible, and trusted filters in the business:

• Premium protection with Intel Security Saas
• Realtime virus database guards against the latest threats
• Seven-day quarantine lets you put eyes on every filtered email
• Supplement with our Basic Spam Filter for even more features

End-to-end secure email encryption — to anyone, from anyone:

• No setup required — encryption is automatic and easy to use
• Secure outbound email with TLS, PGP, S/MIME, or Escrow
• Free inbound encryption via our SecureSend portal
• Independent of your recipient's level of email security
• Widely compatible and fully HIPAA Compliant

Add an extra layer of security with an SSL Certificate:

• Secure your web site
• Debrand LuxSci WebMail with your own secure domain
• Access secure email services via your own secure domain

Encrypt your service traffic via secure tunnel:

• Add another layer of security to your SSL connections
• WebMail, POP, IMAP, SMTP, web/database access
• SecureForm posts, SecureLine Escrow, SecureSend access
• Restrict your account to VPN access only

Secure long-term message archival:

• Immutable, tamperproof email retention with audit trails
• No system requirements — minimal setup, even less upkeep
• Realtime archival of all inbound and outbound messages
• Works anywhere — even with non-LuxSci email hosting

Free data backups included with all email hosting accounts:

• Automatic backups of all email, WebAides, web/database data
• Seven daily backups and up to four weekly backups
• Unlimited restores included at no additional cost
• Custom backup schedules for dedicated servers

Automate your email management:

• Save messages to specific folders or to LuxSci WebAides
• Advanced text scanning with regular expressions
• Tag messages, alter subject lines, or add custom headers
• Filter by message charset, type, TLS status, DKIM status
• Chain filters together for even more complex actions

• Bulk add and edit users, aliases and more
• Control sharing and access globally or on a granular level
• Delegate user roles through permissions
• Configure account-wide taglines, sending restrictions, and more
• Remotely administer account via SOAP API

Share, collaborate, organize, synchronize:

• Calendars, Contacts, Documents, Notes, Widgets, Workspaces
• Fine-grained access control and security
• Access anywhere via secure web portal or smartphone
• Save over solutions like Microsoft Exchange

Free folder sharing for all email hosting accounts:

• Share mail folders with other users in your account
• Subscribe to only the folders you want to see
• Set read-only or read-write access control
• View all personal and shared folders via unified web interface

Color code and label your email messages:

• Define and assign multiple IMAP keywords to each message
• Filter, search, and sort by tags
• Compatible and synchronizes with any IMAP email client
• Also usable with WebAide entries