I'm in the process of laying out a new app for a client. They need to
be able to receive customers credit information (for a credit check
done manually) via the website.
So I have a few questions regarding the information.
First I know I'll want to have a secure connection to transfer this
type of sensitive data. Is there a known tutorial or good read for
creating a secure connection for a portion of a rails app?
The client had originally asked that the information be e-mailed to
the person running the check manually. I again am worried about
sensitive information being sent from the server via email. My
thinking was store it the db and have the person check the web app for
output on clients. Again all in a secured environment.
If the sensitive data was being stored in the db if maybe it is a good
idea to flush it out after a pre-defined period of time. So the
important information (sin & credit card numbers etc) aren't left
What are your opinions?