Espero no molestar la verdad, estoy realizando un proyecto de una página web, y consiste en un formulario para una clínica, el detalle es que se pondrá a prueba la seguridad de la página, osea debería encriptar los datos y hacer que no puedan tumbarla o similar, pensé en agregar un captcha para el formulario, o algo similar al Clouldfare, pero no se si se pueda, pensé en los formularios de Google para el formulario, pense en algo como agregar algo similar, un index antes de eso, que se necesite hacer el captcha y ya después de eso se muestra mi página, y que si o si se tenga que hacer ese captcha, sin importar si se accede desde URL directa a otra de las pestañas de la página, alguien podría orientarme?
I hope I don’t bother the truth, I’m doing a website project, and it consists of a form for a clinic, the detail is that the security of the page will be tested, meaning it should encrypt the data and make it so that they can’t take it down or something similar, I thought about adding a captcha to the form, or something similar to Cloudfare, but I don’t know if it’s possible, I thought about Google forms for the form, I thought about something like adding something similar, an index before that, that the captcha needs to be done and then after that my page is shown, and that yes or yes that captcha has to be done, regardless of whether it is accessed from a direct URL to another of the page tabs, could someone guide me?
First of all, you should know that InfinityFree and iFastNet both do not have any kind of security certification. We don’t have generic certifications like ISO, or healthcare specific certifications for HIPAA or other medical data requirements. I don’t know anything about health care security requirements in your country, but where we’re from, using our service for medical data would be illegal.
We do of course still care about security and do take adequate protections to protect our service against hacks. But you have to trust us, because it has not been audited.
So we do not recommend to use our hosting to process or store sensitive data, and we do not accept liability if sensitive data gets leaked.
If you want to use our hosting to build a demo setup, that’s all fine. But before opening it up for actual patients, please find proper hosting for it that does provide the required security guarantees.
If you’re going to be audited for security, you need to be very sure what security requirements your project should comply to and design your website around that from the start. Because the feeling I get from your post is that you have no idea.
We don’t do any encryption of data at rest. If you want to do encryption, you’ll have to implement it yourself.
And for the purposes of data protection against downtime, please note that we don’t make any backups of free hosting accounts, and we don’t make any guarantees about uptime or data integrity. So again, if that’s important, you need to implement mitigations yourself or find a provider more suitable for it.
A CAPTCHA does not help with data encryption and does very little for the purposes of data protection. CAPTCHAs are useful, but I would hope that a doctor’s website has more security built into it than a CAPTCHA.
Also, implementing CAPTCHAs is quite easy. It needs a few lines pasted it on the frontend and a little bit of code on the backend, which you can easily find examples for.
Perhaps, but it sounds like you need A LOT more than you could reasonably expect from the support of a hosting service.
Ironically, Google does have many security certifications, including for health care. Google Workspace, Google’s business offering, includes Google Forms and Google Workspace is advertised as being suitable for health care.
So I would argue that Google Forms when part of Google Workspace is probably a better place for sensitive data than our hosting.
Muchas gracias por orientarme, la verdad me falto decir que es un proyecto escolar, en si el captcha es para mitigar que puedan hacer spam con el login o con los formularios que se tienen dentro, aunque con el login ya mitigo esa parte, en si solo era conocer a ver si si era posible colocar un captcha, claro el encriptar los datos ya sera parte mia, al momento de subirlos a la base de datos como el poner estar en los apartados de mi pagina despues de haber iniciado sesion, aun asi gracias por la informacion, ya vere por mi cuenta como logro todo eso, Gracias
Thank you very much for guiding me, the truth is that I failed to say that it is a school project, in itself the captcha is to mitigate that they can spam with the login or with the forms that are inside, although with the login I already mitigate that part, in itself It was just to see if it was possible to place a captcha, of course encrypting the data will be my part, at the time of uploading it to the database, like putting it in the sections of my page after having logged in, even so Thanks for the information, I’ll see for myself how I achieve all that, Thank you