Okay, I've done a little more homework and I think what I need to do is purchase an SSL certificate and then use that when submitting the form. My hosting provider, 1and1, offers GeoTrust ssl certs for $49/year, which I think is a fair price.

But where do I go from here? I can't seem to find a good tutorial on the subject...

Purchasing an SSL certificate is but one small detail in securing your data. I hope you don't think that is it.

I think you have a lot more research to do. I'd start by researching the naive assumption that outsourcing this task will free your client from liability. Start with the legal aspects of storing sensitive data. What does the law in your country require that you do? What liability do you have, and what must you do if the data is compromised? Make sure that you have a plan in place in case that occurs.

Just a couple of quick points - I'm sure others will jump in with suggestions:

- First, you must secure your site, as best as possible, from hackers. This is a huge area in and of itself. If you are using PHP, and, particularly, popular PHP scripts, you are particularly vulnerable. (Hackers always go for the popular stuff first.)

- Next, you must secure your data. What would happen if a hacker DID get into your system? Could they just copy some database files and steal this data? Are you encrypting this data in your database?

jtara, thank you.

I won't be using any popular php scripts. This is a straightforward project that allows a user to submit a secure form and then an administrator to retrieve it. Nothing else is needed but tight security.

I plan on encrypting the data in the database. I'm looking into this right now. I'm unsure of the best route -- I'm reading alot about PGP encryption as a means for this.

I'm in the USA, so I'll have to look up what the law is. Any idea where I could find that out?

I was going to host this project on a shared server through 1and1.com. I'm beginning to think that may not be a good idea... thoughts?

thanks again for your input.