result, we turn away fewer respondents. It is odd though that people are concerned about sending a survey via the Internet, when it would take very specialized equipment to intercept the data and make sense out of it,
not very much specialized equipment required at all - off the shelf hardware and software will do perfectly well.
respondents information, the potential for a problem is much larger. I can't pretend to talk about this area, as it truly requires somone who really knows about network security, and that is not I. But certainly, any researcher conducting Web-based research must have something in place to protect their "back end" databases from attack or theft.
the ideal scenario for a database server to hold 'sensitive' survey (or other) results: * the database is the only service running on the machine * no other ports are open or services are running, period ["perhaps" SSH is a reasonable thing to allow, for maintenance purposes, but that carries its own risks as well..] * the database server is on an isolated network segment [and hopefully the web server as well] * the database has an adequate set of firewall rules and a security-hardened kernel installed [this, obviously, implies that the database server not be a windows machine...] * clients connecting to the database server are forced to use SSL-enabled versions of the DB client protocols * client connections to the database are restricted to only those machines which the survey implementors are running their survey on - probably just their web server. this is probably unreasonably paranoid, but it would almost certainly pass any 'rules' that HIPPA or other compliance would impose upon you. [there aren't a whole lot of ways left to make such a machine more secure- unfortunately, the requirement regimes that legislators like to impose tend to PREVENT you from actually implementing something 'correctly'...] --elijah