I’m not sure if this is the correct place to post this, but I’m trying to understand what kind of security measures would be involved in implementing an appointment booking website. I understand that the connection between the browser-based front-end and web application server should be encrypted using something like SSL, but beyond this I’m a little bit lost. Is it right that the connection between the web application server and the database server (presumably ODBC/JDBC) should be similarly encrypted? Are there any other security measures that should always be taken with something like this?
I apologize if this seems like a stupid question to some of you, but I have no formal background in this topic, and I’m not sure where else I can find this sort of information.