SSL Secure Server

SSL stands for Secure Socket Layer. It is an emerging standard developed by Netscape Communications to transfer information securely across the Internet. SSL will enable your customer's browser to connect to your web site and transparently negotiate a secure communication channel. Once this connection has been made, information, like credit card numbers, can be exchanged securely.

Please note that SSL does not include software to process credit card transactions. Although you can securely receive credit card information through SSL, actual processing of the credit card will require a "Merchant Account" from an accredited financial institution.

Way to utilize SSL:

Obtain your own Digital Certificate from Verisign or Thawte. This will allow you to reference a secure URL using your domain name: https://www.YOUR-DOMAIN.com/orderform.html

 

How to implement an SSL secure connection:

If you have a link to an order form, for example, from your home page, you would need to use a URL similar to following:

  • https://www.your-domain.com/orderform.html
    (after you have your digital certificate installed)

The "s" in https:// suggests an SSL related file.

If the secure form calls a cgi script, you must also reference that script securely.

  • <form method="post" action="https://www.your-domain.com/cgi-local/order.cgi">
    (after you have your digital certificate installed)

Note: Upgrading to either Plan 4 or Plan 5 High Volume accounts requires a change of Web server. In such instances, you will need to update your URL links to reflect a new server number.

 

Retrieving data from server

As mentioned above, the secure environment refers to the transmission of information between web browser and web server. We suggest that you have a script written to save the submitted form content to a text file. In so doing, you can reference the text via secure URL and retrieve its content (e.g. credit card information) securely via the web thus completing the loop.

  • https://www.your-domain.com/datafile.txt
    (after you have your digital certificate installed)

To protect the data from unauthorized web surfers, you can store the data file(s) in a password protected directory.

An alternative is to have the submitted form content sent to you via e-mail. If your form references a custom script, you will need to reference the script securely. E-mail messages are not secure, unless you encrypt them using a third-party encryption program such as PGP.

 

Using cgiemail and SSL

If you are using cgiemail in conjunction with a secure form, you will need to reference the script and "success" URL securely. (The "success" URL is the web page you want to display after the email is successfully sent.) Please note that using cgiemail securely is merely giving users a false sense of security. Although the information the user enters into the form gets transmitted securely to our computers, the resulting email message that gets sent from our computers to you is not encrypted and therefore not secure.

 


 
Check Domain Name for availability:

Home | Custom PCs | Website Design | Website Hosting | Support | Contact Info | Feedback

Copyright 1996-2001, Ya Man Productions