Secured Pages?

[faceh]

Ok I've been wondering about this question for some time now and have been hesitant about posting it. I've barely started understanding Ultradev and Asp pages. One thing I can seem to figure out is how to make a secure page or how it works. Usually you can goto a secure site to fill out a form if I make a form and post it its not going to be on a secure site. Does this depend on the web hosting server and also if it does like secure certificates how do you integrate that into your page???? If someone can give me a break down on this I would really appreciate it.

Thanks
Faisal
MCSE, CCNA

 

[fxcolin]

Talk to your Web Host, for an extra charge they should be able to set you up with a secure section of your web site.

http://www.chefmedia.ca

 

[mlawson]

Faceh,

I've looked into the Verisign certification for SSL (secure server) and it can be pretty expensive for small companies such as myself. Fxcolin's suggestion (above) is a good one as many larger ISPs offer this service, beware of that too. if you can justify it (ie payment and sensitive info) then you may want to bear the costs of getting the facility through your web host. However if you want to create a password protected site for subscription details, such as this, then employing UD's login and restrict access to page server behaviours on each of your pages should suffice, as the code doesn't reach the end user. 2 suggestions I have to offer for this route (which I use a lot as it is sooooo much cheaper than SSL ) are;
-try and put your database into an area of the site that could make it a little more difficult for hackers and spam spiders (programs that search for server-based databases and extract emails from them). ie If you have your database in the web root then move it to a folder called _databases or _private/db. This by default won't allow clients access to browse through your site, should they be inclined.
-avoid passing hidden values across form pages, escpecially if they use cookie values, this is a favorite route for naughty folk when they use on-line banking. The value can be modified or used by unscrupulous types to gain access to other users areas or details.
-You could also use the Windows Script Encoder from Microsoft ( a free download from

http://msdn.microsoft.com/scripting)

which, when run for a page that you have designed, encrypts the page content in such a way that may only be executed IIS 5.0 (and IE 5 or greater too, unfortunately)

So if you're not completely put off, give the above a go or contact

http://www.verisign.com

for more detials about SSL and digital certificates.

Have fun!

M

 

[faceh]

Wow that clears it up I was under the impression that it had to be something on my side. I was looking every where and all i kept finding was verisign and what ever my isp/webhost was providing. Also another option I ran accross was shared certificates. This was a free option I found at

http://www.hostek.com.

Are there any problems with doing it this way?

 

[faceh]

sorry that was hostek.net

 

[mlawson]

Sorry Faceh,

I can't help you there. If it's a shared certificate across a shared server then questions may be asked about the level of access folk have both to the server box and via the web. Have a look at the Microsoft site and search for security, they may have more information than I!!

Have fun

M