Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secured Pages?

Status
Not open for further replies.

faceh

MIS
Jul 17, 2001
23
US
Ok I've been wondering about this question for some time now and have been hesitant about posting it. I've barely started understanding Ultradev and Asp pages. One thing I can seem to figure out is how to make a secure page or how it works. Usually you can goto a secure site to fill out a form if I make a form and post it its not going to be on a secure site. Does this depend on the web hosting server and also if it does like secure certificates how do you integrate that into your page???? If someone can give me a break down on this I would really appreciate it.

Thanks
Faisal
MCSE, CCNA
 
Faceh,

I've looked into the Verisign certification for SSL (secure server) and it can be pretty expensive for small companies such as myself. Fxcolin's suggestion (above) is a good one as many larger ISPs offer this service, beware of that too. if you can justify it (ie payment and sensitive info) then you may want to bear the costs of getting the facility through your web host. However if you want to create a password protected site for subscription details, such as this, then employing UD's login and restrict access to page server behaviours on each of your pages should suffice, as the code doesn't reach the end user. 2 suggestions I have to offer for this route (which I use a lot as it is sooooo much cheaper than SSL ;)) are;
-try and put your database into an area of the site that could make it a little more difficult for hackers and spam spiders (programs that search for server-based databases and extract emails from them). ie If you have your database in the web root then move it to a folder called _databases or _private/db. This by default won't allow clients access to browse through your site, should they be inclined.
-avoid passing hidden values across form pages, escpecially if they use cookie values, this is a favorite route for naughty folk when they use on-line banking. The value can be modified or used by unscrupulous types to gain access to other users areas or details.
-You could also use the Windows Script Encoder from Microsoft ( a free download from which, when run for a page that you have designed, encrypts the page content in such a way that may only be executed IIS 5.0 (and IE 5 or greater too, unfortunately)

So if you're not completely put off, give the above a go or contact for more detials about SSL and digital certificates.

Have fun!

M
 
Wow that clears it up I was under the impression that it had to be something on my side. I was looking every where and all i kept finding was verisign and what ever my isp/webhost was providing. Also another option I ran accross was shared certificates. This was a free option I found at Are there any problems with doing it this way?
 
Sorry Faceh,

I can't help you there. If it's a shared certificate across a shared server then questions may be asked about the level of access folk have both to the server box and via the web. Have a look at the Microsoft site and search for security, they may have more information than I!!

Have fun

M
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top