mdenham Posted August 10, 2007 Posted August 10, 2007 I was wondering if we have access to a secure server via our CPanel account. We would like to post a form that asks for financial information on our site, but do not want to do this unless the data is encrypted. Can you point me to the place where I can find out more information about this? Thanks, Matt Quote
TCH-Thomas Posted August 10, 2007 Posted August 10, 2007 I think SSL is what you are looking for. On this page you will find info about SSL. Quote
Madmanmcp Posted August 10, 2007 Posted August 10, 2007 Matt, each server is supposed to have a shared SSL certificate which everyone can use. I believe alls you need to do is use https when calling your form and it will be encrypted. Quote
jmfrey Posted August 11, 2007 Posted August 11, 2007 I see a couple potential issues with this, depending on the specific information you are requesting. First, you must use SSL so that the form is encrypted. I would recommend getting your own SSL certificate as opposed to using a shared certificate. Secondly, you'll want to select a secure method to submit the data. There are all kinds of form options out there(http, javascript, php, etc.), not all of them are secure. You'll also want to address storage of the information. Are you storing it in a database or in flat files? How are you protecting it from unauthorized view. Finally, depending on the information you are receiving you may have certain regulatory and compliance requirements. For example, if you're receiving credit cards, there is the Payment Card Industry compliance - https://www.pcisecuritystandards.org/ Quote
mdenham Posted August 13, 2007 Author Posted August 13, 2007 Thank you to all who replied to my query. We are in the initial research phase, so the information that you have given me is great. Matt Quote
Pendragon Posted August 14, 2007 Posted August 14, 2007 Matt, each server is supposed to have a shared SSL certificate which everyone can use. I believe alls you need to do is use https when calling your form and it will be encrypted. Just as an aside. I just tried it. When prefixing with https: I get a 404 error, drop the s and my pages load fine. Doesn't matter what page I try to load. If I just try root, I get an apache welcome screen with a note to contact the system admin if I am seeing that screen instead of the website. And of course, there is the security notice about the domain in the certificate being different than the domain I am accessing with it. Quote
TCH-Dick Posted August 14, 2007 Posted August 14, 2007 You can't use your domain unless you have purchased your own certificate. Please visit the link Thomas provided for a full explanation and details. On this page you will find info about SSL. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.