- This topic has 6 replies, 2 voices, and was last updated 22 years, 7 months ago by
.
-
Posts
-
I have made an e-commerce site for my dad’s company but it doesn’t take creditc ard information because It’s doesn’t have a secure page. I don’t have a UNIX server or anything; it’s hosted by Yahoo Websites.
What are my options?
If I go through verisign will I have to redesign the shopping cart and back end to interface with them?
How exactly is submitting a form without security "Not Secure" what could happen? Why not just make a field for credit card number.
yahoo may have an ssl cert available, i dont know tho.
what kind of form is it?
if it is just using the POST variable it is not secure.
if it is a php or asp form, the code would be hidden but still accessible.me personally, i would not submit sensitive info without it being encrypted.
i happen to have a server with pre-built e-commerce running on it with my own ssl cert that i can share. let me know if you are interested.
It’s written using MIVA script. which is an XML like language that lets you create dynamic pages with data files. It’s a basic HTML form for the personal information, the MIVA action sends an email with all the variables from the fields to us.
What exactly could happen to sensitive info? How can someone else see it? I assume it would be something like: somebody runs a script on the page that capture the data whenever it is submitted.
Can you tell me a little more about SSL certificates?
sensitive info can be obtained just like you mentioned. via a script to grab the data, or by capturing packets sent from the end user to the server.
an ssl certificate is kind of like an electronic key.
the data cannot be decrypted to anyone other than the owner of the key.
data flows on port 443 and is accessible via https://any info from a GET or POST from a users browser is encrypted 40-bit or 128-bit to the server
to have a digitally signed ID is assurance to customers that they are doing business with you versus someone who spoofed your site.
first off. thank you very much for your help anthony.
My site works by setting cookies and uses javascript to calculate totals and shipping costs. Just for your information, that shouldn’t matter.
My question is what usually happens when personal/order info is submitted on a e-commerce site? Our site sends an email to us with the information. What would most sites do? have a password protected forum that holds all their orders? Do I need a cgi/bin (remember I’m a windows user who doesn’t have his own server). I don’t really know what I’m talking about but I hope you know what I mean. Basically, how does the company receive the information.
well, most e-commerce sites I know of are backended by some sort of database (which lives in a secure directory on the server). the customer submits the order info, it populates a table, and sends either an email to the admin, or the admin checks the db for orders, or there is a backend admin section of the site. cgi-bin would be used if you have some sort of script running the show.
if you are interested in some cool ecommerce software, please let me know.
im in the hosting biz (sort of) and could hook you up real nice.okay thanks. I’ll check into things and keep you in mind.
yahoo website service do have secure directories. I could use MIVA script to write to file.
Isn’t sending the information by email once it’s submitted sort of defeating the purpose of security or is an email sent from an SSL page pretty secure?
- You must be logged in to reply to this topic.