When you enter the secure area to access the form, the lock icon on your browser will indicate that you have entered a secure area. Note: anyone who checks the certificate (which any browser can do) to see if it is the correct company will see who owns the certificate so if you use the hosting provider's certificate you should state that on the secure page that you are displaying so that they know that it is OK and their browser connection is not being hi-jacked by someone else.
Keep in mind that if the contents of the secure communication from the form then end up in a non-encrypted (normal) email which is sent from the server to somewhere else, then you're essentially sending the data to the recipient in a non-secure state anyway, which sort of defeats the purpose, except that no-one knows that you're doing this with their secure, private data. The best idea is to send the resulting secure info to an email address or file which is off the Internet, or if you can't do that, store the results in a secure area on the server itself, or in a secure database. However most private/sensitive info breaches have been through people accessing networks and extracting private info from insecure databases.
You can either use the hosting provider's certificate (if they allow you to) or you may need to purchase your own certificate from a company like Thawte (US$125). Other's charge more for no real security advantage. You can also use Novell's Certificate Server to create your own, if your company or client has that, or you can create your own by doing the following (info previously supplied by Todd Trann)...
- download and install OpenSSL from http://www.openssl.org/
- read the FAQ's and README's
- useful reading: http://www.linuxdoc.org/HOWTO/SSL-RedHat-HOWTO-3.html
If you don't host the site yourself, then most hosting providers will charge you either an extra monthly charge to use their secure certificate, or to setup your site to use their certificate, or to install your own certificate on their server for your domain.
cheers
Garth
At 17:15 1/05/2002 -0500, you wrote:
What I was told is the contents of a form parameter will be encrypted and
then posted to another server some were on the internet. Once there they
will decrypt it and do there processing with the contents. Does this make
sense?
Thanks
Larry Gutman
-----Original Message-----
From: Mike Tyranski [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 01, 2002 4:53 PM
To: Multiple recipients of list witango-talk
Subject: Re: Witango-Talk: Encryption
Larry,
What do you mean by posting? At what point the in the process are you
encrypting data? If your worried about data being sent from the server to
the browser and vice versa, a secure certificate could solve your problem
without any additional coding.
Mike
"Gutman, Larry" wrote:
> Does anyone have experience in encrypting information and posting it
> to another web site? I have have a vendor who would like to do this
> and I was looking for any input from the Tango community about there
> experiences.ThanksLarry Gutman
________________________________________________________________________
TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
with unsubscribe witango-talk in the message body
________________________________________________________________________
TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
with unsubscribe witango-talk in the message body
