Secure Server Questions & Answers

Mall Advertising Info.         Web Site Hosting Info.         Real Estate Info.

What does the term, "Secure Transactions", refer to ?

The secure environment refers to the transmission of information from web browser to web server. If you have a link to an order form, for example, from your home page, you would need to use a URL similar to following:

https://www.DOMAIN.com/<userid>/form.htm

The "s" in https:// suggests an SSL related file. Substitute the path to the order form starting with user directory name.
If the secure form calls a cgi script, you must also reference that script securely. e.g.: "form method="post" action="https://www.DOMAIN.com/<userid>/cgi-local/order.cgi"
This feature is available in the "Gold", "Sapphire", "Platinum", "Diamond" and "Market" domain server plans. We are currently researching solutions to encrypting email transmission as well. If desired, you are welcome to research secure email solutions. If so, let us know if you have any concerns regarding server compatibility.

How do I implement secure transactions ?

The "Gold" plan virtual domain server accounts and above, support SSL (Secure socket layer) secure transactions. This method allows for secure, encrypted communication between the user's web browser and your web site. SSL requires that a secure host have a "certificate" signed by a company called Verisign. You can use our server's certificate as part of your "Gold" plan server features or obtain your own if you do not want to have to use our host name in your URL.

Concerning Secure Processing, what does "SSL" mean?

"SSL" stands for Secure Socket Layer. It is an emerging standard developed by Netscape Communications to transfer information securely across the Internet. SSL will enable your customer's browser to connect to your web site and transparently negotiate a secure communication channel. Once this connection has been made, information, like credit card numbers, can be exchange with no chance of a third party intercepting the data. In the United States, Netscape Secure Servers employ 1024 key encryption technology, while server softare exported and available overseas, due to U.S. Federal regulations, is limited to 256 key encryption, using lesser, more vulnerable technology.

There are some important issues regarding the use of secure processing that everyone needs to be aware of. Every web site name (i.e. www.DOMAIN.com) that wishes to use SSL will need to have an authentication certificate "signed" by Verisign. If you do not wish to get your own certificate, you can use ours. However, this means that you will have to use our site same. I believe a secure server certificate only costs $290, with a renewal fee of $75 every year. Also, for additional certificates within an organization the fee is only $95.

You can find more information about the certificate registration process at:

http://www.verisign.com/apachessl-us/

or

https://www.verisign.com/apachessl-us/index.shtml

Verisign will verify the true identity of you and your company before issuing a certificate. Based on our experience, we will be able to provide additional assistance with this process if necessary.

To see current information on our SSL server please click here. With regard to our Digital Certificate by Verisign. here is more information (to connect via secure mode you need to have a secure-enabled browser, such as Netscape 2.01 or above or MS Internet Explorer 3.0 or above):

Java Version

Non-Java Version

Please note that SSL does not include software to process credit card transactions. Although you can securely receive credit card information through SSL, actual processing of the credit card will require a "Merchant account" from an accredited financial institution. You can set up merchant accounts through member banks with the following companies:

Cybercash http://www.cybercash.com
First Virtual http://www.fv.com

Cybank http://www.cybank.net/

Secure encrypted client-based credit card processing software will start to appear soon and you can find more information about the new credit card processing standard called "SET" at:

VISA (SET) http:///www.visa.com

MaterCard (SET) http://www.mastercard.com

Is SSL a false sense of security for our clients?

No, the data is encrypted enroute from the user's browser to the SSL server.

but what about when that information is forwarded to mine or my client's e-mail account....isn't it open for curious minds to see ?

In this case Yes.

If so, how can we provide a full path of security?

Save the information to a database table. Send yourself an email that simply says something like Mr Smith has just placed an order No 123. - Nothing else. Set yourself up a page within a passworded directory, that you access through SSL. Enter an SQL query in this page to retrieve the full order info, and display it to a HTML page. Copy and paste to whereever on your computer.

Its a bit more work and messing about to get it set up but it means that the whole transaction is secure, if you've got SSL with your server you also have an mSQL database.

Soon it will be possible to make the whole job much easier by linking your desktop database directly with your web database (like Access or SQL Server) via SSL, your web database would become an extension of your desktop database via IDC and ODBC, and we are planning to bring you NT web server hosting soon! Stay tuned.

You can also contact us at: information@ clearwaterfl.com or (727) 595-7150, Toll-Free 1-800-821-5566.