Getting Started Guide - Website Security

Utilizing SSL
Implementing an SSL Secure Connection
Submit the Data to the Server Securely
Retrieve the Data Securely.
 

Option 1 :(not available on Windows): Use the Domainz shared SSL digital certificate. This is a free option that is available for certain UNIX accounts.

Option 2: Obtain your own digital certificate. This will allow you to reference a secure URL using your own domain name.

To learn more about obtaining your own digital certificate, go to How do I obtain my own digital certificate from Domainz' parent company Melbourne IT?

Option 1: Create a secure link to your form or page using the URL for a secure sever address (https://).

If you are using the Domainz shared SSL digital certificate, the secure link to your form will look like this:

https://servernumber.groupname/userid/testform.html

Where:
servernumber = your account server number
groupname = your account group name
userid = your User ID

If you upgrade or downgrade your account and a server change is required, you will need to update secure URL links to reflect the new server number. For more information about determining your group name and server number, go to How do I find out what my group name and server number are?

If you have your own digital certificate, the secure link to your form will begin with https://www. followed by your domain name, followed by the name of your form. For example:

https://www.forexample-domain.com/testform.html

Where:
forexample-domain.com = your domain name

Option 2: Create a form that calls a cgi script that is referenced securely. To do this, ensure the ACTION portion of the form tag is a secure sever address. For example, code for a secure form that calls a cgi script on a UNIX server, and uses the Domainz shared certificate will look like:

<HTML>
<BODY>
<FORM method="POST" ACTION="https://servernumber.groupname/userid/ cgi-local/testform.cgi" Name: <INPUT TYPE="text" name="username">
<BR>
<INPUT TYPE="submit">
</FORM>
</BODY>
</HTML>

If you have a Windows account, the path for your cgi scripts will be cgi-bin.

If you have your own digital certificate, the ACTION portion of the form tag will look like:

<FORM
method="POST"
ACTION="https://www.forexample-domain.com/cgi-local/testform.cgi" 

When you create cgi scripts in Perl, Domainz recommends using the Perl Script Checker tool in your account Control Panel to ensure it operates as intended. For more information, go to How do I use the Perl Script Checker tool? To learn more about creating cgi scripts with Perl, go to CGI Resources & Information.

Option 1:  Write a cgi script (such as the one used in the example above) that will submit the form content to a cgi application on the Web server and save it to a text file. The ACTION identifies the URL that the contents of your form will be sent to when it is submitted.

Content from your form should be written to a file located in a password-protected directory to ensure that only authorized parties can retrieve it.

Option 2: Have the submitted form content sent to you via encrypted e-mail using a third-party encryption program such as PGP.

If your form references a custom script, be sure to reference the script securely.

Option 1: Retrieve your form content from the text file using a secure URL.

If you are using the NTT/VERIO shared digital certificate, the URL will look like this:

https://<servernumber>.<groupname>/<userid>/testform.txt

If you have your own digital certificate, the URL will look like this:

https://www.forexample-domain.com/testform.txt

Always ensure the FTP permissions on files containing sensitive data are set so they cannot be publicly read. For more information on setting file permissions for UNIX accounts, go to How do I set file and folder permissions for FTP directories using WS_FTP? If you have a Windows account, go to How do I manage file and folder permissions using FrontPage in Windows Accounts?