That is correct, only profile info is involved so they don't need credit card management. Yes, they do have competent server and security administration personnel; it's just that this is low priority in the big picture so it's never gotten done.
Thanks for the links; they look like a great place to start and will assist them in helping get this set up. Richard P. >>> >>> A non-profit has a http website in which users are filling out >>> personal and private form information, and the non-profit would like >>> the get it secured with https. How can this be accomplished >>> economically? Is the code difficult to write? >> >> HTTPS is just one element in securing data. It is a lot of work with many >> aspects to consider. For example for credit cards there is now a requirement >> for quarterly audits/certifications. A good place to start for an overview >> is to read up on the "Payment Card Industry Data Security Standards (PCI >> DSIs)". > > This is all true, but the original question just mentioned profile > information, not payment card data. Granted, you still want to be as > secure as possible, so I hope they have someone familiar with network > and server administration and security. > > That said, the procedure for installing a certificate varies depending > on which web server you are using. For apache, a good article is > > http://onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html > For IIS (Microsoft's web server), their web site has an article at > http://support.microsoft.com/kb/299875 > > -- > Vicky Staubly http://www.steeds.com/vicky/ [email protected] ************************************************************************* ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *************************************************************************
