Re: [CGUYS] Create https website
That is correct, only profile info is involved so they don't need credit card management. Yes, they do have competent server and security administration personnel; it's just that this is low priority in the big picture so it's never gotten done. Thanks for the links; they look like a great place to start and will assist them in helping get this set up. Richard P. >>> >>> A non-profit has a http website in which users are filling out >>> personal and private form information, and the non-profit would like >>> the get it secured with https. How can this be accomplished >>> economically? Is the code difficult to write? >> >> HTTPS is just one element in securing data. It is a lot of work with many >> aspects to consider. For example for credit cards there is now a requirement >> for quarterly audits/certifications. A good place to start for an overview >> is to read up on the "Payment Card Industry Data Security Standards (PCI >> DSIs)". > > This is all true, but the original question just mentioned profile > information, not payment card data. Granted, you still want to be as > secure as possible, so I hope they have someone familiar with network > and server administration and security. > > That said, the procedure for installing a certificate varies depending > on which web server you are using. For apache, a good article is > > http://onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html > For IIS (Microsoft's web server), their web site has an article at > http://support.microsoft.com/kb/299875 > > -- > Vicky Staubly http://www.steeds.com/vicky/ vi...@steeds.com * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Create https website
On Tue, 22 Sep 2009, t.piwowar wrote: On Sep 22, 2009, at 3:57 PM, Richard P. wrote: A non-profit has a http website in which users are filling out personal and private form information, and the non-profit would like the get it secured with https. How can this be accomplished economically? Is the code difficult to write? HTTPS is just one element in securing data. It is a lot of work with many aspects to consider. For example for credit cards there is now a requirement for quarterly audits/certifications. A good place to start for an overview is to read up on the "Payment Card Industry Data Security Standards (PCI DSIs)". This is all true, but the original question just mentioned profile information, not payment card data. Granted, you still want to be as secure as possible, so I hope they have someone familiar with network and server administration and security. That said, the procedure for installing a certificate varies depending on which web server you are using. For apache, a good article is http://onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html For IIS (Microsoft's web server), their web site has an article at http://support.microsoft.com/kb/299875 -- Vicky Staubly http://www.steeds.com/vicky/vi...@steeds.com * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Create https website
One of the ways around this is to use an outside CC processor. One of my members is selling artwork prints of his late wife. He uses paypal to process all payments. You have to pay a fee just like you would from an outside CC processor you would have to employ. Either way you pay! Stewart At 09:51 PM 9/22/2009, you wrote: HTTPS is just one element in securing data. It is a lot of work with many aspects to consider. For example for credit cards there is now a requirement for quarterly audits/certifications. A good place to start for an overview is to read up on the "Payment Card Industry Data Security Standards (PCI DSIs)". Rev. Stewart A. Marshall mailto:popoz...@earthlink.net Prince of Peace www.princeofpeaceozark.org Ozark, AL SL 82 * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Create https website
On Sep 22, 2009, at 3:57 PM, Richard P. wrote: A non-profit has a http website in which users are filling out personal and private form information, and the non-profit would like the get it secured with https. How can this be accomplished economically? Is the code difficult to write? HTTPS is just one element in securing data. It is a lot of work with many aspects to consider. For example for credit cards there is now a requirement for quarterly audits/certifications. A good place to start for an overview is to read up on the "Payment Card Industry Data Security Standards (PCI DSIs)". * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Create https website
Thanks for the clarification. How can I find out more, specifically how the whole process would be accomplished, and what needs to be reconfigured. Are there tutorial links out there or is it more complicated than that? Their parent company does have their own secure web server, and were supposed to set up access for the non-profit a couple of years ago but it has fallen through the cracks. FYI, the parent company has very strict access policies so I don't know if that's standing in the way of their non-profit getting a secure access port on their server. Richard P. On Tue, Sep 22, 2009 at 4:27 PM, Vicky Staubly wrote: > On Tue, 22 Sep 2009, Richard P. wrote: >> >> A non-profit has a http website in which users are filling out >> personal and private form information, and the non-profit would like >> the get it secured with https. How can this be accomplished >> economically? Is the code difficult to write? > > There's no (new) code to write (unless the "http:" part of URLs > is in the existing code). All you need to do is buy an SSL Certificate > (many domain registrars can do it, e.g. Thawte, Network Solutions, > GoDaddy, etc.), and then install it on the web server. If they maintain > their own web server, there's a bit of configuration changes to do, > but nothing too complicated. > > -- > Vicky Staubly http://www.steeds.com/vicky/ vi...@steeds.com > > > * > ** List info, subscription management, list rules, archives, privacy ** > ** policy, calmness, a member map, and more at http://www.cguys.org/ ** > * > * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
Re: [CGUYS] Create https website
On Tue, 22 Sep 2009, Richard P. wrote: A non-profit has a http website in which users are filling out personal and private form information, and the non-profit would like the get it secured with https. How can this be accomplished economically? Is the code difficult to write? There's no (new) code to write (unless the "http:" part of URLs is in the existing code). All you need to do is buy an SSL Certificate (many domain registrars can do it, e.g. Thawte, Network Solutions, GoDaddy, etc.), and then install it on the web server. If they maintain their own web server, there's a bit of configuration changes to do, but nothing too complicated. -- Vicky Staubly http://www.steeds.com/vicky/vi...@steeds.com * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *
[CGUYS] Create https website
A non-profit has a http website in which users are filling out personal and private form information, and the non-profit would like the get it secured with https. How can this be accomplished economically? Is the code difficult to write? Thanks in advance, Richard P. * ** List info, subscription management, list rules, archives, privacy ** ** policy, calmness, a member map, and more at http://www.cguys.org/ ** *