uShop English (U.S.) for 179!

uStorekeeper English (U.S.) for 149!

 Products
       uTest
       uReserve
       uShop
       uStorekeeper
       uGolf
       uDirectory
       uSignIn
 Tech Support
       Support Policy
       Knowledge Base
            uTest
            uReserve
            uShop
            uStorekeeper
            uGolf
            uDirectory
            uSignIn
       Documentation
       Reference Sites
 Legal
       Software Piracy
       Legal Notices
       Privacy Policy
       Licensing
 Miscellaneous
       Reseller Info
       Contact Us
       Site Map
Secure host server with Authorized.Net

Knowledge Base Lobby : uShop Support Conference : General Questions
Nov-20-17 11:27 PM EST
Original Message
Secure host server with Authorized.Net
Author Todd J. Gagle on 01-02-2001 at 16:30 (EST)
If I use Authorized.Net for any transaction or customer that wishes to pay by credit card, does my domain or server need to be secure? I am assuming not. I am also assuming the no credit card information will get stored in the data file since it is being handles elsewhere. I run on an NT Server. MY hosting company has given me secure space on a UNIX server, BUT, I can't run CGI or store data on their secure server. I can get a digital certificate from Verisign for my NT server, but I would really rather not if I don't need to. I have seen other postings similiar to this. I am just looking for some clarification. I also believe that if the customer wishes to pay by check, etc (through the mail) there is no point to being secure at that point.
E-MAIL AUTHOR | TABLE OF CONTENTS

Table Of Contents
  RE: Secure host server with Authorized.Net Bill Weiner, 2001-01-03 07:30:40 (1)
            The data directories are secure from browsing Todd J. Gagle, 2001-01-03 15:59:40 (2)

Messages In This Discussion
         1. RE: Secure host server with Authorized.Net
        Author Bill Weiner on 01-03-2001 at 07:30 (EST)
You are correct. If you are using an online payment processing system (such as Authorize.Net or LinkPoint), then you do NOT need a secure server because the credit card information will be collected on your payment processing system's secure server.... and never sent to or stored on your server.

The only things you may still want to be careful about if just putting the scripts on your public server is that:

1) You probably still want to prevent regular website visitors from being able to access your "data" directory. It's really not a big deal if using an online payment processing system (since no credit card information will be stored there)... but just to prevent regular website visitors from seeing the non-sensative customer information (name, address, email), you may want to follow some of the suggestions in section 4 at:

http://www.uburst.com/uShop/security.html

... concerning the permissions of your "data" directory on your public server.

2) Also, you probably still want to protect the password that you configure in the "ushop.pl" script.... not out of worry of someone getting credit card information (credit card information will NOT be stored on your server anyway)... but rather just to keep someone from logging in to your uShop control panel and changing your general settings. Access to the source code of executable CGI scripts via the web is not possible - so there is no worry there about someone viewing the source of your "ushop.pl" file and getting the password - But I have seen a couple web hosting providers that allow people to telnet around into other other peoples directories that are also on the same server. That is not good...because someone else hosted on your same server could look around in your directories and possibly view the source of your CGI scripts. This sort of server configuration is rare... but you may just want to check that other people on hosted on your server can't look around in your directories. If they can, then you can usually manually set the permissions of your directories to prevent other users from having read access to your directories ... either that or ask your web hosting provider to help. But again, most servers are not setup that way in the first place.... just something to be aware of.
TABLE OF CONTENTS
                 2. The data directories are secure from browsing
                Author Todd J. Gagle on 01-03-2001 at 15:59 (EST)
The data and script directories are secured so that browsing is not possible. Thanks.
TABLE OF CONTENTS

© 2003 Microburst Technologies, Inc.