如何获得安全网页? [英] How to get a Secure Web Page?
问题描述
我不知道从哪里开始。我们需要允许我们的用户在网页上输入信用卡#'s,所以我们需要一个安全页面(
小锁定浏览器的底部)为了做到这一点。
1)这叫什么? (我听说过SSL(安全套接字层)
一词被抛出,我不知道这是相同还是不同的东西。
2)如果我的服务器需要某种证书,我该如何获得?
感谢您提供的任何帮助。
Jesse
www.davinci-mims.com
2003年12月19日星期五13:49:31 -0500,Anchorman
< Je * ********@davinci-mims.com>写道:
我不知道从哪里开始。我们需要允许我们的用户在网页上输入信用卡#,所以我们需要一个安全的页面(在浏览器的底部有一个小锁)以便这样做。
1)这叫什么? (我听说过SSL(安全套接字层)这个词被扔了,我不知道这是不一样的还是不一样的。)
2)如果我需要的话我们服务器的某种证书,如何获得?
对于这两个问题,请参阅:
http://www.iisfaq.com/default.aspx?View= P20& P = 145
但如果你问这些问题,请三思而后行。
当你搞砸了和信用卡号码泄露,你会失去
你的客户群很快就会变得很快。请使用付款处理
服务。
Jeff
" Anchorman" <济********* @ davinci-mims.com>在留言中写道
新闻:uH ************** @ TK2MSFTNGP12.phx.gbl ...我不知道在哪里从此开始。我们需要允许我们的用户
在网页上输入信用卡#,所以我们需要一个安全页面(在浏览器底部有一点锁定)才能做这个。
据推测,这些信用卡号码存储在数据库中?你需要采取措施确保你的数据库也是安全的(也就是说,一个
的用户无法将他/她的浏览器指向数据库的URL并下载
it)。此外,在将信用卡信息存储在数据库中之前,您应该考虑加密信用卡信息
。查看ASPEncrypt
( www.aspencrypt.com )进行加密/解密信用卡数据。他们在任务下有一些很好的例子,包括加密信用卡信息。
1)这叫什么? (我听说过SSL(安全套接字层)这个词被抛弃了,我不知道这是相同的还是不同的东西)。
SSL是正确的。您可以通过
URL中的协议判断何时使用SSL ...它将是https://与http://相对(注意's'')。
2)如果我的服务器需要某种证书,我该怎么办呢?
您需要购买证书,或者您的主人通常会有一个
您可以使用。但是,使用主机证书通常意味着安全页面的URL将是这样的:
https://secure.myhost.com/mydomain/mysecurepage.htm
。拥有自己的证书,你的网址可能看起来更像是这样:
https://www.mydomain.com/mysecurepage.htm
如果有些客户可能会被关闭必须离开你的域名。您可以从Thawte购买自己的证书( www.thawte.com )或Verisign
(虽然Verisign在我看来有点扯掉)。获得
证书后,您的主机将需要在服务器上安装它。你应该提前联系主人,但是要让他们知道你将要做的事情。
这个。您可以在Thawte和Verisign
网站上找到更多文档。
问候,
Peter Foti
>当你把它搞砸了,信用卡号码漏掉了,你就会失去你的客户群很快就会被淘汰。
或更糟。 (想想诉讼,罚款,监狱等)
-
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
I have no idea where to start on this. We have a need to allow our users to
enter Credit Card #''s on a web page, so we need a secure page (have the
little lock at the bottom of the browser) in order to do this.
1) What is this called? (I''ve heard the term SSL (Secure Socket Layer)
tossed around, I don''t know if this is the same or something different).
2) If I need a certificate of some sort for our server, how do I get it?
Thanks for any help you can offer.
Jesse
www.davinci-mims.com
On Fri, 19 Dec 2003 13:49:31 -0500, "Anchorman"
<Je*********@davinci-mims.com> wrote:
I have no idea where to start on this. We have a need to allow our users to
enter Credit Card #''s on a web page, so we need a secure page (have the
little lock at the bottom of the browser) in order to do this.
1) What is this called? (I''ve heard the term SSL (Secure Socket Layer)
tossed around, I don''t know if this is the same or something different).
2) If I need a certificate of some sort for our server, how do I get it?
For those two questions, see:
http://www.iisfaq.com/default.aspx?View=P20&P=145
But if you''re asking these questions, think twice about doing this.
When you screw it up and credit card numbers leak out, you''ll lose
your customer base pretty darned quick. Use a payment processing
service instead.
Jeff
"Anchorman" <Je*********@davinci-mims.com> wrote in message
news:uH**************@TK2MSFTNGP12.phx.gbl...I have no idea where to start on this. We have a need to allow our users to enter Credit Card #''s on a web page, so we need a secure page (have the
little lock at the bottom of the browser) in order to do this.
Presumably, these credit card numbers are being stored in a database? You
should take steps to make sure your database is secure as well (that is, a
user couldn''t point his/her browser at a URL for the database and download
it). In addition, you should look into encrypting the credit card info
before storing it in the database. Check out ASPEncrypt
(www.aspencrypt.com) for encrypting/decrypting credit card data. They have
some good examples under the Tasks, including encrypting credit card info.
1) What is this called? (I''ve heard the term SSL (Secure Socket Layer)
tossed around, I don''t know if this is the same or something different).
SSL is correct. You can tell when you''re using SSL by the protocol in the
URL as well... it will be "https://" vs. "http://" (note the ''s'').
2) If I need a certificate of some sort for our server, how do I get it?
You need to purchase a certificate, or often times your host will have one
that you can use. However, using the hosts certificate will typically mean
that the URL to the secure pages will be something like this:
https://secure.myhost.com/mydomain/mysecurepage.htm
vs. having your own certificate where your URL would probably look more like
this:
https://www.mydomain.com/mysecurepage.htm
Some customers may be turned off if they have to leave your domain. You can
purchase your own certificate from Thawte (www.thawte.com) or Verisign
(though Verisign is a bit of a rip off, in my opinion). Once you have the
certificate, your host will need to install it on the server. You should
contact the host in advance though to let them know you''re going to be doing
this. You can find more documentation on the the Thawte and Verisign
websites.
Regards,
Peter Foti
> When you screw it up and credit card numbers leak out, you''ll loseyour customer base pretty darned quick.
Or worse. (Think lawsuit, fines, prison, etc.)
--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
这篇关于如何获得安全网页?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
