Data KonceptsSecurity: Server-Side Scripting
|
||||
|
Server Side ScriptingI utilise "server side scripting" on my websites. "Server side scripting" is similar to the JavaScript that's in common use on virtually every web page to provide dynamic (changing) content to your pages' visitors. However, whereas the entire JavaScript and the data it acts upon must be downloaded to the visitor's computer, "server side scripting" is acted upon by the server with only the results sent to the visitor. This is not only much faster but protects the decision making process from being compromised by malicious visitors. "Server side scripting" becomes far more powerful when coupled with databases which do not have to be downloaded. When used on a secure server, this also protects the data in transmission. Secure Server ScriptsThere are a total of four pages involved in my scripts to process your orders:
Order Page — This is the page which would be on your site but located on the secure server. This page obtains information from your visitor (name, e-mail, etc), allows them to select or input their order (e.g., number, colour and size of your "widgets," booking confirmations, donations, etc.) and collects credit card details. A preliminary check is performed before sending the "order" to the Process Page. Process Page — This page analyzes the date collected on the Order page for completeness (required information), format (e-mail address) and mathematically validates the credit card (potential problems are identified only to you). Then the credit card number is stripped of its center digits which are encrypted and saved to the database. An e-mail is dispatched to you with all the order's information (except the middle numbers of the credit card) and a confirmation e-mail is sent to the visitor before a link is offered back to your Contact Page. Retrieval Link Page — This page is on your site but in a password protected directory — I'll need to know the username and password you'd like to use (unless you want to set that up yourself). It only contains a link to take you to the Retrieval Page on the secure server which will confirm that the link originates at YOUR Retrieval Link Page. Retrieval Page — This page on the secure server is designed to silently stop providing ANY information unless stringent safeguards are met (the acceptable responses are NOT evident in the page's code as they would be with JavaScript). After all the requirements are successfully met, ONLY the middle digits are decrypted and displayed and the encrypted data isdeleted from the database. It would take at least a half hour to complete the coding for your site on these pages (and the database) so I must fix the one-time fee at $20. I will have to know the username and password combinations you prefer to use as well as the text and contents you require on the Order Page (name, e-mail, credit card details, more?) to link this into your site's navigation. After that, it's a simple matter to obtain your clients' credit card details from the secure server. Security FirstMy primary concern with the Internet has always been security. I believe that I have met my own stringent requirements as I cannot recreate the Process Page's order e-mail to you (with the order and half of the credit card details) and NO third party intercepting your e-mail would be able to read the middle digits without your username(s) and password(s). The fact that a secure server is used for encrypted transmission of the credit card from the visitor and to you complete this secure scenario. Note: The secure server operates on a "shared certificate" in the name of the company which provides the site control software. A site-unique certificate would be prohibitively expensive. |
|||
|