I'm searching for a method to possess a secure online order form to simply accept online orders. Anybody have suggestions? I'll run CC's offline.
Thanks-
You will need a secure certificate from someone like Thawte (http://www.thawte.com) and obtain that installed. Alternately, if you're not a number, find out if your host includes a cert which you can use. Many hosts provide a server-wide cert to be used by their customers. The shape could be anything you like, as lengthy while you refer to it as safely, so that as lengthy while you retrieve the information safely in the server.

------------------
Annette
Hosting Matters, Corporation.
http://www.hostmatters.com

[This message continues to be edited by Annette (edited 08-15-2000).]
I understand some companies will host the shape on their own secure server (securehosting.com) for a small fee. Are you aware associated with a others that provide similar services?
Initially published by D:
I understand some companies will host the shape on their own secure server (securehosting.com) for a small fee. Are you aware associated with a others that provide similar services?
one other way you could do this this really is via paypal.com it enables the customer to buy your item via their CC or banking account (in america) free of charge...I have used this particular service alot and not were built with a problem.



------------------
Regards,
Dana
VeoWeb.Net Technical Support
http://www.veoweb.net
Initially published by D:
I understand some companies will host the shape on their own secure server (securehosting.com) for a small fee. Are you aware associated with a others that provide similar services?
Off the top my mind, no. But when I stumble across any, I'm going to be certain to publish them up.



------------------
Annette
Hosting Matters, Corporation.
http://www.hostmatters.com
Hi,

Please keep in mind that simply using SSL is NOT enough. Something needs to secure the information once it reaches the server. SSL basically safeguards against sniffers before the data reaches the server, where it has to *immediately* be re-encoded!

Sincerely,


Vladislav Davidzon &ltdavidzon@thinkhost.com&gt :-)
Senior Network Administrator - ThinkHost Website Hosting Services
http://www.thinkhost.com - honesty, reliability, trust.
We're the wise choice for your website hosting needs! (TM)
For this reason I pointed out during my original response the data should be retrieved safely in the server. A measure at any given time - and SSL is the initial step.

------------------
Annette
Hosting Matters, Corporation.
http://www.hostmatters.com
Annette,

Please explain that which you mean by "retrieved safely in the server"
I am talking about precisely what I stated: locating data safely in the server. You will find a multitude of ways of using this method, an immediate shot via SSH, to secure web mail, to PGPMail, etc. This, however, isn't the subject the initial poster began.

------------------
Annette
Hosting Matters, Corporation.
http://www.hostmatters.com
Annette,

Which was my whole idea that you simply skipped -- you cannot just keep charge card info on the server before it is encoded. That's, by itself, highly insecure and you are essentially depending around the security of the server (or even the specific permissions around the file because the situation may be) for that charge card information. Given the number of holes are discovered every single day, this really is very hard to rely on.

Would you follow what i'm saying?

Cheers,

Slava Davidzon
ThinkHost Customer Support http://www.thinkhost.com
Nobody ever stated anything about storing data around the server unencrypted, since we've absolutely no clue what method the initial poster is going to be using to collect data, but I am certain he values the data. Since the chances are it will likely be an easy mail script, I'd certainly hope that anybody who cares enough to utilize a secure form on the mailer may also be concerned enough to make use of something similar to PGPMail to push the shape output through.

------------------
Annette
Hosting Matters, Corporation.
http://www.hostmatters.com

[This message continues to be edited by Annette (edited 08-15-2000).]
I suppose the simplest method of doing exactly what the orig poster requested could be an SSL experience of PGPMail. This encrypts it completely to him.



------------------
Chris Marks
KBS Website Hosting
http://www.netfronts.com
I must accept Annette, PGPMail is most likely the simplest approach to take, although I understand of 1 webhost who only use Formmail.pl to transmit charge cards within the net.

------------------
Karl Austin
KDA Web Services
Trust me, there's several. Think about the 1000's of companies available, both hosts and otherwise - that's a great deal of room for insecure transactions.

------------------
Annette
Hosting Matters, Corporation.
http://www.hostmatters.com
A couple of years back before i aquired my credit card merchant account, I put my items in Jumbo.com mall. They keep charge card information on a safe and secure server that you should sign in and retrieve later. They're free, the shopping cart software really drawn however they provided the origin code which permitted me to alter it.

They're still around so they ought to be doing something right, so perhaps have a look simply to use their shopping cart software and secure server.
http://www.equifaxsecure.com/

They've ssl certs at just $45. Reduced than thawte and verisign. I would register together, anybody have opinions?
Add kagi.com towards the listing of companies of this kind of service, too.

------------------
Annette
Hosting Matters, Corporation.
http://www.hostmatters.com
Regarding marksy's comments on SSL and PGPMail, exactly how does that actually work? Does SSL secure it towards the server and so the PGPMail transmits it safely to my email box?
Searching at site now.

[This message continues to be edited by Admin (edited 08-16-2000).]
Make certain and email your host and request them when they support Equifax Secure Certs. Because most browsers don't support Equifax Secure Certs your customers will receive a popup saying the cert is signed by an untrusted company, if installed improperly.

Equifax Secure Certs can function properly however the host will have to edit some conf files for you personally. These changes are essential because Equifax is really using Thawte his or her CA.

Regards
Michael


[This message continues to be edited by Michael (edited 08-16-2000).]