Securing Your Site Through SSL
Actually, we are talking about responsibility here. Once you have purchased a domain name and have set up your Web site with a hosting firm, you should consider securing your site, particularly if you intend to conduct e-commerce transactions. By accepting your customers' credit card information through your Web site, you are also accepting the responsibility for the security of that information.
The standard protocol for securing Web sites is Secure Sockets Layer (SSL) developed by Netscape, which provides data encryption, server authentication, message integrity and client authentication for TCP/IP connections, allowing client/server applications to communicate in a way that prevents eavesdropping, tampering or message forgery.
SSL is built into all major Web browsers, simply installs a digital certificate on the server of a Web site will enable the browser's SSL capabilities. The protocol is available in both 40-bit and 128-bit strengths, referring to the length of the "session key" generated by each encrypted transaction.
In order to establish an SSL session with a customer's browser, your server has to be able to generate a public key and a private key and have them authenticated by a certificate authority, such as GeoTrust (GeoTrust.com), VeriSign (VeriSign.com), Thawte (Thawte.com), Tucows (Tucows.com) or InstantSSL (InstantSSL.com). Your Web host may include an arrangement with one if these authorities, or may allow you to use its certificate. SSL certificates are relatively inexpensive, very secure and fairly easy to obtain. As a result, any Web site that handles sensitive information should not be without one.
|
By Location