Data Koncepts

Security: Server-Side Scripting
  and Secure Servers

Data Koncepts

Security: Server-Side Scripting
  and Secure Servers
  • Home Page open submenu
    Data Koncepts'
      Home Page
  • Webmaster open submenu
    Professional
        Webmaster
    Development
        Process
    Small Website
        Fixed Price
        Offer
    Website
        Clients

    FREEBIES:
    Webmaster Security
        (see Security)
    Search For a
        New Host
        Checklist
    Search Engine
        Optimization
        w/mod_rewrite
    mod_rewrite
        Code Generator
    E-Mail
        Encrypter
  • Web Hosting open submenu
    Web Hosting
        Info     & Checklist
    Web Hosting
        Offer
  • Security Updated! open submenu
    Online
        Security
    SuperScan v2New!
        Attack
        Detection
        & Reporting     Hack Recovery
  • Professional Services open submenu
    Professional
        Documents
    Digital
        Imaging
    Screensavers
  • Computers open submenu
      Hardware
      Software
  • Contact open submenu
      Contact
      Terms &
        Conditions
      Sitemap
Website monitor by killerwebstats.com
Now a banana republic! Freedom!

Server Side Scripting

I utilise "server side scripting" on my websites. "Server side scripting" is similar to the JavaScript that's in common use on virtually every web page to provide dynamic (changing) content to your pages' visitors. However, whereas the entire JavaScript and the data it acts upon must be downloaded to the visitor's computer, "server side scripting" is acted upon by the server with only the results sent to the visitor. This is not only much faster but protects the decision making process from being compromised by malicious visitors.

"Server side scripting" becomes far more powerful when coupled with databases which do not have to be downloaded. When used on a secure server, this also protects the data in transmission.

Secure Server Scripts

There are a total of four pages involved in my scripts to process your orders:

  • Check for errors
  • Check for proper "hashing" (mathematical encoding)
    of the credit card number
  • E-mail you with the order details
  • E-mail confirmation to your client
  • Store an encrypted portion of the credit card number on the server and
  • and provide it ONLY to you and ONLY via secure server!

Order Page — This is the page which would be on your site but located on the secure server. This page obtains information from your visitor (name, e-mail, etc), allows them to select or input their order (e.g., number, colour and size of your "widgets," booking confirmations, donations, etc.) and collects credit card details. A preliminary check is performed before sending the "order" to the Process Page.

Process Page — This page analyzes the date collected on the Order page for completeness (required information), format (e-mail address) and mathematically validates the credit card (potential problems are identified only to you). Then the credit card number is stripped of its center digits which are encrypted and saved to the database. An e-mail is dispatched to you with all the order's information (except the middle numbers of the credit card) and a confirmation e-mail is sent to the visitor before a link is offered back to your Contact Page.

Retrieval Link Page — This page is on your site but in a password protected directory — I'll need to know the username and password you'd like to use (unless you want to set that up yourself). It only contains a link to take you to the Retrieval Page on the secure server which will confirm that the link originates at YOUR Retrieval Link Page.

Retrieval Page — This page on the secure server is designed to silently stop providing ANY information unless stringent safeguards are met (the acceptable responses are NOT evident in the page's code as they would be with JavaScript). After all the requirements are successfully met, ONLY the middle digits are decrypted and displayed and the encrypted data isdeleted from the database.

It would take at least a half hour to complete the coding for your site on these pages (and the database) so I must fix the one-time fee at $20. I will have to know the username and password combinations you prefer to use as well as the text and contents you require on the Order Page (name, e-mail, credit card details, more?) to link this into your site's navigation. After that, it's a simple matter to obtain your clients' credit card details from the secure server.

Security First

My primary concern with the Internet has always been security. I believe that I have met my own stringent requirements as I cannot recreate the Process Page's order e-mail to you (with the order and half of the credit card details) and NO third party intercepting your e-mail would be able to read the middle digits without your username(s) and password(s). The fact that a secure server is used for encrypted transmission of the credit card from the visitor and to you complete this secure scenario.

Note: The secure server operates on a "shared certificate" in the name of the company which provides the site control software. A site-unique certificate would be prohibitively expensive.
 
 
  This site designed, created, maintained and copyright © 1995 - 2023 by Data Koncepts.