Site Security: Two Simple Security Steps for your Web Site

Two Simple Security Steps for your Web Site

Written by Alan Grissett

This article offers several security issues that every Web site owner or developer should be aware of.It's important to be aware of these issues because for many organizations, a Web site is an integral part of their processes, and any downtime can result in costly maintenance work, lost business, or upset customers.

First and foremost, you should only grant access to those who need access. For example, if you will be repparttar only one uploading files to repparttar 132034 site, no one else should have FTP privileges. If there is only one person in your organization who needs access to financial data related to repparttar 132035 Web site, only that person should be able to access repparttar 132036 billing records for your account. This also applies to any of repparttar 132037 other features or services that are accessible by administrators of repparttar 132038 Web site.

Why SSL is not enough to secure your credit card details

Written by ArticSoft

SSL (secure sockets layer) is repparttar

security technology everyone uses to ensure that their web connections are secure. An SSL connection is symbolized by a padlock icon in repparttar 132033

right-hand side of repparttar 132034

taskbar and a URL that starts with ‘https’, repparttar 132035

‘s’ standing for a secure http connection. What trust, however, should users associate with SSL?

Confidentiality

SSL uses a method known as public key authentication in order to provide repparttar 132036 confidential link between repparttar 132037 server and repparttar 132038 client computer. This can be a very strong and effective method. It allows you to establish a strong confidential link between a server and a client without either knowing about repparttar 132039 other beforehand. And that’s where repparttar 132040 problems really begin.

Public key authentication works where each end of a connection can independently check that repparttar 132041 other end is real. It’s repparttar 132042 same idea as getting a cheque from someone you don’t know and calling their bank to see if it’s OK. That’s why it doesn’t really work. If it was going to work, repparttar 132043 server would have to be able to find out if repparttar 132044 client key really belonged to them or not – and it can’t. In our bank example, it’s like having a cheque without repparttar 132045 bank name on it or repparttar 132046 customer name repparttar 132047 bank knows you by so that you can’t even ask repparttar 132048 question. In fact if that happened you probably wouldn’t accept repparttar 132049 cheque!

As a result, repparttar 132050 server can’t tell if a hacker has diverted you via their own site and is playing a ‘man-in-the-middle’ attack where repparttar 132051 hacker gets to see all repparttar 132052 data going both ways. Usually repparttar 132053 server uses an identification that has been approved by one of repparttar 132054 companies whose information is stored inside your browser. That’s why at repparttar 132055 client end it all seems fine. There is just repparttar 132056 minor problem that you can’t actually tell if repparttar 132057 identity is still valid because there’s no way in repparttar 132058 current system to do that. Not surprisingly, there is nothing happening that allows repparttar 132059 server to link repparttar 132060 information arriving at it with repparttar 132061 actual user of repparttar 132062 client PC. It is always assumed that repparttar 132063 information comes from there but you can’t prove it.

Cont'd on page 2 ==>