Two Simple Security Steps for your Web Site

Written by Alan Grissett

This article offers several security issues that every Web site owner or developer should be aware of.It's important to be aware of these issues because for many organizations, a Web site is an integral part of their processes, and any downtime can result in costly maintenance work, lost business, or upset customers.

First and foremost, you should only grant access to those who need access. For example, if you will berepparttar only one uploading files torepparttar 132034 site, no one else should have FTP privileges. If there is only one person in your organization who needs access to financial data related torepparttar 132035 Web site, only that person should be able to accessrepparttar 132036 billing records for your account. This also applies to any ofrepparttar 132037 other features or services that are accessible by administrators ofrepparttar 132038 Web site.

Why SSL is not enough to secure your credit card details

Written by ArticSoft

SSL (secure sockets layer) isrepparttar security technology everyone uses to ensure that their web connections are secure. An SSL connection is symbolized by a padlock icon inrepparttar 132033 right-hand side ofrepparttar 132034 taskbar and a URL that starts with Ďhttpsí,repparttar 132035 Ďsí standing for a secure http connection. What trust, however, should users associate with SSL?


SSL uses a method known as public key authentication in order to providerepparttar 132036 confidential link betweenrepparttar 132037 server andrepparttar 132038 client computer. This can be a very strong and effective method. It allows you to establish a strong confidential link between a server and a client without either knowing aboutrepparttar 132039 other beforehand. And thatís whererepparttar 132040 problems really begin.

Public key authentication works where each end of a connection can independently check thatrepparttar 132041 other end is real. Itísrepparttar 132042 same idea as getting a cheque from someone you donít know and calling their bank to see if itís OK. Thatís why it doesnít really work. If it was going to work,repparttar 132043 server would have to be able to find out ifrepparttar 132044 client key really belonged to them or not Ė and it canít. In our bank example, itís like having a cheque withoutrepparttar 132045 bank name on it orrepparttar 132046 customer namerepparttar 132047 bank knows you by so that you canít even askrepparttar 132048 question. In fact if that happened you probably wouldnít acceptrepparttar 132049 cheque!

As a result,repparttar 132050 server canít tell if a hacker has diverted you via their own site and is playing a Ďman-in-the-middleí attack whererepparttar 132051 hacker gets to see allrepparttar 132052 data going both ways. Usuallyrepparttar 132053 server uses an identification that has been approved by one ofrepparttar 132054 companies whose information is stored inside your browser. Thatís why atrepparttar 132055 client end it all seems fine. There is justrepparttar 132056 minor problem that you canít actually tell ifrepparttar 132057 identity is still valid because thereís no way inrepparttar 132058 current system to do that. Not surprisingly, there is nothing happening that allowsrepparttar 132059 server to linkrepparttar 132060 information arriving at it withrepparttar 132061 actual user ofrepparttar 132062 client PC. It is always assumed thatrepparttar 132063 information comes from there but you canít prove it.

Cont'd on page 2 ==> © 2005
Terms of Use