[Hidden-tech] Advice needed on secure web pages

Chris Woods cswoods at gmail.com
Fri May 23 10:55:13 EDT 2008


Hi Irene,

A few points to consider:

1. How much security do you really need? If you are processing
financial transactions or high risk personal data then you need quite
a lot. If you are simply creating a 'walled garden' for a members only
area (i.e. protecting content from non-members) probably a lot less.
In the first example, you must satisfy industry and regulatory
standards in the second you are just trying to discourage poachers.

2. There are turn key solutions to many of the problems although I do
not recommend them for financial or high risk data. They are quite
viable for small to medium scale membership sites. If you collect
member fees, use a service like Paypal to handle the transaction
rather than doing it yourself.

3. Limiting access to pages is a common and trivial problem. Password
protecting files is easily done in most scripting languages. For that
matter, password protecting a directory on your server is easily
achieved and not, in my opinion, a value-added service or one that
takes lots of extra effort.

4. Set your robots.txt file to 'nofollow' for your protected files or
directories. This prevents them from showing up on search engines.
This is another trivial task.

5. If you are doing financial or high risk data transactions find a
reliable security person to design site. Do not leave it to an
inexperienced or generalist web master. Above all choose someone you
trust absolutely. There is too much opportunity for abuse when it
comes to coding tasks especially if you don't have expertise in that
realm. If you think your ISP is being less than candid about their
efforts I'd listen to that instinct and find another provider.

HTH,

Chris Woods



On Fri, May 23, 2008 at 7:42 AM, Irene Starr <starr at langlab.umass.edu> wrote:
>   ** The author of this post was a Good Dobee.
>   ** You too can help the group
>   ** Fill out the survey/skills inventory in the member's area.
>   ** If you did, we all thank you.
>
>
> I volunteered to create the web site for a group I belong to. We need the
> pages as well as pdf, jpg, and other files to be accessible only to those
> who have registered and received the login info. Our ISP contact person
> wrote " My group has spent some solid time creating this capability for
> you..."
>
> Is it so unusual to need limited access to pages or is the ISP group
> inexperienced? Any other thoughts or suggestions?
>
> Thanks,
> Irene Starr
>
> Keyboard Help:
> www.starr.net/kbh (how to type (c) (R) à é ü ç ¡ ¿ & more)
>
>
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
>
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>



-- 
Keep up with me on Twitter:
http://twitter.com/totallybeta

Join my LinkedIn network:
http://www.linkedin.com/pub/6/400/424



Google

More information about the Hidden-discuss mailing list