Veteran Member
Join Date: Jun 2006
Location: Florida
|
One of the sites I manage has asked about adding a web form to have parents sign up for various things. Due to the nature of the information being collected (personal, demographic, and potentially payment) it'd need to be done over a secure server. I've never used an SSL before and know that I can add one onto my shared host for about $100. Is using SSL on a shared host a security risk? Also, if we do purchase the SSL would I then need to use a typical php/cgi form script to send the information to an email address, or is there a better way of doing this web-registration? Thanks guys.
|
quote |
Veteran Member
|
Typically when on a shared host the SSL cert is shared.. But it's secure.
I got mine with my server so am not sure of the cost, but seem to remember a unique certificate is more last time I looked. So I am basing it on that assumption. On my new server (got rid of useless IX Webhosting finally) I put my secure stuff in the https folder as opposed to the http folder and it's all seamless, other than you use 'https' URLs for the secure stuff. You use standard html and php.. But obviously make sure your html (and your php) is nice and secure.. Perhaps check out hotscripts for some ideas. I am not an expert on this, I just kind of muddle through web stuff, and am just giving you my experience on a few servers over the years. So feel free to take advice from others also. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
If you're going to be working with any kind of payment data, you need to work with a database of some sort on the server that has limited means of access and all communication with and data stored on that server need to be encrypted. Using a shared host here is also a big security risk since there's risk of another user on the server gaining access to your data. (Full disclosure: I've been working primarily on the commerce/finance systems of a web-based company for the past year or so. It's a fun world, but you have to be extra careful when you're dealing with other people's money and sensitive data.) The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
|
quote |
Veteran Member
|
Thanks Brad, that was good advice...
With regards to money transactions.. Most of my websites that take money do it via www.2checkout.com. (They are not as bad as the press they get. They are simply not much better than most other online solutions! I have been with them for 5 years now, and only fallen out a few times.. Normally they are accommodating if you are blunt with them. And I've befriended one of the senior web people over the years so can at least ping him when things get stressy!) So if you are taking payments use them... They handle the secure side, and I simply transfer people to them from my insecure web portal prior to taking any private data. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
is the next Chiquita
Join Date: Feb 2005
|
I wonder if there is such thing as an alternative to SSL? Is TLS any more secure?
|
quote |
Veteran Member
Join Date: Jun 2006
Location: Florida
|
Thanks for the replies. So basically this is a no-go because of the shared server. Do you have any suggestions to do web registrations securely on a shared host?
What would the benefit be to using something like 2checkout or PayPal over running something on our own server? Last edited by jdcfsu : 2008-01-24 at 09:03. |
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
The drawbacks to using a third-party payment handler are that your visitors will be redirected out to the third-party site, you may encounter delays in getting responses from the handler, and the per-transaction fee may be higher. The big benefits to building the checkout/payment process in-house are that you can present a completely seamless interface to your users, should be able to get immediate feedback from the bank/gateway's API, and likely have a lower per-transaction fee. Of course, a major drawback to the in-house solution is that it requires a much higher level of technical skills to implement. The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
|
quote |
Veteran Member
|
What Brad says is correct.
However, having looked at the setup costs / time involved in handling this yourself I decided that any higher gateway fee is probably worth it. To set it up, and then maintain it, and keep it secure is a full time job for someone IMHO. Definitely not something for your web startup! Response time is not an issue as you get immediate feedback for sales from most of these sites, and if you don't use PayPal they do give a s&%t, and do actually have real people on the end of phones 24/7. 2checkout do actually fight chargebacks if you ask them, and often waive the fees if they are sympathetic to your case.. A lot better than PayPal in that regard. Also having looked very carefully into the merchant fees, gateway fees, and bank fees it is actually more expensive for me to go that way in Asia right now. Hence using a US company. They even issue a credit card now which you can credit direct from your online account, and (not sure if this is good or bad) but 2checkout.com now do PayPal too! One big advantage of *really* processing cards yourself (if you are allowed to do it where you are) is that you get paid daily into your account for each transaction. This can in some cases cost you more because of extra transaction fees, but not if all the hardware / servers / banks are local to your country. I on the other hand get paid weekly from 2checkout.com, which is good enough for me.. If your security concerns are not uber high then perhaps look at putting a modded version of OSC together on the secure side of your server. OSC, although a shop database can be used for myriad uses.. We use them often for quick-to-setup skydiving boogie registration pages, where we collect flight info, passport info etc. etc. OSC has a great community, and loads of people out there willing to mod for a few $$$. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt Last edited by scratt : 2008-01-24 at 11:00. |
quote |
Veteran Member
Join Date: Jun 2006
Location: Florida
|
Thanks guys. I'm not able to maintain the website on a daily basis let alone a full on secure server running transactions. I'm putting together a cost/benefit for the different options and I'll include PayPal and 2checkout. Does VeriSign do a similar thing, or are they more into the SSL certificates and digital signing? Any other options out there that might be worth a shot?
|
quote |
http://ga.rgoyle.com
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
|
I used GoogleCheckout the other day and was very impressed with the whole experience from a customer point of view.
|
quote |
Veteran Member
|
Yes.. I would go to GoogleCheckout in a hearbeat if they were international.
|
quote |
Veteran Member
Join Date: Jun 2006
Location: Florida
|
I like how GoogleCheckout is free for Non-Profits until 2009... but it looks like PayPal has far more features than Google. Maybe it's just the website, but scratt, why would you move to GC should it be international?
|
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
That said, I have major disdain for PayPal as a company. If Google Checkout can work for you, I say go for Google. The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
|
quote |
Veteran Member
|
Quote:
I would think that (regardless of how they deny it) you'd get slightly better traffic and sales if you ran your business through them. I also make use of adsense and earn reasonably well from it, and like the idea of having it all under one roof. I have spoken to them and they do intend (eventually) to integrate online payments, adsense and adrevenue into one thing. In that sense I coule pay to advertise, get ad. revenue and take customer orders all online in one account. Cool! Currently they pay me here in Thailand for ad. revenue with local cheques and give me a great exchange rate!! Also, for me personally, Google have always been great at customer service.. I always get replies, even to quite minor enquiries. My main mail account is now with them.. A lot of stuff I have is with google. The only thing I don't have with them is my alternate secure online backup stuff which is elsewhere. But I do have a couple of GMail accounts I use as backup disks as well! I would not dump 2checkout.com, but I would run both side by side so I had the option to dump one or other if they pissed me off. I did that with PayPal, and PayPal pissed me off, like they do everyone, so I dumped them.. and left them holding the bag with a bogus / fraudulent refund attempt they would not protect me on.. Something I am quietly rather proud of! 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
|
quote |
http://ga.rgoyle.com
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
|
|
quote |
Veteran Member
|
Yes.. But you were dealing with a US retailer I presume.
I am talking about being a merchant with them. |
quote |
http://ga.rgoyle.com
Join Date: May 2004
Location: In your dock hiding behind your finder icon!
|
It was from ebuyer.com. They have their contact address as Ebuyer (UK) Ltd, Howden, East Yorks, DN14 7UW
|
quote |
Veteran Member
|
You made me curious so I went and checked.. Google do UK and US now.
If it was any other company I'd say that I wouldn't hold my breath for Thailand, but with Google I have faith it'll be up and running at some point in the next 12 months. 'Remember, measure life by the moments that take your breath away, not by how many breaths you take' Extreme Sports Cafe | ESC's blog | scratt's blog | @thescratt |
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
good web host with high (or no) outgoing smtp limits? | jsk173 | Genius Bar | 26 | 2007-11-13 22:30 |
Shared external drive not available... | Engine Joe | Genius Bar | 4 | 2007-11-06 12:03 |
anyone using Host Monster to host their site(s)? | apple007 | General Discussion | 0 | 2007-10-30 02:13 |
Can I set up a web browser accessible FTP on host? | turtle | Programmer's Nook | 2 | 2007-04-02 22:16 |
Linker option to get dynamic library (apart from -shared ) | kate | Programmer's Nook | 3 | 2006-08-10 07:41 |