Subscribe to
the Possibilities Ezine

Subscription Terms of Service
Privacy Policy

Most Recent
Software Additions

Go Short URL

Create short URLs with your own control panel, on your own server, and all your short URLs will have your own domain name.

Secure View and Remove

Remove the data from your secure server safely, without compromising your customer's trust.

Survey Lite

Provides an opportunity for your visitors to give you feedback on the subjects you want to hear about.

Attention Ticker

Scrolling text banner is perfect for special offers... news feeds... syndication to other sites ...

Closing the Security Circle

Many feel certain a secure server connection means information is secure.

But that's not so.

With a secure server connection, only the transmission of information between browser and server is secure. Other aspects to be considered are:

• Security of information on the server.

• Retrieving information from the server.

• Security of information once retrieved.

This article presents a few common-sense things you can do to close the security circle.

The Secure Server Connection

A secure connection is one that encrypts information transmitted between the user's computer and the server.

If you deal with sensitive information others provide with an Internet browser, a secure server connection must be available. That is the first part of the circle, the secure transmission of sensitive information from browser to server.

Your hosting company can tell you how to create secure server connections with your hosting account.

Security of Information On the Server

Securely submitted information needs to be securely stored on the server.

Form handling software of some kind is used to get the information from the web page form, through a secure connection, and stored on the server. The software must be able to operate with a secure https://... URL.

If you don't already have software for that, consider Master Form V4. It is good at this kind of stuff.

(Please don't transmit securely submitted information by email unless the email is encrypted. Email is not a secure communication medium.)

A password-protected directory on the server is a good place to store information securely.

Storing the information on the server in a file with a browser-inaccessible name can make information more secure. For example, many servers are configured to launch and run .cgi files instead of delivering the content as-is, especially in certain directories, such as the cgi-bin. On those servers, information stored in files with .cgi extension causes an "internal server error" if browsers or robots try to retrieve it with an http://... URL.

After the information arrives, remove it from the server as soon as practical. The best security is not to have the information on the server at all.

Securely Retrieving Information From the Server

There are several ways to get the information from the server in a secure way. But first, let me mention a way not to do it.

Do not retrieve sensitive information from your secure server with FTP. FTP does not have secure connections. Use only methods with secure connections.

SFTP can be used to access files on the server, download them, and delete them from the server. SFTP is similar to FTP but has secure connections.

If the information is in a password-protected directory accessible with a secure connection by browser, files may be loaded into the browser window and saved to your computer. FTP can then be used to delete the file from the server (provided FTP is not used to retrieve the information).

Special software can be used for secure information retrieval. Secure View & Remove is such software. It is designed specifically and only to securely retrieve information, and then delete it, from a secure server.

The idea is to always have a secure connection when sensitive information is retrieved from the server. When you do that, this part of the security circle is complete.

Information Security In the Office

Your office computer may be secure, in a way, if you're the only one who uses it.

However, imagine if your computer got into the hands of someone with interests other than your own. Examples are a rogue employee in a computer repair shop, a burglary, and inadvertently leaving your laptop at a restaurant.

At the very least, password protect sensitive information. If you can, put sensitive information encrypted or password protected on a CD or DVD, instead of keeping it on your computer.

The Security Circle

The four arcs of the security circle are:

1. Secure transmission of information to the server.

2. Information security on the server.

3. Secure retrieval of the information from the server.

4. Information security in the office.

The first is what customers and clients see, readily recognized by whether or not the lock icon on the browser is open or closed.

But the rest are important, also, for the security of the information and to honor the confidence of your customers and clients.

Question: Did you find this article interesting and understandable? How can it be improved? Your response is anonymous. When done typing, click anywhere outside the box. [more info]

Type your response here. Thank you.

Powered by "Real Time Reader Feedback" from WebSite's Secret.

Will Bontrager
©2007 Bontrager Connection, LLC Bontrager Connection, LLC

Please note: Articles on this website are presented "as is". However -

If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Ask one of our Experts and you'll have your answer!
Click here for details.

© 1998-2001 William and Mari Bontrager
© 2001-2008 Bontrager Connection, LLC