Solved

Problem with SSL hosting ASP

Posted on 2001-09-08
3
297 Views
Last Modified: 2013-12-24
I have a site hosted with Fasthosts.  I run ASP on this domain.  I have trialed a shopping basket on it, it all works fine, but has no security for Credit cards.  I have now purchased off them a SSL facility.  I can upload and read straight html here, but I want to store data (credit card info.).


My questions are as follows;

Should I store the data store in the ssl area, as there is an area within the normal site whick is secure, it's the passing of information thet needs the ssl's?

I cannot get the pages with thr SSL to read a database either within the SSL or within the standard site.  Within the set up of the SSL's there is an ODBC setup function. The helpless file states:

"This screen lets you add and modify ODBC data sources for the domain. It is simply a case of specifying what type of data source you require and entering the correct path for the file. Please note that you need to specify the data source full path and filename. For example: DSN name = Test. Database path = domain.co.uk\private\test.mdb"

I can resolve the end part of the full path ie I can replace domain with my domain and test with the database name, but any idea if I should also add "DSN name = Test. Database path = " and which bits are variables?

I know these are questions for the ISP, but I've had no joy there!

0
Comment
Question by:perrybond
  • 2
3 Comments
 
LVL 15

Expert Comment

by:ericpete
ID: 6471864
1. I would store it in the secure area. Even better would be to store it on the server someplace outside the \inetpub\wwwroot folders.

2. Their instructions might be a little clearer if they said the following:

DSN Name = c:\foldername\foldername\database.mdb = domain.co.uk\private\database.mdb

If you look at how you set up a DSN on your local computer, you'll see that you give the DSN a name, tell it what kind of file it is (Access database, text file, Excel spreadsheet, etc.), and then tell it where on your hard drive/network the database is.

Your ISP is trying to make it easy, so all you need to know is where on their system the file is kept, and they probably have some kind of script that fills in all the blanks.

Hope this helps...

ep
0
 

Accepted Solution

by:
crispy2111 earned 250 total points
ID: 6652755
Think very carefully about storing any sensitive data on any server, but particularly on what appears to be a shared server. SSL only encrypts the data during transit and is not sufficent for securely storing data. For more info on payment solutions visit www.commercepay.co.uk

Chris Bacon
cbacon@commercenti.com
www.commercenti.com
0
 
LVL 15

Expert Comment

by:ericpete
ID: 6652934
crispy,

Welcome to Experts Exchange!

It is common practice here to make comments on questions, rather than proposing answers, unless you are certain that yours is the one and only, 300 per cent absolute single and sole response which will resolve the questioner's issue.

The reason for that is twofold: First, EE is a collaborative effort, wherein a number of people try to help the user resolve a problem. Second, "answering" (as opposed to "commenting") effectively locks the question, so that any further collaboration is difficult, if not impossible.

Please see the following links for more information:
http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp#14
http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp#15
http://www.experts-exchange.com/jsp/cmtyExpertsOnly.jsp

Please change your "answer" to a comment, and again, welcome aboard!

Regards,

ep
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question