Solved

Need advice + SSL question

Posted on 2004-08-06
3
184 Views
Last Modified: 2013-12-25
Hello-
I need advice on a project I need to work on:

The project is to create a web portal that has confidential data (like ssn, pay etc) of about 5000 people. I am planning to use cgi and oracle.
Questions are:

1. Is cgi good enough for such a project that has such critical info to be displayed and if lets say around 1000 people hit the website at the same time

2. I want to enable Secure Socket Layer on my web page. What are the things I need to do for this? If I buy like a verisign, will it automatically do the encryption/decryption for me, or do I have to do it myself.

What are the other things I should keep in mind. Thanks.
0
Comment
Question by:makam_75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 11742048
1. cgi is good
  the question is not about CGI, but how you did your programming for those CGIs

2. go and get a cert (like verisign, Thawte, etc.), install it in your server, and ready you go
    SSL encrypts the traffic, nothing more nothing less

> What are the other things I should keep in mind.
if you have sensitive informations, which should not end up in wrong hands, or if you don't wont your service and/or site misused, then you need to do much more that SSL.
You need a strong (in terms of security) setup and configuration of your web and application server.
You need strong policies for your programmers doing the CGIs (whatever they are doesn't matter).
The keyword here is: input validation.
Keep in mind: all input is evil, until it is checked and sanitized (better ignored if not good).
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11748971
Whether or not CGI is suitable for the task very much depends on what CGI tasks you need, what programming language you will use, the efficiency of the code (and Database), the webserver configuration, the hardware etc, etc etc.  That said, there are many major sites that use Perl/CGI and handle many thousands of requests a day (if not an hour).

As for setting up SSL on the webserver, you can either install a self signed certificate (which is free), or use a company like Verisign (or any other well known Certificate Authority) to generate a certificate (costs $ and time to do the verification paperwork).

If you are only running this in house, I'd go with the self signed cert.
0
 
LVL 2

Expert Comment

by:healthstatus
ID: 11753091
Take a look at www.freessl.com you can get a very cheap ssl certificate that won't give you popup security messages which may make your users anxious.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Learn the basics of modules and packages in Python. Every Python file is a module, ending in the suffix: .py: Modules are a collection of functions and variables.: Packages are a collection of modules.: Module functions and variables are accessed us…
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question