Solved

Need advice + SSL question

Posted on 2004-08-06
3
177 Views
Last Modified: 2013-12-25
Hello-
I need advice on a project I need to work on:

The project is to create a web portal that has confidential data (like ssn, pay etc) of about 5000 people. I am planning to use cgi and oracle.
Questions are:

1. Is cgi good enough for such a project that has such critical info to be displayed and if lets say around 1000 people hit the website at the same time

2. I want to enable Secure Socket Layer on my web page. What are the things I need to do for this? If I buy like a verisign, will it automatically do the encryption/decryption for me, or do I have to do it myself.

What are the other things I should keep in mind. Thanks.
0
Comment
Question by:makam_75
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
Comment Utility
1. cgi is good
  the question is not about CGI, but how you did your programming for those CGIs

2. go and get a cert (like verisign, Thawte, etc.), install it in your server, and ready you go
    SSL encrypts the traffic, nothing more nothing less

> What are the other things I should keep in mind.
if you have sensitive informations, which should not end up in wrong hands, or if you don't wont your service and/or site misused, then you need to do much more that SSL.
You need a strong (in terms of security) setup and configuration of your web and application server.
You need strong policies for your programmers doing the CGIs (whatever they are doesn't matter).
The keyword here is: input validation.
Keep in mind: all input is evil, until it is checked and sanitized (better ignored if not good).
0
 
LVL 48

Expert Comment

by:Tintin
Comment Utility
Whether or not CGI is suitable for the task very much depends on what CGI tasks you need, what programming language you will use, the efficiency of the code (and Database), the webserver configuration, the hardware etc, etc etc.  That said, there are many major sites that use Perl/CGI and handle many thousands of requests a day (if not an hour).

As for setting up SSL on the webserver, you can either install a self signed certificate (which is free), or use a company like Verisign (or any other well known Certificate Authority) to generate a certificate (costs $ and time to do the verification paperwork).

If you are only running this in house, I'd go with the self signed cert.
0
 
LVL 2

Expert Comment

by:healthstatus
Comment Utility
Take a look at www.freessl.com you can get a very cheap ssl certificate that won't give you popup security messages which may make your users anxious.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Read about how to choose the best possible content marketing agency to suit your needs. Content marketing has become an integral part of running a successful tech business, so it is wise to be informed.
Every business owner understands the significance of online customer reviews and the impact it can have on sales and revenues. With technology advancing at such a rapid pace, getting online reviews has never been easier, especially when many regions…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
In this fourth video of the Xpdf series, we discuss and demonstrate the PDFinfo utility, which retrieves the contents of a PDF's Info Dictionary, as well as some other information, including the page count. We show how to isolate the page count in a…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now