Solved

Need advice + SSL question

Posted on 2004-08-06
3
181 Views
Last Modified: 2013-12-25
Hello-
I need advice on a project I need to work on:

The project is to create a web portal that has confidential data (like ssn, pay etc) of about 5000 people. I am planning to use cgi and oracle.
Questions are:

1. Is cgi good enough for such a project that has such critical info to be displayed and if lets say around 1000 people hit the website at the same time

2. I want to enable Secure Socket Layer on my web page. What are the things I need to do for this? If I buy like a verisign, will it automatically do the encryption/decryption for me, or do I have to do it myself.

What are the other things I should keep in mind. Thanks.
0
Comment
Question by:makam_75
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 11742048
1. cgi is good
  the question is not about CGI, but how you did your programming for those CGIs

2. go and get a cert (like verisign, Thawte, etc.), install it in your server, and ready you go
    SSL encrypts the traffic, nothing more nothing less

> What are the other things I should keep in mind.
if you have sensitive informations, which should not end up in wrong hands, or if you don't wont your service and/or site misused, then you need to do much more that SSL.
You need a strong (in terms of security) setup and configuration of your web and application server.
You need strong policies for your programmers doing the CGIs (whatever they are doesn't matter).
The keyword here is: input validation.
Keep in mind: all input is evil, until it is checked and sanitized (better ignored if not good).
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11748971
Whether or not CGI is suitable for the task very much depends on what CGI tasks you need, what programming language you will use, the efficiency of the code (and Database), the webserver configuration, the hardware etc, etc etc.  That said, there are many major sites that use Perl/CGI and handle many thousands of requests a day (if not an hour).

As for setting up SSL on the webserver, you can either install a self signed certificate (which is free), or use a company like Verisign (or any other well known Certificate Authority) to generate a certificate (costs $ and time to do the verification paperwork).

If you are only running this in house, I'd go with the self signed cert.
0
 
LVL 2

Expert Comment

by:healthstatus
ID: 11753091
Take a look at www.freessl.com you can get a very cheap ssl certificate that won't give you popup security messages which may make your users anxious.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Often people are aiming at development of perfect Magento websites. Though, it is easier said than done. You know what’s much easier? To ruin everything. It can be done in seconds. Many of us experimented with design, tried to change some values dir…
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question