Solved

Need advice + SSL question

Posted on 2004-08-06
3
189 Views
Last Modified: 2013-12-25
Hello-
I need advice on a project I need to work on:

The project is to create a web portal that has confidential data (like ssn, pay etc) of about 5000 people. I am planning to use cgi and oracle.
Questions are:

1. Is cgi good enough for such a project that has such critical info to be displayed and if lets say around 1000 people hit the website at the same time

2. I want to enable Secure Socket Layer on my web page. What are the things I need to do for this? If I buy like a verisign, will it automatically do the encryption/decryption for me, or do I have to do it myself.

What are the other things I should keep in mind. Thanks.
0
Comment
Question by:makam_75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 11742048
1. cgi is good
  the question is not about CGI, but how you did your programming for those CGIs

2. go and get a cert (like verisign, Thawte, etc.), install it in your server, and ready you go
    SSL encrypts the traffic, nothing more nothing less

> What are the other things I should keep in mind.
if you have sensitive informations, which should not end up in wrong hands, or if you don't wont your service and/or site misused, then you need to do much more that SSL.
You need a strong (in terms of security) setup and configuration of your web and application server.
You need strong policies for your programmers doing the CGIs (whatever they are doesn't matter).
The keyword here is: input validation.
Keep in mind: all input is evil, until it is checked and sanitized (better ignored if not good).
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11748971
Whether or not CGI is suitable for the task very much depends on what CGI tasks you need, what programming language you will use, the efficiency of the code (and Database), the webserver configuration, the hardware etc, etc etc.  That said, there are many major sites that use Perl/CGI and handle many thousands of requests a day (if not an hour).

As for setting up SSL on the webserver, you can either install a self signed certificate (which is free), or use a company like Verisign (or any other well known Certificate Authority) to generate a certificate (costs $ and time to do the verification paperwork).

If you are only running this in house, I'd go with the self signed cert.
0
 
LVL 2

Expert Comment

by:healthstatus
ID: 11753091
Take a look at www.freessl.com you can get a very cheap ssl certificate that won't give you popup security messages which may make your users anxious.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
The viewer will learn how to count occurrences of each item in an array.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question