Solved

Need advice + SSL question

Posted on 2004-08-06
3
179 Views
Last Modified: 2013-12-25
Hello-
I need advice on a project I need to work on:

The project is to create a web portal that has confidential data (like ssn, pay etc) of about 5000 people. I am planning to use cgi and oracle.
Questions are:

1. Is cgi good enough for such a project that has such critical info to be displayed and if lets say around 1000 people hit the website at the same time

2. I want to enable Secure Socket Layer on my web page. What are the things I need to do for this? If I buy like a verisign, will it automatically do the encryption/decryption for me, or do I have to do it myself.

What are the other things I should keep in mind. Thanks.
0
Comment
Question by:makam_75
3 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 500 total points
ID: 11742048
1. cgi is good
  the question is not about CGI, but how you did your programming for those CGIs

2. go and get a cert (like verisign, Thawte, etc.), install it in your server, and ready you go
    SSL encrypts the traffic, nothing more nothing less

> What are the other things I should keep in mind.
if you have sensitive informations, which should not end up in wrong hands, or if you don't wont your service and/or site misused, then you need to do much more that SSL.
You need a strong (in terms of security) setup and configuration of your web and application server.
You need strong policies for your programmers doing the CGIs (whatever they are doesn't matter).
The keyword here is: input validation.
Keep in mind: all input is evil, until it is checked and sanitized (better ignored if not good).
0
 
LVL 48

Expert Comment

by:Tintin
ID: 11748971
Whether or not CGI is suitable for the task very much depends on what CGI tasks you need, what programming language you will use, the efficiency of the code (and Database), the webserver configuration, the hardware etc, etc etc.  That said, there are many major sites that use Perl/CGI and handle many thousands of requests a day (if not an hour).

As for setting up SSL on the webserver, you can either install a self signed certificate (which is free), or use a company like Verisign (or any other well known Certificate Authority) to generate a certificate (costs $ and time to do the verification paperwork).

If you are only running this in house, I'd go with the self signed cert.
0
 
LVL 2

Expert Comment

by:healthstatus
ID: 11753091
Take a look at www.freessl.com you can get a very cheap ssl certificate that won't give you popup security messages which may make your users anxious.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Combine DSQuery result into loop script 6 61
AWS CLI issues with Tags 3 77
issue with beginner powershell script. 5 61
how to pick specific file from ftp 13 56
Batch, VBS, and scripts in general are incredibly useful for repetitive tasks.  Some tasks can take a while to complete and it can be annoying to check back only to discover that your script finished 5 minutes ago.  Some scripts may complete nearly …
SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question