Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Security certificates for web applications

Posted on 2004-09-13
2
Medium Priority
?
342 Views
Last Modified: 2010-04-11
Hello,

I have a web application and Internet users update my database via that web application (it's nothing to do with credit cards or something else. It's just important data to my Internet users). If I'd like to offer more security to my users for their database-update process, what kind of security certificates  (like "ISO9000") do I have to implement? Or is there "something" that just buying from Verisign will solve that issue?
Can anyone explain me something else about it?
Thank you!
0
Comment
Question by:mogulwindows
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 12047026
ISO9000 is an organizational and documentation standards set - has nothing to do with securing web applications.

You may be thinking of X.509.
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 760 total points
ID: 12047156
OK, first, you need a webserver that supports SSL. You haven't stated what webserver you use, but if you've got the market leader, Apache (according to Netcraft, Apache hosts 2/3rds of all websites), it does. Your platform (*NIX, Linux, NetWare, Windoze, whatever) may also require the addition of SSL support. Again, you haven't revealed anything about what you're using, so being specific is impossible.

So, you get an SSL certificate. These can be issued by "trusted" 3rd parties (e.g. VeriCrooks, Thawte, Ice Warp, et. al.), or, if your SSL support infrastructure will allow you, you can issue your own (you can do this with OpenSSL on *NIX/Linux platforms, NetWare includes a CA that can issue self-signed certificates, etc.)

The advantage to getting a commercially-supplied certificate is that most web-browsers are already configured to accept these 3rd party CAs as "trusted". If you roll-your-own, the users will be prompted as to if they wish to accept your certificate, since your CA is not going to be listed on the browser's list of approved CAs. Also, you don't have to set up your one Certificate Authority (CA) server (again, what platform you have may make this easier or harder).

OK< so now, one way or another, you have a certificate and a CA that will verify the certificate. You configure your webserver to use the certificate for SSL - exactly how you do that depends on the webserver. You then optionally or forcefully re-direct your application clients to the SSL-secured site. Their browser gets the server's certificate, verify it with the CA, and negotiate a secure connection between the browser and the server. The application's connection is now reasonably secure.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question