Rev cgi server and SSL
Richard Miller
wow at together.net
Fri Apr 11 06:52:40 EDT 2008
There is no certificate on the server. I had not installed one and
didn't think I needed to. The web page is secure and the connection
from the server to the payment gateway is secure. I don't think there
is actually a security issue here, but Firefox and Safari don't know
this, so they report a potential problem (enough to scare customers).
I could install a certificate on the server, but it's somewhat
problematic because I already use the IP address of the server
throughout several custom Rev programs. My understanding is that by
installing a certificate on the server, I will not be able to refer
to the server by its IP address, but would instead be forced to refer
to it by a domain name (meaning, I'd have to change a lot of previous
programming). I'd like to avoid that.
Richard
On Apr 11, 2008, at 4:55 AM, Luis wrote:
> What exactly do you mean by 'The server is not SSL protected.'?
>
> Is the certificate installed on the server? Apple Server Admin pdf
> - http://manuals.info.apple.com/en/Server_Administration_v10.5.pdf
>
> These might be of help:
>
> https://support.comodo.com/index.php?
> _m=knowledgebase&_a=viewarticle&kbarticleid=901&nav=0,1
>
> Nice background - http://www.afp548.com/Articles/web/sslcert.html
>
> Cheers,
>
> Luis.
>
>
> On 11 Apr 2008, at 09:03, Richard Miller wrote:
>> Hi Luis,
>>
>> I wish this was the problem, but I am using a very well known
>> vendor.... one of the biggest on the Internet. Seems the problem
>> lies with the sending to an http address.
>>
>> Richard
>>
>>
>> On Apr 11, 2008, at 3:36 AM, Luis wrote:
>>
>>> Browsers will warn of certificates they do not have in their
>>> repertoire. If you want to cater for the general population your
>>> best bet, to avoid the warnings, is to get a certificate from a
>>> known vendor (ie: known to the browsers). If the audience is
>>> limited, you can generate a certificate and get them to install
>>> it in their browsers.
>>>
>>> Cheers,
>>>
>>> Luis.
>>>
>>>
>>> On 11 Apr 2008, at 08:01, Richard Miller wrote:
>>>> I have a web page that is secured by an SSL certificate. Users
>>>> access it by going to "https://mywebpage.html". This page sends
>>>> a cgi request (containing credit card information) to my MacMini
>>>> server, located elsewhere. The server is not SSL protected. The
>>>> credit card data is then processed via a Rev SSL routine to a
>>>> secure payment gateway, then immediately discarded.
>>>>
>>>> Is there any security issues with this approach? Do I need to
>>>> get an SSL certificate for the server?
>>>>
>>>> I've noticed that Firefox and Safari post a warning message when
>>>> one hits the Submit button on the web page, saying that while
>>>> the web page is secure, the data is being sent to a potentially
>>>> unsafe location (presumably because the form is directed to an
>>>> http address). Internet Explorer doesn't show any message.
>>>>
>>>> Would it be worthwhile to get an SSL certificate for the server?
>>>>
>>>> Thanks.
>>>> Richard Miller
>>>> _______________________________________________
>>>> use-revolution mailing list
>>>> use-revolution at lists.runrev.com
>>>> Please visit this url to subscribe, unsubscribe and manage your
>>>> subscription preferences:
>>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>>>
>>>
>>> _______________________________________________
>>> use-revolution mailing list
>>> use-revolution at lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>> _______________________________________________
>> use-revolution mailing list
>> use-revolution at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-revolution
>>
>
> _______________________________________________
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-revolution
More information about the use-livecode
mailing list