Re: Credit card numbers on a form

by Thomas James Allen <tjallen(at)pipeline.com>

 Date:  Wed, 25 Aug 1999 17:28:34 -0400
 To:  "Denise" <denise(at)nf.sympatico.ca>
 Cc:  hwg-basics(at)hwg.org
  todo: View Thread, Original
At 01:59 PM 8/25/99 -0300, you wrote:
...
>I just spoke with tech support for my host provider, and they DO in fact
>offer SSL for an extra $5 a month. This wasn't in their FAQ, but whatever.
>I already have a CGI form on this site, but it didnt have a space for credit
>card numbers. SO...if I pay for the SSL, and add the space for inputting
>credit info, WHAT'S NEXT? Is it just a link to somewhere in the form? I'm
>looking for a basic solution, just to keep the credit card info secure,
>thats it.
>Thanks again,
>Denise
--------------------------
Denise,
It sounds like you will be using your host-provider's secure certifcate.
Okay. (Much cheaper than getting your own from Thawte or VeriSign!)

Your host will usually give you a special directory to put your cgi form.
In your form's ACTION= , you will enter that special secure address
plus the name of the program (formmail.pl), plus other stuff sometimes. 
Ask your host provider EXACTLY what you should put in the form's
ACTION= statement, because sometimes a password goes here.

Your form may require a special extension, usually .shtml rather than .html
Again, ask your host provider exactly what to do about this.

Further, if they give you a special directory or server address, 
all pictures, logos, backgrounds, and stuff that appears on the form page 
will have to go (ftp) into that secure folder (The form page and everything
on it is thus secured. If your pictures are not secured, you will not
get the message from the browser saying things are now secure.) 

Finally, you have to find out from your host how to retrieve
(securely) any forms that are sent to you. Some hosts have a secure
webpage that you can go to, enter your password, and retrieve orders.
(It doesn't make sense for them to email these to you, as you would be
insecure at that point).

TEST TEST TEST!!! On every browser that you can find, and make sure
the browser warning "You are entering a secure page" ALWAYS comes up as you
get to the form. I also put my "Thank-you" page in the secure folder,
so the "You are not secure" warning doesn't pop up when they click the
submit button on the form (This scares some people away!)

Form a good relationship with your host provider, you will be
interacting with them a lot until you get set up! But it's much easier
the second time, and thereafter!

Hope this helps,
jimmy

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA