Software, your way.
burger menu icon
WillMaster

WillMaster > LibrarySecurity and Blocking

FREE! Coding tips, tricks, and treasures.

Possibilities weekly ezine

Get the weekly email website developers read:

 

Your email address

name@example.com
YES! Send Possibilities every week!

Closing the Security Circle

Many feel certain a secure server connection means information is secure.

But that's not so.

With a secure server connection, only the transmission of information between browser and server is secure. Other aspects to be considered are:

  • Security of information on the server.

  • Retrieving information from the server.

  • Security of information once retrieved.

This article presents a few common-sense things you can do to close the security circle.

The Secure Server Connection

A secure connection is one that encrypts information transmitted between the user's computer and the server.

If you deal with sensitive information others provide with an Internet browser, a secure server connection must be available. That is the first part of the circle, the secure transmission of sensitive information from browser to server.

Your hosting company can tell you how to create secure server connections with your hosting account.

Security of Information On the Server

Securely submitted information needs to be securely stored on the server.

Form handling software of some kind is used to get the information from the web page form, through a secure connection, and stored on the server. The software must be able to operate with a secure https://... URL.

If you don't already have software for that, consider Master Form V4. It is good at this kind of stuff.

(Please don't transmit securely submitted information by email unless the email is encrypted. Email is not a secure communication medium.)

A password-protected directory on the server is a good place to store information securely.

Storing the information on the server in a file with a browser-inaccessible name can make information more secure. For example, many servers are configured to launch and run .cgi files instead of delivering the content as-is, especially in certain directories, such as the cgi-bin. On those servers, information stored in files with .cgi extension causes an "internal server error" if browsers or robots try to retrieve it with an http://... URL.

After the information arrives, remove it from the server as soon as practical. The best security is not to have the information on the server at all.

Securely Retrieving Information From the Server

There are several ways to get the information from the server in a secure way. But first, let me mention a way not to do it.

Do not retrieve sensitive information from your secure server with FTP. FTP does not have secure connections. Use only methods with secure connections.

SFTP can be used to access files on the server, download them, and delete them from the server. SFTP is similar to FTP but has secure connections.

If the information is in a password-protected directory accessible with a secure connection by browser, files may be loaded into the browser window and saved to your computer. FTP can then be used to delete the file from the server (provided FTP is not used to retrieve the information).

Special software can be used for secure information retrieval. Secure View & Remove is such software. It is designed specifically and only to securely retrieve information, and then delete it, from a secure server.

The idea is to always have a secure connection when sensitive information is retrieved from the server. When you do that, this part of the security circle is complete.

Information Security In the Office

Your office computer may be secure, in a way, if you're the only one who uses it.

However, imagine if your computer got into the hands of someone with interests other than your own. Examples are a rogue employee in a computer repair shop, a burglary, and inadvertently leaving your laptop at a restaurant.

At the very least, password protect sensitive information. If you can, put sensitive information encrypted or password protected on a CD or DVD, instead of keeping it on your computer.

The Security Circle

The four arcs of the security circle are:

  1. Secure transmission of information to the server.

  2. Information security on the server.

  3. Secure retrieval of the information from the server.

  4. Information security in the office.

The first is what customers and clients see, readily recognized by whether or not the lock icon on the browser is open or closed.

But the rest are important, also, for the security of the information and to honor the confidence of your customers and clients.

Will Bontrager

Was this article helpful to you?
(anonymous form)

Support This Website

Some of our support is from people like you who see the value of all that's offered for FREE at this website.

"Yes, let me contribute."

Amount (USD):

Tap to Choose
Contribution
Method

All information in WillMaster Library articles is presented AS-IS.

We only suggest and recommend what we believe is of value. As remuneration for the time and research involved to provide quality links, we generally use affiliate links when we can. Whenever we link to something not our own, you should assume they are affiliate links or that we benefit in some way.

How Can We Help You? balloons
How Can We Help You?
bullet Custom Programming
bullet Ready-Made Software
bullet Technical Support
bullet Possibilities Newsletter
bullet Website "How-To" Info
bullet Useful Information List

© 1998-2001 William and Mari Bontrager
© 2001-2011 Bontrager Connection, LLC
© 2011-2024 Will Bontrager Software LLC