TalkPHP

TalkPHP (http://www.talkphp.com/forums.php)
-   General (http://www.talkphp.com/general/)
-   -   Secure pages?? (http://www.talkphp.com/general/2399-secure-pages.html)

marxx 03-02-2008 05:05 PM
Secure pages??
 
Hi all folks!

I'm making pages for customers where is displayed personal information (name, addresses and such) and those pages should be very secured..

Now, I dont't have much experience of https or such so what would be most affect way to make secure pages?

Is is this https protocol or htmls/phps way?

Then, if I somehow can manage to make those secured pages, is google (is there others) going to index those pages?

Thanks for all help! Marko

SOCK 03-02-2008 05:29 PM
How secure does it have to be? You're not storing customer credit card information or social security numbers, etc, are you?

If it absolutely has to be secure, use SSL (https) and consider using a packaged authentication system (Apache's mod_auth_* comes to mind) rather than building a custom system. The reason I say this, if security is imperative, you're better off using a system that has been tried and tested, plus having a group of developers looking at the code for holes helps (unless of course you create secure auth systems as a hobby).

If you don't want Google or other search engines to index the pages, just create and edit a 'robots.txt' file or use the meta tag in your HTML to keep robots from indexing.

marxx 03-04-2008 06:11 PM
No, I'm not storing or collecting any credit card informatio. Just contact information and some information of services what customers have ordered.

Little about my system tho if it helps for helping.
I have dedicated server and I have installed plesk on it.
I have read something about SSL certificates and thinking of buying one?
So, if I buy on of these SSL certifications, could it be so simple that when I receive one, then install it via plesk my pages would be secured?

Anyway, thanks for replying SOCK and about that robots.txt: I use already that file but somehow I have this fealing that it's not stop those crawlers? Or is it that powerfull? ;)

Thanks!

wiifanatic 03-08-2008 09:24 PM
use the force
use .htaccess

Alan @ CIT 03-08-2008 10:13 PM
Search engines will only crawl pages that are accessable as a guest user on your site.

Presumably all sensitive information is in a members/admin area of some sort that requires a login? If so, then the search engines won't be able to get to it. If not, then you have bigger problems :-)

Alan

marxx 03-09-2008 06:20 AM
Well Alan I have put both admin-area and member-area theyr own subdomain whit login ofcourse.
Robots.txt contains
Code:
User-agent: *
Disallow: /
and I have meta tag
Code:
<meta name="robots" content="none" />
And yes now that you mention it that crawlers are visiting as guest so, when i do have login, they wont go any further! Just didn't got it before! ;)

But still, there is sensitive data both areas, do I need to consider SSL?


Thanks for all help!

Alan @ CIT 03-09-2008 08:49 AM
With regards to SSL, if in doubt, do it :-)

It never hurts (from a users perspective) to see that little lock symbol when they are entering sensitive information.

Alan


All times are GMT. The time now is 07:41 PM.

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0