Overview:

Without a secure server account, all data entered into a form can potentially be viewed by prying eyes over the Internet. When data is entered into an on-line form, sensitive information such as Credit Card numbers, Passwords, etc. passes from the Web browser to the Web server un-encrypted and therefore insecurely.

With a secure server account, you can display secure on-line order forms where by the data passes from the Web browser to the Web server using SSL encryption. SSL, also known as Secure Sockets Layer, is a protocol adopted by both Microsoft and Netscape. Your customers can safely enter sensitive information into your secure on-line forms with no threat.

Instructions:

After signing up for a secure server account, we will add a "virtual directory" in your FTP root called "secure". The "secure" directory is where you will put your credit card order forms and any related images. You will also be assigned a directory alias which you will use to direct your customers to your secure forms. We have a custom script called "sendmail.exe" which you can use free of charge to accept orders securely. You must carefully follow these instructions to insure that:

1) All orders are transmitted securely to the server.
2) All orders are accessed securely by you.

Since email is not a secure means of transmitting sensitive information, the "sendmail.exe" can be configured to place all your new orders into a file located in a secure directory. The following are instructions for using the sendmail.exe program for secure orders:

1. Create an on-line order form using your favorite HTML editor.

2. Check out our on-line documentation for "sendmail.exe" at:

http://www.spiderlink.com/develop/devforms.htm

3. Make sure you include the following line in your HTML source:

<INPUT NAME="CCAlias" VALUE="youralias_secure" type="hidden">

"youralias_secure" is a directory alias which will be assigned to you once you setup a secure server account. If this line is present, the information entered into the on-line form by your customer will be collected and appended to a text file. The text file is called ccorder.dat, and will reside in your /secure/orders directory. This directory is password protected and cannot be accessed through a Web browsers without a valid User ID and password. Normally, your current FTP User ID and password is used for accessing your orders.

For your convenience, an email messages is automatically sent to you (or whoever is the recipient) letting you know that you have a new order. This email message will also have a link to the secure Web page where your can download this file securely. Once again, you will be prompted for a User ID and password; Use your current FTP User ID and password in order to get access to this file.

4) Once you have uploaded your secure forms (along with any .gif or .jpg files that are included), you can direct users to the form at

https://www.spiderlink.com/secure_youralias/yourform.htm

IMPORTANT: You must use the Spiderlink URL (www.spiderlink.com) in order to access this directory in a secure manner. If you wish to have your own URL instead, you will need to setup your own Verisign account (which we can help you with). You should probably be aware that Verisign's Setup and yearly fees are not cheap!

Notice also that its "https://" instead of "http://". The "s" stands for the secure sockets layer (SSL) protocol used for encryption. Only certain browsers support this protocol such as Netscape and Microsoft Internet Explorer.

Check out the following sample page at:

https://www.spiderlink.com/secure_spiderlink/ccard.htm

Send mail to webmaster@spiderlink.com with questions or comments about this web site.
Copyright © 1996-1997 Spiderlink Web Services

Back to Spiderlink Web Services Home Page