BareMetal.com

Baremetal
My Account
Domain Registration Management Services
Web Services
Rates and Specs
Bulk Rates
CGI Library
FAQ
Order Form
Tech Support
Billing Info
Company Info
Charities
Legal Info
Employment
Privacy Statement

BM


Web Services

Secure Server - SSL;

Return CGI Library

We have a secure server (several actually).

It's easy to use, as there really isn't anything special about it other than the fact that all communications between the server software and the browser are encrypted... which means that your CGI and HTMLs behave the same as normal...

The BIG gotcha is the digital server ID. (See below for a work around.)

The other gotcha is handling the information you received securely.

Digital Server IDs:

Netscape checks to make sure that the server's certificate and the URL match. Which means that virtual servers each need their own server-ID certificate from a recognized certificate authority (CA). Verisign.com, and Thawte.com) were the first two big CAs, then Verisign bought Thawte :-(. BareMetal resells the GeoTrust.com "True BusinessID" product.

Digital IDs are not cheap... (prices are in US dollars.) The Thawte certificates are currently (Dec 2002) $199 for the first year, and $159 per year after. Verisign Certificates are much more expensive being $349 for the first year and $249 per year afterward. We can sell the GeoTrust product for $150/yr.

Which is better? From an encryption point of view, they are all the same. Verisign has been around longer, so it's accepted by more of the older browsers as a valid certificate authority. GeoTrust is a newer player, with "only" 98% of the browsers in common use automatically recognizing their certificates (even Verisign and Thawte can't quite claim 100%, their original CA root certificates have expired, and very old browsers won't recognize their certs anymore.) [p.s. The GeoTrust QuickSSL ids are different, and not as widely recognized.]

If you are curious about digital IDs, your browser should show you a "locked" icon when you visit a secure page like https://swww.baremetal.com/baremetal/ . If you click on that icon it should show you the details of the digital ID.

Alternative:

The way around this is to put your pages under OUR digital ID. e.g Keep the secure areas of your site to a small number of pages and use a URL like https://secure.baremetal.com/yourcompany/page.html for those pages.

Handling Data Securely

OK, so the secure server software encrypts the data as it gets transfered from the visitors web browser to the server... now what?

Our recommendation is to use a program like PGP to encrypt sensitive data as soon as it's received. At that point you can either save the encrypted data to a file or mail it to yourself. The mail2 gadget understands how to combine templates and PGP.

Of course you can do whatever you like with the data. But it sort of defeats the purpose of using a secure server if you don't handle the data appropriately.

So, how do you PGP encrypt your data? Easy, the mail2 gadget will PGP encode the data between <PGP> ... </PGP> tags in any templates you use. ( PGP part of the mail2 docs. )

Or you if you don't want to use a template, you can use the pgpmail gadget, which behaves just like the old formmail gadget but change the action tag to be /ssl-bin/pgpmail ...



 
Home Page    Domain Registration Services    Web Services    Technical Support
About Baremetal    Privacy Statement    Billing Info    Charities
My Account    Legal Info    Search BareMetal

Copyright © 1996-2012, BareMetal.com Inc.
Last updated: Thursday, 28-May-2015 16:15:05 PDT
Last Accessed from: No-one!
Questions and comments to support@baremetal.com