• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Need a genius

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions

View previous topic :: View next topic  
Author Message
hotdog1983
Just Arrived
Just Arrived


Joined: 27 Oct 2010
Posts: 0


Offline

PostPosted: Wed Oct 27, 2010 11:39 am    Post subject: Need a genius Reply with quote

Hi, this is a bit complicated (for me at least). I'm noob in security.

I'm making a reseller website and on my website there are user Signup and Login links which will redirect the user to my wholesaler's form pages.

I can also place the forms on my own website and send the form values over to the wholesaler's php.

So basically, I will be just putting up a website and won't be collecting any user information on my database.

The issue is, the signup and login forms on the wholesaler's website are not secured. No SSL and no encryption.

Is it possible to put my own secure form pages with SSL or encryptions? I want to make my site more trustworthy and I think it's my responsibility to protect customers credentials as well.

But my feeling says that if I use SSL or encryptions on my form pages, the values must be decoded before they are sent to the wholesalers php, aren't they?

So do I need to set up a server on my hosting to receive the encrypted data, decode them, and transfer them to the wholesaler's website?

Is there any way that I can protect my customers from things like eavesdropping when they sign up for my website and I redirect the data to the wholesaler's part without having need to set up my own database? Or is it gonna make no difference because the wholesaler's form pages are not secured?

I'm completely lost here.
Geniuses please enlighten me.
Back to top
View user's profile Send private message
CoreDefend
Forum Fanatic
Forum Fanatic


Joined: 25 May 2010
Posts: 16777215
Location: USA

Offline

PostPosted: Fri Nov 05, 2010 6:31 pm    Post subject: Reply with quote

If the end-point (wholesaler's site) is not encrypted, the data on their site will not be encrypted.

Question, when the wholesaler receives the information, where do they store the client data?

Regarding SSL forms. You can definitely setup SSL forms on your site. The theory behind SSL (more specifically PKI) is that if you encrypt information (client data) with private key, you can decrypt it with the public key; or vice versa. So if you can work with the wholesaler and implement your key on their server; it should be able to decrypt the needed information.

In an effort to make it easier, I would remove the forms from your site and replace them with links to your wholesaler's site. Then have the wholesaler agree to implement SSL for your client data on their website.
Back to top
View user's profile Send private message Visit poster's website
hotdog1983
Just Arrived
Just Arrived


Joined: 27 Oct 2010
Posts: 0


Offline

PostPosted: Fri Nov 26, 2010 11:59 am    Post subject: Reply with quote

Thanks a lot for your answer.
I thought no one's going to answer this.

The wholesaler stores the client data in their database.
Yea, it's much easier if they implement their own SSL
but they're not going to do it soon.
So what I'm now trying to do is getting my website a SSL
and get signup data from my customers and pass the data
over to the 3rd party with cURL as some one told me to do this way.
I don't know how it's gonna work though.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Beginners // Misc. Computer Questions All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter