Posted: Wed Oct 27, 2010 11:39 am Post subject: Need a genius
Hi, this is a bit complicated (for me at least). I'm noob in security.
I'm making a reseller website and on my website there are user Signup and Login links which will redirect the user to my wholesaler's form pages.
I can also place the forms on my own website and send the form values over to the wholesaler's php.
So basically, I will be just putting up a website and won't be collecting any user information on my database.
The issue is, the signup and login forms on the wholesaler's website are not secured. No SSL and no encryption.
Is it possible to put my own secure form pages with SSL or encryptions? I want to make my site more trustworthy and I think it's my responsibility to protect customers credentials as well.
But my feeling says that if I use SSL or encryptions on my form pages, the values must be decoded before they are sent to the wholesalers php, aren't they?
So do I need to set up a server on my hosting to receive the encrypted data, decode them, and transfer them to the wholesaler's website?
Is there any way that I can protect my customers from things like eavesdropping when they sign up for my website and I redirect the data to the wholesaler's part without having need to set up my own database? Or is it gonna make no difference because the wholesaler's form pages are not secured?
I'm completely lost here.
Geniuses please enlighten me.
If the end-point (wholesaler's site) is not encrypted, the data on their site will not be encrypted.
Question, when the wholesaler receives the information, where do they store the client data?
Regarding SSL forms. You can definitely setup SSL forms on your site. The theory behind SSL (more specifically PKI) is that if you encrypt information (client data) with private key, you can decrypt it with the public key; or vice versa. So if you can work with the wholesaler and implement your key on their server; it should be able to decrypt the needed information.
In an effort to make it easier, I would remove the forms from your site and replace them with links to your wholesaler's site. Then have the wholesaler agree to implement SSL for your client data on their website.
Thanks a lot for your answer.
I thought no one's going to answer this.
The wholesaler stores the client data in their database.
Yea, it's much easier if they implement their own SSL
but they're not going to do it soon.
So what I'm now trying to do is getting my website a SSL
and get signup data from my customers and pass the data
over to the 3rd party with cURL as some one told me to do this way.
I don't know how it's gonna work though.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Looking for more Windows Networking info?
Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing! View a sample newsletter.
Become a WindowsNetworking.com member!
Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!