Printer Friendly Version
Email this thread to a friend
|
Low price! Nokia Mobile phone website for sale (In: I Want to Sell My Website)
Business Traffic Website for Cheap (In: I Want to Sell My Website)
Mobile phone website for cheap (In: I Want to Sell My Website)
Link Exchange Directory website for sale (In: I Want to Sell My Website)
Photo uploads image hosting website for sale (In: I Want to Sell My Website)
Featured Web Site Template |
|
Reflects user activity within the last 5 minutes
|
|
| Member |
Message |
hypnotized
Joined: Mar 26, 2005
# Posts: 4
|
Posted: 2005-Mar-26 19:12
I designed my 2nd website, but my first to be published. Could someone please discuss the pros and cons of whether or not to use HTML Encryption software, please. My biggest concern is the Order Form page for purchases. I noticed in the IE browser, it's simple to view the source code. I'm not so worried that someone is going to copy my source code and copy the whole site. (It's not some huge corporate site!) But I am concerned with someone viewing the source code on my Order Form page and being able to see the email address where all the orders are sent, WITH Credit Card numbers! Is it possible for someone to actually hack into that email account and gain access to those CC #'s WITHOUT the password to the email account?? This I'm worried about. If it's recommended that I install Encryption software, what particular software would be recommended to someone like me who has very limited knowledge of HTML. A copy and paste type HTML encryption process would be helpful. Thank you for your time. Tom
|
 |
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10418
|
Posted: 2005-Mar-26 19:33
Private data like the destination email address should be in the server-side part of the script or code, not anywhere on the visible HTML page. That way no-one can access it at all.
Credit card information filled in on a form on the site cannot be seen in the HTML source code, and cannot be seen by other visitors to the same page, but unless it is securely transmitted it could be intercepted on the way to you.
[ Message was edited by: JimBot 04/23/2005 12:39 pm ... Reason: Fixed typo ]
|
|
hypnotized
Joined: Mar 26, 2005
# Posts: 4
|
Posted: 2005-Mar-27 04:29
In the source code, I notice that the destination email address IS included in the code for the Order Form page, but NOT the login ID for that address and obviously not the password. So do you recommend installing encryption software for a small business site, or no?
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10418
|
Posted: 2005-Mar-27 08:11
No, not encryption of the page, just put the data in the back-end part of the script not in the visible HTML part.
|
|
Curt
Joined: Eons Ago
# Posts: 3735
|
Posted: 2005-Mar-27 08:42
hypnotized, as g1smd said, it's better to have the email address programmed into the script that handles the form submissions. This has nothing to do with encrypting the visible page and it's HTML. The script runs on the server and generally redirects to a thank-you page or generates a thank-you page. The submitter never sees any email address in the HTML code at all. You can make the CGI script reply with confirmation email from a different email address than where the order is sent. Knowledge of CGI programming is required to do this. PERL is the script language of choice to handle form submissions.
What you are using is some generic form handling script done in PERL (most likely script language). The problem with such scripts is that they need an email field designated within the form page so that the submitted information gets to your mailbox. It's made that way so anybody can use it. But it makes your email address visible and spam harvesters can easily extract the email address. The only way to hide your email address effectively is to program the PERL script to have the email address embedded within it. It's a simple edit for someone who knows PERL.
Besides that, HTML encryption can be decrypted rather easily because even the "encrypted looking" HTML can be decrypted rather simply by anyone who knows how.
For example:
is...
That was a simple so-called encryption that they speak of for HTML encryption. It's easy to decode.
|
|
hypnotized
Joined: Mar 26, 2005
# Posts: 4
|
Posted: 2005-Mar-28 20:54
I don't know PERL. How do I put the data in the back-end part of the script? Thanks.
|
|
Curt
Joined: Eons Ago
# Posts: 3735
|
Posted: 2005-Mar-29 04:46
Not knowing PERL is going to make it much more difficult. Perhaps you might want to hire a webmaster who can edit the PERL script. Just tell them what you want. They may charge $50 to do the job.
You may also get yourself a perl book, study it, and make practice scripts. Learn the basics of a mail form script. A temporary short cut to getting your script edited... do a search on topic of "tutorial mail form perl scripts." There's bound to be information on how to edit/program a mail form perl script.
How do I put the data in the back-end part of the script?
You'd edit lines that "may" look something like this:
The main line that you would edit in this instance would be:
The mail form may not use the same syntax. I don't know what you're using, but the mailing program commands I use look like the above.
|
|
hypnotized
Joined: Mar 26, 2005
# Posts: 4
|
Posted: 2005-Mar-30 00:29
I've already isolated the exact line in the HTML that has the email address in it. Isn't there a simple way of explaining to me how I can isolate this one line in the back end on the server side, or not? Is it much more complicated than that? I'd feel much more comfortable if it wasn't visible. Thanks.
|
|
Curt
Joined: Eons Ago
# Posts: 3735
|
Posted: 2005-Mar-30 02:53
If you're lost when it comes to perl, your options are to hire a perl programmer or find a friend willing to do it free of charge who can spend some time looking over your script and making the edit themselves for you. Another option: search for the answer to your question at your favorite search engine. It's not always easy finding the answer.
The email field in the HTML page needs to be removed if you want your email address to remain hidden (which is best for a few reasons).
Making the change in the perl script is very easy for the person who knows something about perl (at least somewhat familiar with it). In my examples in the above post, that's what you look for in the perl script. They probably won't look exactly like that, but have similar format. There's another email method too. If it uses that method, it will look different--sorry don't remember it off-hand at the moment.
Perhaps (if the script isn't too large) you can post the script here and someone can give it a quick look.
|
|
raphaelp
Joined: Apr 21, 2005
# Posts: 5
|
Posted: 2005-Apr-22 02:06
Hi,
You do not necessarily have to use a Perl script (or any other server-side language for that matter). You can easily rely on a third-party service to do the form processing for you. I run a service like that, which can also provide SSL and data encryption. The configuration works through a web interface and your e-mail address is never visible.
Here is a third-party listing of the most common remotely hosted form processing services. Mine is called 'Whiz-Mail'.
cgi.resourceindex.com/Remotely_Hosted/Form_Processing
Hope this helps.
Best regards,
Raphael Pirker
[ Message was edited by: bhartzer 06/08/2005 01:12 pm ]
|
|
blockhtml
Joined: Jun 06, 2005
# Posts: 1
|
Posted: 2005-Jun-06 23:39
HTMl Encryption! Is what you need so here it is and how do do it
first download this website plugin
((url removed))
once installed goto this preview page and make sure all work and you can Encrypt your HTML
((url removed))
Please note: If you dont install the plugin on your computer the page above will NOT work.
So there you go if you get the code post it coz I know you will not its the best HTML Encryption Tool I found on the Net AS IT WORKS!
[ Message was edited by: bhartzer 06/08/2005 01:14 pm ]
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10418
|
Posted: 2005-Jun-08 03:25
HTML encryption will hide your pages from search engines. They will not index your site.
HTML encryption will stop your pages working in some browsers.
|
|
Prowler
Staff
Joined: Aug 14, 2000
# Posts: 1788
|
Posted: 2005-Jun-08 04:59
hypnotized - I am confused. Obviously you collect payment from your site using credit cards. The risks associated with the sensitive information landing up in the wrong hands are very real. Why not use third party 'collection' agents like Paypal to start with? It obviates the need for securing the site or encrypting your HTML.
|
|
You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
- You have not yet logged in, or registered properly as a member
- You are a member, but no longer have posting rights.
- This is a private forum, for which you do not have permissions.
If you are a recent member, it's possible that you simply have not yet confirmed your account. Please
check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions
contained within.
If you cannot find this message, click here to Re-Send it.
|
If you are still experiencing problem, please read the
Login Assistance
Article for some advice on what may be causing your login not to work properly.
|
Switch to Advanced Editor and ...
Create a New Topic
or Reply to this Thread
|
|
Inbox
