FP Forms & SSL

Mr B · Nov 13, 2003

Howdy,

Our website recently got setup with an SSL Certificate so we can submit Credit Card information
through online forms and have it secure. What is the best way to use FP 2002 to create a form to
handle this information and keep is as secure as possible?

Normally we juset setup the form and use either email or a CSV file to handle the results. But I'm
not sure if that's totally secure even with the site being on an Https type setup. Is it safer to
put the results in a Database via the DRW or is there some other way to keep everyting nice and
secure?

Looking for any tips or tricks or best practices.

Thanks!!

Thomas A. Rowe · Nov 13, 2003

The only way to have it secure it to accept the cc info via https, then send
via secure email (pgp-you and your host must install this) or store the cc
temporarily in a database, then retrieve the orders via https with your
browser.

This is where a good shopping cart application comes in play since they are
design to handle security of credit card data, etc.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================

Mr B · Nov 13, 2003

I may be able to incorporate this into our store but if not, d I need to do anything special when
setting up the Database to make it more secure if I set it up within FP? Password it, put it in a
special folder, etc?

THanks.

Thomas A. Rowe · Nov 13, 2003

One approach, if allowed by your host is to store the database outside of
the root of your web with same permissions that FP would implement on the
fpdb folder. FP will still create the fpdb folder, within your rootweb if
use FP to create the database connection, however if you do this, do not
delete the fpdb folder.

How will you be processing your credit cards, manually or in real-time.
Real-time is the most secure, since there is no need to store the credit
card info, and all you need to process the order is the approval from the
credit card gateway, as you will have stored the customer info or sent the
order info to an email address without any credit card info,
--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================

Mr B said:
I may be able to incorporate this into our store but if not, d I need to do anything special when
setting up the Database to make it more secure if I set it up within FP? Password it, put it in a
special folder, etc?

THanks.

Mr B · Nov 14, 2003

We are using the CandyPress store and are looking at a way to encorporate this into the store to not
have to worry about it. Only problem is there's some manual verification we have to do on the order
before it's processed, which is why we were going to just store the information and then go process
it later.

Thomas A. Rowe · Nov 14, 2003

CandyPress should allow you to accept the credit card info securely for
manual processing by accessing the database via https and a login.

--

==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, Forums, WebCircle,
MS KB Quick Links, etc.
==============================================

Mr B said:
We are using the CandyPress store and are looking at a way to encorporate this into the store to not
have to worry about it. Only problem is there's some manual verification we have to do on the order
before it's processed, which is why we were going to just store the

information and then go process

it later.