Common Misconceptions About Secure Services
- SSL is for credit card purchases. - Although the submission of credit card information is one of the most popular uses of SSL, there is no special relationship between SSL and credit cards. SSL does not provide for credit card processing in any way; it merely encrypts data during transit.
- A secure certificate is required. - Our normal setup for SSL provides you with use of an area under https://ssl#.pair.com/ (or other pair URL), which uses our own certificate. Certificates are specific to a host name. If you need secure service under your own domain name, such as https://www.example.com/, you will need to purchase your own certificate from a certificate authority. pair Networks offers secure certificates through pairSSL.com.
- The secure server delivers encrypted data to your CGI script. - When data "comes out of" the secure server on the local side, it is unencrypted. As far as a CGI script can tell, there is no difference between secure and regular Web servers.
- Once the data has been delivered, it is "safe". - One of the most common mistakes is to take secure data and re-send it through e-mail, or even to store it unencrypted on the server. To provide a reasonable degree of security, secure data should immediately be re-encrypted as soon as it is received from the secure server. We realize that many, many sites, including large corporate sites, do not take these precautions. But do you want to give that to your customers as an excuse when their information gets stolen?