How do I create a Secured Site?

[drofdarb]

I created an MS Access database, generated an output report in html, then ftp'd it to a website. When I access the website in Internet Explorer, I get the following message:

Data Access Pages has detected that your IE security settings will not allow you to access data from a site considered to be insecure.

In order to access the data contained within the Data Access Page, you need to:

1. Start IE
2. Choose Internet Options from the Tools menu
3. Click on the "Security" Tab
4. Click on the "Trusted Sites" icon
5. Click on the "Sites..." button
6. Uncheck the "Require server verification (https) for all sites in the zone" checkbox
7. Add "http://www.carsndrivers.com/P-carsseekingdrivers.htm" as a trusted server
8. OK the dialog
9. Try to open the Data Access Page

If you still cannot access the data, it is possible that one of the following problems exist.
You do not have security permissions to the server on which the data resides.
You do not have security permissions to the data referenced in the mail.
You should check with the Data Access Page owner to determine if you need other permissions.

I don't want to change my security settings; I want to make the page available to anyone. Seems like I need to publish the website as a secured site (https instead of http) and want to try this. How do I do this using ftp? You don't need to go into great detail; just point me in the right direction.
thanks...fab

To make a web page available asa secure page (using https), you do not have to upload it to a separate location. Instead, you can view any page that you've loaded to your webspace, securely, using our server-wide secure certificate, and the following notation:

https://servername/~username/page.html

So for example, let's say your account is on the aqua.serverstoday.com server, and the username of your account is 'fabuser', and the page you want to view securely is 'order.html', then you would enter:

https://aqua.serverstoday.com/~fabuser/order.html

I hope that helps.

Regards,

[drofdarb]

Thanks Rob, I understand what you say and it does help.

However, I don't understand what security is provided by this method. A viewer can access my site by either:

https://cyan.serverstoday.com/~cars (securely)
or
http://cyan.serverstoday.com/~cars (unsecurely)

The actual site address is:

http://carsndrivers.com
or
http://www.carsndrivers.com

(1) If I publish a link to my site I would want to use my real domain name (www.carsndrivers.com), not the other, unrelated one (cyan.serverstoday.com/~cars). My domain name is easier to remember and to type. I also want to promote and reinforce my own domain name as much as possible. Using the other name "un-promotes" my domain name and only creates more confusion for viewers.

(2) I don't understand what security is provided when I give a secure link to my site, but a viewer can simply use an alternate address and bypass the security.

I'm just musing out loud. You don't need to respond to this, unless you see something I'm obviously misunderstanding and can get me on the right track. I will go read what I can on security and try to get a better understanding.
Thanks...fab

The only way to use the free server-wide SSL certificate is with the cyan.serverstoday.com method I mentioned above. If you want to be able to use https://carsndrivers.com, then you have to buy your own certificate for your domain, and we can install it on our server for you. We sell them for $149 per year.... or you can buy one directly from Geotrust if you like.

However.... many customer's take advantage of our free SSL like this: Typically they'll hide the relatively long address in a clickable button or link on their website.... i.e. "click here to go to our secure order page".... or something like that. The actual address will still show up in the address bar of the visitor's browser, but at least they don't have to type it out.... and you don't have to publish it. As long as all your links on your order page (if that's the page you want to be secure) are "absolute" and not "relative", they'll be able to click back out to a non secure page.

I hope that helps

Rob.

[PitRow]

To answer point number 2, the security is that when you use the https protocol instead of http the data transmitted between the server and the browser is encrypted so that third parties or sniffers, snoops, etc. can not read what is being sent. In a normal http connection all data is transfered as plain ascii text. Anyone with the knowledge can grab the TCP/IP packets and read whatever data is contained in it (Credit card numbers, passwords, etc.) think of it as someone tapping your phone line. They can hear what is being "said" between the server and the user. When you use the https connection the data is still sent as ascii text, but the text is encrypted so that if anyone grabs the packets and tries to figure out what is in them, all they will see is gobbledy-gook.

You would use the https connection when you need to get or send sensitive information to or from a web-browser. Say the checkout page of a shopping cart because people enter their credit card number, or on a page that displays your bank statement, things of that nature.

Hope that clears it up a little for ya.