Securing Web Applications in the Real World


The perception by users that your Web site is secure is almost as important as actually securing it. Here are some basic principles for securing Web sites:

  • Use SSL and https for all sensitive data that users submit.

  • Allow users to browse your site anonymously, and require users to log in with a password before making a purchase or displaying any personal information. This helps prevent someone who has unauthorized access to a user’s machine from accessing private information stored in your system.

  • Handle credit card and payment information sensitively. Ask users for permission before storing credit card information for return visits. If your site confirms credit card information, it might be sufficient to show only the last four digits of the credit card. This is enough for users to confirm your site is using the right card, without needlessly passing around the complete information.

  • Don’t require people to enter more information than they’re comfortable giving. For example, if they’re downloading trial software, do you really need to collect their phone number and other personal information?

  • Use unsolicited e-mail sparingly. Many people regard any form of unsolicited e-mail as spam, no matter how valuable you think the information is. Receiving unsolicited e-mail will make them wary of your site.

  • Protect people’s privacy. Formulate a privacy policy, display it on your site, and make sure you adhere to it.




Security for Microsoft Visual Basic  .NET
Security for Microsoft Visual Basic .NET
ISBN: 735619190
EAN: N/A
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net