Secure FTP on Windows?

Forum Moderators: phranque

Message Too Old, No Replies

Secure FTP on Windows?

kjs50

2:29 am on Mar 6, 2003 (gmt 0)

Hello,

I have an .asp based shopping cart that runs off an MS Access database.

I am trying to figure out a solution to make sure everything will be secure properly.

I have everything set for https when the user processes the credit cart, etc...

The part I am worried about is the backend. My host does not offer secure ftp and I cannot find a single windows based host that does. How do other people with a similar setup manage this?

If it is not possible to use Secure FTP I will delete the credit cards before downloading. But I am still worried about the customer names and other data being intercepted.

Thanks.

lorax

2:43 am on Mar 6, 2003 (gmt 0)

A simple solution - providing you're handling a relatively small number of transactions - is to write an Administrative interface. Secure this with Uname/Pwd and then HTTPS. Use the interface to view the transaction details.

I personally don't download the CC info. The transactions are all processed automatically and all I download is a file formatted for use in Quickbooks that has the customer info and the transaction info (sans CC). The CC data remains in the db only for a short while but is encrypted as are all of the customer records.

kjs50

3:30 am on Mar 6, 2003 (gmt 0)

Yeah, I guess that makes the most sense, to not move the db around. The only reason I wanted to do that was so I could make changes and test locally on my own computer. Then I can just upload the changes to the live site.

It's easier to test locally because I am using Dreamweaver to setup my pages. Perhaps I should just create a test directory on my live site.

lorax

2:04 pm on Mar 6, 2003 (gmt 0)

Testing locally is a smart idea. If you can't do this then testing on your server is next. Create dupe files with different names. You may even want to use duplicate tables within the db for testing purposes.

As an aside, I'd encourage you to think about upgrading to MySQL or other more robust database. MS Access was never meant to be used as a web based database.

kjs50

4:01 pm on Mar 6, 2003 (gmt 0)

When I test locally, I shouldn't be using a copy of the actual database with real records then right? Becasue then I would have to transfer this back up to the live site unsecureley.

And, the reason I am using Access is that I am not generating any dynamic pages out of it. My front end is static html. The Access part is being used only as the shopping cart engine. So, at any given time, I may only have 2-3 people in the cart area.

The other alternative is to use SQL Server and from all the research I did, it seemed alright to be using Access for now. Your thoughts?

lorax

4:48 pm on Mar 6, 2003 (gmt 0)

Test locally with a foo database. All you really need to do is to verify your code inserts, edits, deletes, and reads what's in the database. The db is nothing more than a container.

MS Access for the level of use you're talking about should be fine.