David_Wallis

I need to write some scripts for a mate to pull info in from some forms... nothing too major, but I am a Windows person... he uses IPlanet on Solaris... How can I make the web pages secure... ie https.... and i know how to get the info off the page with a cgi and then send it using sendmail but are there any better ways.. also there will be three pages and a next button on each.. how can I combine all this into one send mail? Im not that hot with cgi's damn not having ASP...

David

krankyd

In I-planet, it's easy to secure pages.

Just fire up the admin web page (run $install_dir/https-admserv/start) and then surf to the admin page. Select the server to manage, and then on the left side click on server preferences. There should be a setting for security.. Just apply the change, then re-start the webserver..

Not too sure about the CGI stuff though, I thought it was quite generic??

David_Wallis

is it pretty simple to make just one part of the site secure though?? Is it straight forward??

Unix is beyond me...

David

stevencotton

Before you enable SSL you'll need to make sure there's a certificate present, I don't know if IPlanet generates its own upon installation, you'll get some form of error if they're not present though.

The CGI part is simple but remember HTTP is stateless, so if you have 3 forms on different pages you'll need to store the content from the previous page(s) somewhere on the server side. This means using either cookies (with an MD5 hash storing session data, generated with a unique key and the IP address of the client) or munged URIs containing the same, as you need to know which client requires which pages for post-processing. The alternative is to populate some hidden variables in each successive page containing the data the client previously posted.

Steve.

David_Wallis

think three emails is the easiest way... or maybe the hidden things... How do I generate a certificate... would this mean that the user has to accept..??

David

michael_clarkson

Via the iPlanet Admin console, you can can generate a certificate signing request (CSR). You will then need to use this to either generate you own selfsigned certificate, which you the server will use to enable SSL or you can send this CSR to a Third party Certificate Auth such as Verisign, Thawte etc. this option will cost you money and you will have to produce evidence so that the CA can determine you are the legitmate owner of the site/domain.

If you opt to use a self signed cert, it will of course be free and need no checking - however the user will be warned and prompted to accept the certificate when they try to access any pages over SSL as the cert will not be in the browser trusted cert DB.

If you really want to use ASP then take a look at Chillisof
t for Solaris. Alternatively use PHP.

Michael

David_Wallis

Cheers..

David