From owner-freebsd-isp  Mon Jul  6 20:08:29 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA04691
          for freebsd-isp-outgoing; Mon, 6 Jul 1998 20:08:29 -0700 (PDT)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from Radford.i-Plus.net (root@Radford.i-Plus.net [208.24.67.15])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA04622
          for <freebsd-isp@FreeBSD.ORG>; Mon, 6 Jul 1998 20:08:14 -0700 (PDT)
          (envelope-from rewt@i-Plus.net)
Received: from Radford.i-Plus.net (rewt@Radford.i-Plus.net [208.24.67.15])
	by Radford.i-Plus.net (8.8.8/8.8.5) with SMTP id XAA29686;
	Mon, 6 Jul 1998 23:08:01 -0400 (EDT)
Date: Mon, 6 Jul 1998 23:08:01 -0400 (EDT)
From: Troy Settle <rewt@i-Plus.net>
To: Omar Thameen <omar@clifford.inch.com>
cc: freebsd-isp@FreeBSD.ORG
Subject: Re: setting up a secure webserver service
In-Reply-To: <19980706171055.A3430@clifford.inch.com>
Message-ID: <Pine.BSF.3.96.980706225050.24808B-100000@Radford.i-Plus.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 6 Jul 1998, Omar Thameen wrote:

> How do most companies (like webfarms) handle setting up clients with
> secure web servers?  We'd like to offer one level of service where they
> use our key (for say, secure.ourdomain.com).  What's not clear is how
> the different client accounts are handled on the secure server.

I am in the process of setting up this same thing, and as a cost saving
device, I am also opting for using a single cert for all secure
transactions.

> Do generic solutions like this usually offer cgi-bin access for the
> client's transaction software (if so, how?), or do you provide a default
> set of scripts for everyone to use?

What I'm planning, is to skip the cgi-bin route, and just use php or a
handler for .cgi files (you can do some funky things with the URI with
mod_rewrite).  I think at this time, all scripting will be done on a
per-user basis.  Of course, this may change as we grow.
 
> How is access to their data normally handled, via a secure http connection
> with a password-protected directory?  Or is it via custom scripts?

I'd say both.  I think the most secure way to give customers a list of
transactions would be through the server itself, or just process all
transactions automatically with an online processor, report summary
information back to the customer (fax, email, cgi), and take the
processing fee + 2% for yourself :)

I'm open to anyone willing to point out any holes in this scheme.


--
  Troy Settle <st@i-Plus.net>
  Network Administrator, iPlus Internet Services
  http://www.i-Plus.net


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message