Rich
03-27-1999, 01:30 AM
Since setting up a web site for e-commerce means publishing pages for use with a Secure Socket Layer (SSL) server, I thought I would list here some tips for publishing SSL-compatible pages.
While it may still be a little while before the SSL servers are ready for production use, now is a good time to begin developing the content so you'll be not only "rarin' to go" but also "ready to go."
I'm sure others can add even better ideas to this list of tips, but here some I have found useful:
(1) Plan in advance the content you want located in the secure area and the content you want in you "regular" (i.e., non-secure) area. Remember that the https protocol is a lot slower than the http protocol so you want to have the minimum content required in the secure area.
(2) Turn ON all secure messaging that your browser allows. Browsers will indicate: when you are entering a secure area, when you are leaving a secure area, as well as when a page is or is not secure. As a USER, it is sometimes convenient to turn some of these messages off. However, as a PUBLISHER, you want these turned on to alert you when your pages may not be designed correctly.
(3) Make sure everything included on a page is also contained in the secure area. If just one tiny little .gif is referenced from a non-secure area, the security will be "broken." Sometimes the user will be shown a message indicating that this is happening and given a choice of accepting or rejecting the page. If accepted, the page will still be shown but without SSL enabled.
(4) If you use a publishing package like HomeSite or FrontPage, etc., setup your secure pages as a separate web site and publish them separately from the "regular" pages. Many of these packages include the ability to "check links" and you will find this invaluable for making sure all the content is referenced correctly.
(5) Avoid any href links on your secure pages that link to "regular" pages until the secure task at hand has been completed. You'll want to do this because every time the users attempt to exit the secure area, they will be shown a message indicating that they are leaving (unless they have turned this off). You want to design your secure pages so that the user enters the secure area, gets the secure stuff done, and then exits the secure area. Pay attention to the secure sites you visit and I think you'll get an idea of what I'm talking about here as you observe those that do this well and others that do not.
(6) Keep your secure pages small (in total size), short, simple, and small. Did I mention small? Reduce graphics to a minimum, and preferably, do not use graphics at all. Because https is so much slower than http you want to keep your pages clean, simple, and, oh yes, small.
I hope these ideas help those that may be getting ready to setup secure e-commerce areas.
Rich Shockney
RS Marketing
http://www.rsmarketing.com
While it may still be a little while before the SSL servers are ready for production use, now is a good time to begin developing the content so you'll be not only "rarin' to go" but also "ready to go."
I'm sure others can add even better ideas to this list of tips, but here some I have found useful:
(1) Plan in advance the content you want located in the secure area and the content you want in you "regular" (i.e., non-secure) area. Remember that the https protocol is a lot slower than the http protocol so you want to have the minimum content required in the secure area.
(2) Turn ON all secure messaging that your browser allows. Browsers will indicate: when you are entering a secure area, when you are leaving a secure area, as well as when a page is or is not secure. As a USER, it is sometimes convenient to turn some of these messages off. However, as a PUBLISHER, you want these turned on to alert you when your pages may not be designed correctly.
(3) Make sure everything included on a page is also contained in the secure area. If just one tiny little .gif is referenced from a non-secure area, the security will be "broken." Sometimes the user will be shown a message indicating that this is happening and given a choice of accepting or rejecting the page. If accepted, the page will still be shown but without SSL enabled.
(4) If you use a publishing package like HomeSite or FrontPage, etc., setup your secure pages as a separate web site and publish them separately from the "regular" pages. Many of these packages include the ability to "check links" and you will find this invaluable for making sure all the content is referenced correctly.
(5) Avoid any href links on your secure pages that link to "regular" pages until the secure task at hand has been completed. You'll want to do this because every time the users attempt to exit the secure area, they will be shown a message indicating that they are leaving (unless they have turned this off). You want to design your secure pages so that the user enters the secure area, gets the secure stuff done, and then exits the secure area. Pay attention to the secure sites you visit and I think you'll get an idea of what I'm talking about here as you observe those that do this well and others that do not.
(6) Keep your secure pages small (in total size), short, simple, and small. Did I mention small? Reduce graphics to a minimum, and preferably, do not use graphics at all. Because https is so much slower than http you want to keep your pages clean, simple, and, oh yes, small.
I hope these ideas help those that may be getting ready to setup secure e-commerce areas.
Rich Shockney
RS Marketing
http://www.rsmarketing.com