I just knew this is self-sign certification. Our web server has a SSL. My supervisor want me to write code for the security of the connection from web server to sql server. Later he told me that we need self-sign certifcaiton. I am a programmer, i believe need a code certification. If possible, can you introdue me more as i have no idea about it. Another question, do i need to write code or just buy a certificate?
Let me explain this. I have web form need to be secue that is implement using coldfusion. When send the form it will call sql server to process. I use datasource. By creating the datasource, i logon as coldfusion administrator and create a datasource there. In my source code, i just use the datasource. He would like everthing to be secu. He bought ssl certifice for our website. So we are going to put the web form to the secu server. He also tell me that we need to have secue connection from our web server to sql server. He said i need to do programming for 128 bits connections from web server to sql server. But i told him. I couldn't find it. Later he told me that i need to create self-signed certifate. I have no idea about it. So do you have any idea about what i need. What is self-sign certificate for? I check the Signing is for a VBA Project. This is for VB project. But we have web page using coldfusion. I check X.509 Technical Supplement, is this programming? Or i need to buy certificate.
Thank you very much!
I'm making some assumptions in the following discussion that YOU have got to confirm are correct.
If you can do everything the customer needs in Cold Fusion HTTPS protected pages, and you can secure everything from the server hosting your Cold Fusion pages to your database, you are home free on this one.
The back end, from the server hosting your Cold Fusion page(s) to your database should be 100% under your control. Everything should be easy to handle for this part, since it should all be your equipment or under control of people that you trust.
The pieces of the front end that you can control (the web pages) would be protected by HTTPS from the page itself to the ColdFusion server. This is 128 bit security, and covers everything that you can protect. Note that this does not (and can not) cover everything, since MalWare that includes a keystroke logger (which is often found on publically accessible machines in places like libraries, Internet Cafes, etc) could still compromise the security, but that is a client machine problem that you can't control.
If you can control the backend directly, and can protect the Cold Fusion pages with HTTPS, I think you are "good to go" with 128 bit security from the client browser to the database!
i haven't used coldfusion with https myself, but what pat outlines is completely accurate, the security is provided by your browser, so if the web page is talking successfully to the coldfusion server via https, you're fine
Thank you for all your help. I still have a question about Pat’s answer and i want to make sure i understand what you said.
Our coldfusion page is using Https://. I think this is satisfied the first condition (
If you can do everything the customer needs in Cold Fusion HTTPS protected pages, )
Now i need the second conditon to make everything is secue. That is (
and you can secure everything from the server hosting your Cold Fusion pages to your database)
you said "The back end, from the server hosting your Cold Fusion page(s) to your database should be 100% under your control. Everything should be easy to handle for this part, since it should all be your equipment or under control of people that you trust."
I do not quite understand this step. How can I control the back end? Can you explain to me a little bit?
I create a login account in sql server for my webpage. Then in my coldfusion page i use datasource by using this login account. Is this the way i control the security connection from web server to database?
Also our sql server is behind the firewall. But our web server is outside the firewall.
You also said “If you can control the backend directly, and can protect the Cold Fusion pages with HTTPS, I think you are "good to go" with 128 bit security from the client browser to the database!”. That means I still need to control the backend. How can I control?
I have question for r937’s answer. What you mean is if i use https:// in my coldfusion page. Then i don’t need to do anything as it is already secue. Am I right?
I don't need self-signed certificate.
I just want to make sure i understand what you said.
You have to "step back" from the problem a bit to understand what you can protect, and what you can't... That makes things complex, since you need to look at so many pieces.
You probably have physical control over your database server, any application server(s), and web server(s) for your application. By this I mean that either you actually have them "in house" where you or your employees control them, or you have contracted a trusted third party to manage them for you. As long as that is the case, you have the "backend" under your control, and you can secure it any way that suits you. One of the best alternatives is to prevent any form of public access to data flowing across your back end, although using 128 bit (or greater) security would be just as good in this example.
Your clients are probably using web browsers, on machines that either those clients or other parties (such as an Internet Cafe, a public library, or even a client's employer) owns. By using HTTPS, you can secure everything from the browser application to your web server with 128 bit security.
With only a few exceptions (such as the country of France which forbids the use of more than 56 bit security), this allows you to provide at least 128 bit security from the web browser application to the database on your disk.
Note that this leaves open the possibility of things such as MalWare that could put keystroke loggers between the client machine's keyboard and the browser. This MalWare would make all of your security meaningless, since the data entered by the user would be intercepted before you/your software could even know that there was an issue! This is a problem that no one can solve, since it lies outside the scope of what you have the ability to protect... If the client machine has been compromised, there is no effective defense.
Thanks pat. i learn that. Now i have another question need your help. Our coldfusion server reside on our webserver. We have server websites in IIS. If i use ssl on one of our website this in IIS. Can i use https:// for coldfusion page? I believe only the website that has SSL can use Http://. How about my coldfusion page? Do i have to have SSL on our coldfusion server? Or can i point the page to coldfusion server in one of our website (IIS)?
sorry, i am not an administrator, and i do not have any experience with servers or connectivity (the "point to" part is the part i would have trouble with), and i actually haven't used HTTPS myself, either