Ecommerce Hosting Security

A Home Business Article Contributed by Sharon Hill

Ecommerce Hosting and Security

If you're going to go to the trouble of setting up a web site and engaging the services of an ecommerce host you'll need to think about security and put some serious steps into place to protect your site as well as your computer system.

Most ecommerce hosting servers offer their own security. At its most basic server security is a password-protected page. Only those who know the password are allowed access to the site and/or page; and, the server knows the names and and IPs of all those who have the password.

Encryption for Ecommerce Hosting and Security

More advanced ecommerce host security offers encryption, most commonly used for sites that store sensitive information - such as social security numbers, bank account data and so forth. Encryption is like a code that needs a key to be broken. Early cryptography (cracking codes) was about humans creating codes and humans using trial and error methods to crack the codes. Nowadays no one using human created codes because any semi-sophisticated computer system can crack it with little trouble or time.

There are two types of ecommerce encryption that your host uses:

1. Symmetric Key Encryption - This coding method is computer specific. It is set up for your computer to talk to one specific computer. that computer has the key to unlock the code. No one else has the key.

2. Public Key Encryption - This ecommerce coding method by your host uses a process that is a combination of both a private code and a public code. Your computer is the only one that has the key for the private code, while any computer that wants to talk to yours can get the key for the public code.

Sheer Ecommerce Hosting Volumes Creating Certification Needs

Your ecommerce host web server, who is typically hosting hundreds, if not thousands of ecommerce sites, needs to do things a little differently when using a public key. Volume creates the necessity for a different approach. An ecommerce host that acts as a web server needs to acquire a digital certificate. This is kind of like getting a letter of recommendation or reference - "I'm reputable. You can trust me with your key. See how these others attest to that fact."

These letters of reference, these digital certificates, are provided by a certificate authority - someone both computers know and trust. What this certificate authority does is vouch for each computer to the other and then gets each computer's okay to divulge the public key to the other. Thawte, for example, is the second largest certificate authority world wide and the first to sell digital certificates outside the United States (to Spain.)

It offers personal email certificates at no charge while its larger web server certificates run as low as $149 annually for a 128-bit encryption to as high as $968 a year for Internet payment processing certificates (considerably more sophisticated encryption necessary here.)

Basically what Thawte and other certificate authorities do is check id - kind of like acting like a notary public.