Faculty Web Home
Web Account Info
Apply for an Account
support / Support
Adding Special Features
Code Validators
FAQ
Getting Assistance
Other Campus Resources
Training
Policies / Guidelines
UNLV Images
Templates


Office of Information Technology


Setting Up A Secure Web Page

If you plan to collect or convey sensitive information through your web pages, you should ensure that access to those pages is only available through a secure connection. Examples of sensitive information include grades, social security numbers, credit card numbers, phone numbers, and other types of private information. Any page on your www.unlv.edu site can be made secure by using https to call the page. Here is an example of a secure page on the Web Services site:

https://www.unlv.edu/depts/web/apply.html

Click on the link. Notice that your browser now indicates that the connection is secure by displaying "https" in the URL. Information submitted via this form will be encrypted.

Using the VeriSign Seal

UNLV's secure server ID is issued by VeriSign. If you would like to include the VeriSign seal on your web page as proof of your site's authenticity, include the following line of code in your web page where you want the seal to appear.
Tip: Remove any line breaks in the code when you insert it into your web page.

<script src=https://seal.verisign.com/getseal?
host_name=faculty.unlv.edu&size=S&use_flash=NO
&use_transparent=NO></script>

To view how the above code works, click on the seal below.

NOTE: Use of the seal is optional; it is not required to secure a web page.

Keeping Your Data Secure

Be careful how you handle information that you collect via a web form. The web session is encrypted; however, how you handle the information after it is submitted is critical. Under no circumstances should you use a cgi script that returns the form data to you in a standard email. Remember, email is sent as plain text over the Internet, and as such, is not safe from interception by third parties. Here are some alternative methods for handling your form data:

    1. Choose a cgi script that uses PGP encryption to process form data and send it to you in an encrypted email. You must then use appropriate software to decrypt the email after you receive it.

    2. Choose a script that will write the information to a file. Then use a secure SSH FTP program to download the file from the web server.

    3. Choose a script that will write the information to a file in database format. Then install a database script that will allow you to view the data on the Web via a secure connection. You can then print the Web page for your records.

CGI scripts are available from numerous websites. A good place to start is The CGI Resource Index. For more information on using cgi with your account, see our cgi page.

 

 

© 2006 University of Nevada, Las Vegas