Faceh,
I've looked into the Verisign certification for SSL (secure server) and it can be pretty expensive for small companies such as myself. Fxcolin's suggestion (above) is a good one as many larger ISPs offer this service, beware of that too. if you can justify it (ie payment and sensitive info) then you may want to bear the costs of getting the facility through your web host. However if you want to create a password protected site for subscription details, such as this, then employing UD's login and restrict access to page server behaviours on each of your pages should suffice, as the code doesn't reach the end user. 2 suggestions I have to offer for this route (which I use a lot as it is sooooo much cheaper than SSL
) are;
-try and put your database into an area of the site that could make it a little more difficult for hackers and spam spiders (programs that search for server-based databases and extract emails from them). ie If you have your database in the web root then move it to a folder called _databases or _private/db. This by default won't allow clients access to browse through your site, should they be inclined.
-avoid passing hidden values across form pages, escpecially if they use cookie values, this is a favorite route for naughty folk when they use on-line banking. The value can be modified or used by unscrupulous types to gain access to other users areas or details.
-You could also use the Windows Script Encoder from Microsoft ( a free download from
which, when run for a page that you have designed, encrypts the page content in such a way that may only be executed IIS 5.0 (and IE 5 or greater too, unfortunately)
So if you're not completely put off, give the above a go or contact
for more detials about SSL and digital certificates.
Have fun!
M
