cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PlusNet and SSL - again!

RayS
Dabbler
Posts: 24
Registered: ‎28-09-2007

PlusNet and SSL - again!

‎20-09-2008 5:22 PM

I know this had been batted around for some time, but the last response from a PlusNet staffer to the question seems to be aound December last year (from a search of the forum).
So here goes, are PlusNet planning to introduce SSL or shared certification to customers who may want to run a secure service in compliance of the PCI standard?
If so when at what charge?
Ray
Message 1 of 17
(5,159 Views)
0 Thanks
16 REPLIES 16
Ben_Brown
Grafter
Posts: 2,839
Registered: ‎13-06-2007

Re: PlusNet and SSL - again!

‎23-09-2008 11:12 AM

Due to the nature of SSL on a shared platform it's highly unlikely that we will ever offer this. I'm also not sure that any shared platform would be PCI compliant, but then I'm not an expert in PCI (though I do have some experience with it).
The easiest way to provide the sort of services that need PCI (purchases etc) is to not process payments yourself, use a third party like google checkout or paypal, then they need to worry about PCI, not you.
Message 2 of 17
(1,331 Views)
0 Thanks
RayS
Dabbler
Posts: 24
Registered: ‎28-09-2007

Re: PlusNet and SSL - again!

‎23-09-2008 4:47 PM

Hi Ben
Thanks for the reply.
I am planning to use the services of PayPal for the payment transaction process but I wanted a more secure area for the customer account details. I do use all the recomended security advice such as, changing the name od the admin location, rapidly changing strong passwords, inclusion of .htaccess files and altering the permissions, etc........., but the use of SSL would be the level I would feel comfortable with in protecting myself and others.
If it is possible for other hosting companies to provide the service why not PN?
Surely PN are not saying to customers we can't provide this so you should move to anothe ISP?
I'm only setting this up for a community/charity based affair so it is not so imperative as a business, small or otherwise, but I wonder if PN are not missing out here.
Maybe the business strategy guys need to look at it with the technical guys and see if they can offer a service that others are currently providing.
I don't particularly want to move ISP as I have always had good experiences with you but....
Ray
Message 3 of 17
(1,331 Views)
0 Thanks
chickendippers
Grafter
Posts: 58
Thanks: 2
Registered: ‎30-08-2008

Re: PlusNet and SSL - again!

‎24-09-2008 10:59 AM

If you're using PayPal to process payments then you don't need to be PCI compliment as you aren't handling credit card details.
Message 4 of 17
(1,331 Views)
0 Thanks
RayS
Dabbler
Posts: 24
Registered: ‎28-09-2007

Re: PlusNet and SSL - again!

‎24-09-2008 11:05 AM

Quote from: chickendippers
If you're using PayPal to process payments then you don't need to be PCI compliant as you aren't handling credit card details.

But if you're keeping people's contact details (names, addresses, etc.) then it is advisable, though not strictly necessary, to have those accessed through SSL.
Message 5 of 17
(1,331 Views)
0 Thanks
Ben_Brown
Grafter
Posts: 2,839
Registered: ‎13-06-2007

Re: PlusNet and SSL - again!

‎24-09-2008 1:50 PM

The main problem with that is that although the details will be accessed securely, they will still be stored on a shared backend, which I doubt the PCI people would be happy with.
Message 6 of 17
(1,331 Views)
0 Thanks
RayS
Dabbler
Posts: 24
Registered: ‎28-09-2007

Re: PlusNet and SSL - again!

‎24-09-2008 2:29 PM

Quote from: Ben
The main problem with that is that although the details will be accessed securely, they will still be stored on a shared backend, which I doubt the PCI people would be happy with.

As the cardholder details are not stored or processed on the site, just the shop account details (no financials involved), I think that e-commerce under a shared backend is acceptable.
The site below offers the service which indicates that each have their own certificate.
http://www.uksecurewebhosting.net/web_hosting_plans.php
Message 7 of 17
(1,331 Views)
0 Thanks
Ben_Brown
Grafter
Posts: 2,839
Registered: ‎13-06-2007

Re: PlusNet and SSL - again!

‎25-09-2008 9:43 AM

From our point of view the biggest problem of offering SSL to customers is that you can't use the "Host:" header in HTTP to direct traffic with SSL, as the SSL is established before the headers are sent. This means that to provide SSL for multiple customers you have to do one of the following:
* Have a separate IP per site. This is not practical for a large number of customers - IP addresses are a finite resource, and getting less and less easily available.
* Run each site on a different port. This is not desirable, as you could easily fall foul of corporate firewalls etc.
* Use one certificate and have one domain for everyone (like we offer for homepages, i.e. https://homepages.plus.net/<username>) - Doesn't look very professional.
Hosting companies like the one you have linked to tend to be smaller and more niche, or expensive, so they can afford to take the first option. The example you have provided is significantly more expensive than our current hosting platform allows.
Really one of the product guys would need to make the decision, it might be something we can do on our future platform, but with our current platform it's not feasible.
HTH
Message 8 of 17
(1,331 Views)
0 Thanks
MauriceC
Resting Legend
Posts: 4,085
Thanks: 929
Fixes: 17
Registered: ‎10-04-2007

Re: PlusNet and SSL - again!

‎25-09-2008 10:25 AM

Quote from: Ben

* Have a separate IP per site. This is not practical for a large number of customers - IP addresses are a finite resource, and getting less and less easily available.

Time for a planned move to IPv6 which removes this problem?
Maurice

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 9 of 17
(1,331 Views)
0 Thanks
RayS
Dabbler
Posts: 24
Registered: ‎28-09-2007

Re: PlusNet and SSL - again!

‎25-09-2008 12:27 PM

Quote from: Ben
Hosting companies like the one you have linked to tend to be smaller and more niche, or expensive, so they can afford to take the first option. The example you have provided is significantly more expensive than our current hosting platform allows.

But the cost is under £10 per month for all the webspace, SSL, CGI, PHPAdmin, multiple E-mails accounts, etc..., In comparison to PlusNet's offering it adds SSL into the lower price bracket service with greater product spread. I don't believe e-commerce can now be described as a niche market or the facility to host one. There are many companies offering the service in the UK who all have a different slant/cost to their service.
Quote from: Ben
Really one of the product guys would need to make the decision, it might be something we can do on our future platform, but with our current platform it's not feasible.

From a business point of view, especially anyone who wishes to sell online, PlusNet is currently not an attractive option and I do think your product guys need to look at this urgently as, instead of staying with PN which I want to, I may be forced to move if I want to have that facility to have an e-commerce site.
So maybe one of the product guys will step up to the line and answer?
Message 10 of 17
(1,331 Views)
0 Thanks
Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: PlusNet and SSL - again!

‎25-09-2008 12:40 PM

Quote from: MauriceC
Quote from: Ben

* Have a separate IP per site. This is not practical for a large number of customers - IP addresses are a finite resource, and getting less and less easily available.

Time for a planned move to IPv6 which removes this problem?
Maurice

...or at least delays it Wink
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 11 of 17
(1,331 Views)
0 Thanks
Not applicable

Re: PlusNet and SSL - again!

‎25-09-2008 12:46 PM

Delays it for long enough for it to now be a problem for any of us, or the next generations either.
Quote
In a different perspective, this is 252 addresses for every observable star in the known universe

Not short sighted enough to think its a permanent solution, but you have to concede its a fairly long term one!
http://en.wikipedia.org/wiki/IPv6
Message 12 of 17
(1,331 Views)
0 Thanks
Strat
Community Veteran
Posts: 31,320
Thanks: 1,609
Fixes: 565
Registered: ‎14-04-2007

Re: PlusNet and SSL - again!

‎25-09-2008 7:01 PM

Quote
"640k ought to be enough for anybody"
                          Attributed to Bill Gates in 1981.

I'm just a little wary of absolute statements in this technological world in which we immerse ourselves. Smiley
....but we digress and may incur the wrath of a mod Wink
Windows 10 Firefox 109.0 (64-bit)
To argue with someone who has renounced the use of reason is like administering medicine to the dead - Thomas Paine
Message 13 of 17
(1,331 Views)
0 Thanks
Midnight_Caller
Rising Star
Posts: 4,167
Thanks: 15
Fixes: 1
Registered: ‎15-04-2007

Re: PlusNet and SSL - again!

‎02-10-2008 2:43 AM

There is a nother resan for peepul to wont SSL to stop Phorm from scraping there web site, SSL will stop Phorm Ded!  Wink
Message 14 of 17
(1,331 Views)
0 Thanks
techguy
Grafter
Posts: 2,540
Registered: ‎12-09-2008

Re: PlusNet and SSL - again!

‎02-10-2008 10:17 AM

My understadning is that an IPv6 stack has been active on the vast majority of the root servers for some time now so the problem is related to old routing equipment I'd say.
As regards the comment about histing companies offering SSL cheap, part of the cause of IPv4 address shortage is because vast blocks were bought up but have been left unused so I reckon these firms are probably sitting on these
Message 15 of 17
(1,331 Views)
0 Thanks