How to create a secure online form

I have spent a great deal of time researching and preparing a secure site for a client.

We purchased the domain name, a Virtual Private Server and got an SSL Certificate from Entrust.

I created an online PERL Script to process the contents of the form.

I created a .htaccess file to force any script calls in the cgi-bin to be secure script calls. This is accomplished by forcing all cgi scripts from http to https.

http://yourwebsite.com/cgi-bin/yourscript.cgi to

https://yourwebsite.com/cgi-bin/yourscript.cgi

Sample .htaccess file below:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^(.*)?$ https://yoururl.com%{REQUEST_URI}

Next we tested the server settings to ensure that the certificate was configured correctly. Take note if you can not run this script either your server does not support PHP or something is not working with the install of your SSL Certificate.

http://yourwebsite.com/ssl_test.php – should display unsecure

https://yourwebsite.com/ssl_test.php – should display secure

<?php

//Save this script as:  ssl_test.php

//http://yourwebsite.com/ssl_test.php – should display unsecure

//https://yourwebsite.com/ssl_test.php – should display secure

if (isset($_SERVER['HTTPS']) )
{
echo “SECURE: This page is being accessed through a secure connection.

“;
}
else
{
echo “UNSECURE: This page is being access through an unsecure connection.

“;
}

// Create the keypair
$res=openssl_pkey_new();

// Get private key
openssl_pkey_export($res, $privatekey);

// Get public key
$publickey=openssl_pkey_get_details($res);
$publickey=$publickey["key"];

echo “Private Key:
$privatekey

Public Key:
$publickey

“;

$cleartext = ’1234 5678 9012 3456′;

echo “Clear text:
$cleartext

“;

openssl_public_encrypt($cleartext, $crypttext, $publickey);

echo “Crypt text:
$crypttext

“;

openssl_private_decrypt($crypttext, $decrypted, $privatekey);

echo “Decrypted text:
$decrypted

“;
?>

Since the form was created and parsed using PERL I needed to adjust the sendmail feature. If you use the standard sendmail, it is sent as nobody and is interrupted as spam by many mail servers. This requires you to send a authenticated email message, below is the PERL code to do just that:

#!/usr/bin/perl

use Mail::Sendmail;
use Net::SMTP::SSL;

$username = ‘your@email.com’;
$password = ‘yourpassword’;
$server = ‘smtp.sendmailserver.com’;

my %mail = (
From=> ‘your@email.com’,
To=> ‘client@email.com’,
#Cc=> ‘notneeded@email.com’,
# Cc will appear in the header. (Bcc will not)
Subject => ‘Authenticated Sendmail Test’,
‘X-Mailer’ => “Mail::Sendmail version $Mail::Sendmail::VERSION”,
);

$mail{Smtp} = Net::SMTP::SSL->new($server, Port=> 465, Debug=>1) or warn “$!\n”;
$mail{auth} = ($username,$password) or die “Can’t authenticate: $!\n”;
$mail{‘X-custom’} = ‘My custom additional header’;
$mail{Message} = “Authenticated Sendmail Test”;
# cheat on the date:
$mail{Date} = Mail::Sendmail::time_to_date( time() – 86400 );

print “Content-type: text/html\n\n”;
print <<”HTML”;
Authenticated Sendmail Test

HTML

TIP 1:  You may register your certificate as either:

https://yourdomain.com and/or

https://www.yourdomain.com

You may see this error message below if you attempt to access your SSL Certificate by not selecting the correctly registered SSL Certificate.  Below screenshot was taken using the FireFox Browser the message will look similar in different browsers.  Use this message as a warning that you are not accessing the SSL Certificate correctly, do not change any options available to you on this screen.

TIP 2: I was told by our hosting provider that everything was installed and configured properly including the SSL Certificate.  As it turns out that was not the case, I spend days researching to see if my PERL Script needed to be revised to work with the SSL Certificate and the script was just fine all along.

If your script works before the SSL is installed it should work after the SSL is installed.  You may need to do minor tweaks in the form for example:

<form action=https://location of your script>

As well, I have used several online sources to improve the security of the script.  I have implemented 27 tweaks for added security and recommended an additional 8 security standards.

Here are some links to assist you in building a secure online form:

• CGI – Security

• Securing your Cgi-bin used to improve script security.
• CGI Programming with Perl, 2nd Edition

I like to thank Michael Goodyear for his help along with other developers that provided some additional code.

All the best,

Kevin Brake
eLearningShow.com

Do we have any bilingual French and English Articulate Developers? If so, please respond with your contact information below.

Bilingual French and English Articulate Developers

I will be referring colleagues on a regular basis to this thread.  Feel free to add your name and URL along with samples of your work in the comments section below.

---

Update

I received interest in this project from two bilingual Articulate Developers.  One was able to complete a sample translation.  The translation project is on hold until the entire course is redone in English.

---

Instructions

1. Download the sample – click here to download
2. Translate three screens into French
3. Provide time estimate needed to complete your sample
4. Provide cost estimate to complete your sample
5. Please confirm your dialect of French would it be considered Quebec French, Atlantic Canadian French or Paris French?
6. Provide a time frame and cost estimate to complete all of Module 8
7. Total Slides 212
8. Total Words 8149
9. No special graphic or video requirements

Note:  Only realistic time frames and price ranges will be contacted to complete the project.

All the best,

Kevin Brake
eLearningShow.com

My response to how to create a on demand learning system

I have had great success using a wiki as a knowledge base or “Learning on Demand” system.

The wiki is a searchable database of all content and includes: videos, screen recordings, tables, charts, process flows and diagrams.

We use SharePoint to store all documents and these documents are embedded links found in the wiki pages.

Hope this information proves useful.

All the best,

Kevin Brake
eLearningShow.com

For more information visit:

http://www.linkedin.com/groupAnswers?viewQuestionAndAnswers=&discussionID=63187374&gid=1995461&trk=EML_anet_di_pst_ttle

My response to what the costs are of developing an e-learning course (say from very plain to very complex).

Costs of developing a basic eLearning Course:

If you have existing PowerPoint Presentations and want to convert them without the use of audio using Articulate.  You can be up and running very fast.  Since no voiceover work is required, little programming is needed the content can be up and running quickly.

It will be the cheapest solution, however depending on your solution provider the price point for the delivery of such a service could vary.

I have created another posting regarding the considerations for estimating eLearning Development costs here:

http://t.co/rJDDEou

…and this is another good document:

75 Tips to Reduce eLearning Costs – Free eBook Now Available
http://bit.ly/kiwzvz

 

All the best,

Kevin Brake
eLearningShow.com

My response to what is an LMS

Hi Monica,

re:  What is an LMS

An LMS is a Learning Management System to be used to manage the delivery of online training to participants.

Some popular providers include:

- Moodle (open source)
- Joomla
- TikiWiki (limited features)
- Microsoft (poorly rated)
- SharePoint (limited features)
- Articulate
- Blackboard
- Skillport

(If your LMS is not listed, please post a comment with the name and link of your LMS)
The quickest and easiest one for me to setup is Moodle.

Other LMS options do not charge a flat rate hosting fee.  The cost of LMS Hosting can vary based on the number of modules, file size of modules, number of courses, number of students, number of instructors, number of features, customization of features and so on.

The Moodle Open Source LMS is fairly easy to install.  It’s down side is if you are not a Moodle Expert and run into trouble it is hard to obtain quick realiable support.  This is normally the deciding factor between paying for an LMS or using an open source LMS like Moodle (quick product support).