UNLV Web Comm

Secure Webpages

About Secure Webpages
If you plan to collect sensitive information through a web form, you should protect the user's privacy by accessing the page through our secure server. Examples of sensitive information include:

• Grades
• Home addresses
• Phone numbers
• Other types of sensitive information

NOTE: Do not collect credit card numbers or Social Security Numbers via the web server. Although the user session would be encrypted, the information would not be secure once it was saved to the web server. Please use the services of a third-party vendor for these types of activities.

Setting Up A Secure Page
Any page on your website can be made secure by using https to call the page. Here is an example of a secure page on the Web Communications site:

https://www.unlv.edu/depts/univrelations/mpr/web2/
apply.html

Click on the link. Notice that your browser now indicates that the connection is secure by displaying "https" in the URL. Information submitted via this form will be encrypted during the web session.

Using the VeriSign Seal
UNLV's secure server ID is issued by VeriSign. If you would like to include the VeriSign seal on your webpage as proof of your site's authenticity, include the following code in your webpage where you want the seal to appear. Tip: Remove any line breaks in the code when you insert it into your webpage.

<table width="135" border="0">
<tr>
<td width="135" align="center" valign="top">
<script src=https://seal.verisign.com/getseal? host_name=www.unlv.edu&size=S&use_flash=NO& use_transparent=NO&lang=en></script>
</td>
</tr>
</table>

To view how the above code works, click on the seal below.

NOTE: Use of the seal is optional; it is not required to secure a webpage.

Troubleshooting: Are You Using the Correct URL?
Links to secure pages must point to a URL that begins with https://www.unlv.edu. If you applied for a virtual name for your account, such as yourdept.unlv.edu, please note that you cannot use that address to establish a secure connection. Instead, you must use the original URL issued to the account. If you're not sure what that is, refer to the security agreement you received when you applied for the account or complete the form below.

In the link example above, notice that even though this site resides on web.unlv.edu, we used our full address — www.unlv.edu/depts/web — to link to the web account application.

URL Request Form

Please send me my URL:

Your Name:
Your E-Mail:
Account Login:
What URL do you currently use to view your main webpage online (e.g., http://yourdept.unlv.edu):

  

  

Keeping Your Data Secure
Be careful how you handle information that you collect via a web form. The web session is encrypted; however, how you handle the information after it is submitted is critical. Under no circumstances should you use a cgi script that returns the form data to you in a standard e-mail. Remember, e-mail is sent as plain text over the Internet, and as such, is not safe from interception by third parties. Here are some alternative methods for handling your form data:

• Choose a cgi script that uses PGP encryption to process form data and send it to you in an encrypted e-mail. You must then use appropriate software to decrypt the e-mail after you receive it.
  
  
• Choose a script that will write the information to a file. Then use a secure FTP program to download the file from the web server.