About Secure Webpages
If you plan to collect sensitive information through a web form, you should protect the user's privacy by accessing the page through our secure server. Examples of sensitive information include:
- Home addresses
- Phone numbers
- Other types of sensitive information
NOTE: Do not collect credit card numbers or Social Security Numbers via the web server. Although the user session would be encrypted, the information would not be secure once it was saved to the web server. Please use the services of a third-party vendor for these types of activities.
Setting Up A Secure Page
Any page on your website can be made secure by using https to call the page. Here is an example of a link using https:
Click on the link. Notice that your browser now indicates that the connection is secure by displaying "https" in the URL. Click the lock in your browser's location bar to view information about UNLV's SSL certificate.
Using the GoDaddy Seal
This web server's secure server ID is issued by GoDaddy. If you would like to include the GoDaddy seal on your webpage as proof of your site's authenticity, include the following code in your webpage where you want the seal to appear. Tip: Remove any line breaks in the code when you insert it into your webpage.
Site Seal Code
To view how the above code works, click on the seal below. NOTE: Use of the seal is optional; it is not required to secure a webpage.
Troubleshooting: Are You Using the Correct URL?
Links to secure pages must point to a URL that begins with https://web.unlv.edu. If you applied for a subdomain for your account such as "yourdept.unlv.edu", please note that you cannot use that address to establish a secure connection. Instead, you must use the original URL issued to the account. If you're not sure what that is, complete the form below.
Keeping Your Data Secure
Be careful how you handle information that you collect via a web form. The web session is encrypted; however, how you handle the information after it is submitted is critical. Under no circumstances should you use a cgi script that returns the form data to you in a standard email. Remember, email is sent as plain text over the Internet, and as such, is not safe from interception by third parties. Here are some alternative methods for handling your form data:
- Choose a cgi script that uses PGP encryption to process form data and send it to you in an encrypted email. You must then use appropriate software to decrypt the email after you receive it.
- Choose a script that will write the information to a file. Then use a secure FTP program to download the file from the web server.
Click on the seal to view the certificate details.