G-NET Security
What is SSL?
The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers.
SSL also gained the support of Microsoft and other Internet client/server developers as well and became the de facto standard until evolving into Transport Layer Security. The "sockets" part of the term refers to the sockets method of passing data back and forth between client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.
What is a Digital Certificate?
A digital certificate is an electronic "credit card" that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holder's public key (used for encrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Some digital certificates conform to a standard, X.509. Digital certificates can be kept in registries so that authenticating users can look up other users' public keys.
The site has an approved digital certificate issued by Thawte, one of the world's leading certification authorities.
Additional Security
All company, product and user information on the website is stored in a secure database. As an added security measure, certain information (for example passwords, email addresses, order references are encrypted when they are inserted into the database and decrypted when they are called back from the database.
Any user who has forgotten to log out or not performed an actions on the site within a ten minute period is automatically logged out.
Every time a user logs in, they are automatically assigned a unique 20 character identification number. This is stored in a session and additionally in a temporary database table. Each page checks for both of these values every time it is loaded or reloaded. If either of these values are not present the user is logged out. This means anyone trying to access the page by typing in the link or attempting to 'hack' into the site would be denied access.
