[ic] DIrty dirty hack... can i get some feedback?

Andrew McBeath interchange-users@interchange.redhat.com
Wed Oct 3 22:22:01 2001


Jim,

I'm not sure if we are doing the same thing here...

I am setting up a server to host Interchange sites on, that is, I am 
providing the service not trying to sell stuff myself.  In doing so, 
obviously I am endeavoring to keep the costs down for clients.  Yes, the 
user level issues of browser warnings is valid, but it is a decision for 
the client not me.  I aim to provide options, not dictate what the 
client must/must not do. Whether that is smart or not is another issue 
and I welcome opinions either way ;) (I'm sure we've all come across 
both those clients who are too cheap assed to buy a certificate, and 
also those users who are too paranoid to entrust their cc details to 
fairly hefty security schemes...)

The setup I am looking at is:

Catalog URL will be http://www.customer.co.nz,
SecureURL set to https://secure.mydomain.com (same machine/ip).

This means my clients can have their shop at their own domain, but do 
not have
to have their own certificate as they can use my certificate to do their 
secure stuff...

>Don't do anything that will scare your customers. Scare them and they will
>run away - quickly. Give them confidence and they will buy from you, again
>and again!

>Don't be cheap!
This is not a simply matter of 'being cheap'. I do agree with you in 
theory on this matter, but for me this is really a matter of remaining 
competitive with other eCommerce providers who do not require that the 
client purchase themselves a certificate. - thus placing me roughly 
$125USD more expensive than the next guy for what appears to the client 
to be exactly the same service (on this point anyway :) ). 
I then have a marketing job on my hands to convince them otherwise...to 
tell a client "Dont be cheap!" is not the greatest sales pitch...  yes, 
you can use the fact that the whole site is secure as a sales point, but 
consider Joe Bloggs who wants to get his feet wet with a low cost, 
simple ecommerce solution for his [insert favorite product here] shop... 
To outlay that extra money makes it just that extra bit more 
unattractive, and that is contrary to what we are trying to achieve 
here: putting decent and high quality ecommerce within reach of 
everybody...not just those who can spend 10-20 grand.  I agree that the 
price of a certificate is not a lot in comparison to the site 
development, but it is a serious consideration whether or not it is 
absolutely 100% necessary


Kind Regards,

Andrew

Jim Balcom wrote:

> On Thu, 4 Oct 2001, Andrew McBeath wrote:
> 
> AM>>If you are going to transfer session data like this, what problems are
> AM>>looming in the background, and assuming it can be done with reasonable
> AM>>security (i.e. not vulnerable to passing random session id's in the
> AM>>query string for example)...I feel it's worth the $125 US each customer
> AM>>is going to save not having to buy a certificate from Thawte.
> 
> I was able to get SSL sessions transferring from one (non-SSL) domain name
> to a (SSL) domain name. Internet Explorer did not like this, although my
> then current version of Netscape did not bitch about it. IE popped up  a
> warning message telling the caller that they were being transferred to a
> different site and they they needed to be careful.
> 
> Now, I've got customers that even with 128-bit security are refusing to put
> their CC# into a totally secure set-up. People are going to run away,
> screaming, from a warning message that they are being diverted.
> 
> AM>>What do you guys reckon about this?
> 
> I assume that you are going to use Interchange to make money with. Getting
> an SSL Cert is just another cost of doing business, like buying another
> computer, like paying for telephone lines, like paying for a DSL or T-1
> service.
> 
> Don't do anything that will scare your customers. Scare them and they will
> run away - quickly. Give them confidence and they will buy from you, again
> and again!
> 
> Don't be cheap!
> 
> -= Jim =-
> 
> ----------------------------------------------------------------
> Jim's Linux-Operated Underground Bomb Shelter
> 
> Tagline for Wednesday, October 03, 2001 at 20:05 PM:
> Plankton lobbyist: "NUKE THE WHALES!"
> 
> ----------------------------------------------------------------
> This Linux System has been up 218 hours
> 
> My web page: http://www.idk-enterprises.com
> ----------------------------------------------------------------
> 
> _______________________________________________
> interchange-users mailing list
> interchange-users@interchange.redhat.com
> http://interchange.redhat.com/mailman/listinfo/interchange-users
> 
> 
>