cleartarn Secure Website Pages

cleartarn Secure Website Pages

Cleartarn’s content management system and all if its modules utilises Cross Site Request Forgery protection. This approach is outlined below and provides excellent protection for websites to prevent interception / interference with form data.

Utilising either CRSF or CRSF and HTTPS can provide a very high degree of security and confidence in the requests for data from a website. Combined with the secure logins which can be attached to any page private content can be prevented from being accessed by unauthorised users.

For more information on this complex area, please do not hesitate to contact us, but the features used in the cleartarn CRSF are not generally available in many websites.

HTTPS Sites

HTTPS sites provide authentication of the web site and associated web server that is being communicating with, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between the user and the web server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. This provides a reasonable guarantee that communication is with the exact web site (as opposed to an imposter), as well as ensuring that the contents of communications between the user and the website cannot be read or forged by any third party. However, it is improved upon when combined with CRSF protection detailed below.

Cross Site Request Forgery (CRSF) protection

As mentioned above cleartarn’s content management system and all of its associated modules utilise CRSF protection which is based on the following approach:

For each page displayed where data is expected to be returned a CSRF cookie that is set to a random value (a session independent nonce, as it is called), which other sites will not have access to is sent to the page.

A hidden form field present in all outgoing data sent from forms posts the value back to the server with data that it is returning. This field is called the CSRF cookie.

For all incoming requests returned to the server with form data must contain the CRSF cookie, otherwise an error is generated.

In addition, for HTTPS requests, a strict referrer checking is also performed. This is necessary to address a Man-In-The-Middle attack that is possible under HTTPS when using a session independent nonce. This is because HTTP ‘Set-Cookie’ headers are accepted by clients that are talking to a site under HTTPS. Using CRSF ensures that only forms that have originated from your website can be used to post data back to the webserver.

Content Management Websites bring control to your pages.

Our content management systems (CMS) allow the website data and background functionality to be separated from the site's look and feel, allowing you to add and modify content in full knowledge that future changes to the style and design can be done without losing the content created.

eCommerce means business

Our eCommerce solutions range from dozens to thousands of products with a range of payment and deliver options and features such as stock control and customisable delivery options. We can also create EBay shop sites to give even greater exposure for your products.

SEO Search Engine Optimisation

All of our solutions are built around the need to provide the information search engines need to properly list and rank your site. So whether it is a CMS website or eCommerce platform we build in the tools to ensure your data and pages are presented to search engines in the most effective way.

Design is the key

Our database driven CMS system has a range of standard applications and a variety of standard features providing a flexible easy to use system. Modules can be customised where required, or new 'bolt on' applications rapidly created to suit your business needs.

Latest Systems a few recent website solutions

Let's Work Together we bring creative business solutions

Tell us what you need!

Recent News

A Little About Us

"Our aim is to provide the best value website creation, search engine optimisation and customer service available". cleartarn

With a wide range of expertise developing IT solutions in a variety of businesses cleartarn has first hand experience of the impact that properly designed and implemented systems can bring to businesses. Our aim is to make your IT investment pay by generating more business.

Follow us!

We post periodic news articles, blogs and Tweets concerning items which we feel may be relevant to our customers. We won't ever inundate you with spam!