The NETbilling membership management system allows merchants to password protect their websites from unauthorized access while allowing paying customers to quickly gain access to their websites.Fully integrated into the NETbilling Digital Payment Solution, the NETbilling membership management system requires that merchants who use it set up both their webserver and their NETbilling account properly. This document explains the actions you must take to keep your website secure from unauthorized access.
Since the NETbilling membership management system requires that you configure your server to accept password updates and other communication from NETbilling, it is protected by a password called the Access Keyword. The NETbilling membership management system authenticates all communication by checking the Access Keyword. Any attempt to add a password or perform other updates to the merchant's website will fail unless the Access Keyword matches exactly.
For this reason, your Access Keyword must be kept confidential. If your Access Keyword is compromised, unauthorized persons can gain access to your site. If you feel for any reason that your Access Keyword has been compromised, you must change it immediately.
This document shows you how to change your Access Keywords to insure the security of your password protected website.
The NETbilling membership management system consists two primary components:
NETbilling offers a CGI script and configuration file that can be used to manage your membership site. When examples are cited in this document, that script will be used. If you are using a third party membership management tool (such as Flicks software), you must consult the documentation for this software to learn how to set it up properly.
If you have a single, standalone site that needs it's Access Keyword updated, do the following:
If you have a multiple sites that share an access keyword, you can update the Access Keyword for all the sites at once. To do so, do the following:
Now that you have a new Access Keyword generated, you must update the scripts on your server to reject the old Access Keyword and accept the new one. To do this, do the following: