SportsSignup and our partners commit to the highest level of security available. This statement covers the following topics, and what SportsSignup and our partners are doing to ensure the security of your information and the availability of our application:
Web Security
It is important and expected that the link between the end user’s Browser and our Web Site (web server) is secure – that the information remains private and integral. Our application uses Secure Sockets Layer, SSL, the standard security technology for creating an encrypted link between a web server and a browser. SSL is an industry standard that uses 128 bit key encryption, and is used by millions of websites in the protection of their online transactions with their customers.
In order to be able to generate an SSL link, a web server requires an SSL Certificate (X.509). Our certificate is provided by Comodo Group (comodogroup.com).
The complexities of the SSL protocol remain invisible to your customers. Instead their browsers provide them with a key indicator to let them know they are currently protected by an SSL encrypted session - the Padlock:

( As seen by users of Internet Explorer 6.0 )
Clicking on the Padlock displays our SSL Certificate and details. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user.
Transaction Security
SportsSignup handles payments by credit card. The credit card processing is also handled securely.
The credit card information is entered on a secure page (SSL). The credit card information is passed to the payment gateway company Authorize.NET (www.authorize.net) via SSL, and is processed by First Data, the worldwide leading credit card processor (www.firstdata.com). We receive back an authorization number, which we store in our database. We do NOT store the entire credit card number – only the last four digits.
Application Security
Our application is running on computers hosted and managed by Logical Net (www.logical.net). The following are several things in place to ensure application security:
- Cisco routers with advanced port blocking.
- All ports except 80 and 443 blocked to the public
- Maintenance access to server only via VPN
- Intrusion Detectoin
- Security auditing
- All usernames/passwords are changed from their default values
- All applicable Patches and updates are run after testing and approval
Database Security
Data is stored in Microsoft’s SQL Server database. There are several keys to managing a secure database that Logical Net performs:
- Advanced SQL Server Security Configuration
- Installing SQL Server Patches
- No default database passwords
- Run on a dedicated machine with no external visibility
Application Availability
Logical Net has invested in many areas to ensure very high availability (up time). The key to high availability is redundant systems, such that if one fails, another is available to keep the system going while the repair is made.
The data center has fully redundant T-3 links to the Internet. The links are provided by Time Warner and Verizon. The Internet bandwidth providers are Sprint and AT&T. The core network uses redundant Cisco 7700 series routers and redundant Cisco switches
The data center is controlled and protected with redundant 22-Ton Liebert cooling units, redundant FM200 automatic fire suppression systems, a room-sized UPS, and a generator which starts automatically if power is interrupted. It has fuel sufficient for
The servers have RAID 1 disks (mirrors).