December 2, 2008 Leave a comment
Your Web server and the browsers of its visitors communicate by sending messages. The browser requests a file that contains the HTML for a Web page.The server sends the information in the file. The communication between server and browser is not secure. Someone on the Internet between you and the person requesting your Web pages can read the messages that are being sent. If your site collects or sends credit card numbers or other secret information, you must use a secure Web server to protect this data.
Secure Web servers use Security Sockets Layer (SSL) to protect communication sent to and received from browsers. This is similar to the scrambled telephone calls that you hear about in spy movies. The information is encrypted(translated into coded strings) before it is sent across the Web. The receiving software decrypts it into its original content. In addition, your Web site uses a certificate that verifies your identity. Using a secure Web server is extra work,but it’s necessary for some applications.
You can tell when you’re communicating using SSL. The URL begins with HTTPS, rather than HTTP.
Information about secure Web servers is specific to the Web server that you’re using. To find out more about using SSL, look at the Web site for the Web server that you’re using. For instance, if you’re using Apache, check out two open-source projects that implement SSL for Apache at www.modssl.org and www.apache-ssl.org. Commercial software is also available that provides a secure server based on the Apache Web server. If you’re using Microsoft Internet Information Server (IIS), search for SSL on the Microsoft Web site at www.microsoft.com.