Secure WWW Server

Taken from: http://webmaster.iu.edu/tool_guide_info/ssl.shtml

What is a secure WWW server?

* A server which is capable of identifying itself authoritatively to a browser.
* The server allows for encrypted communications between the WWW server and browser over the Internet.

A secure WWW server is a type of WWW server that is capable of communicating over the Internet with a WWW browser in a secure manner. This type of server is also called an 'SSL server' (for those inquiring minds who want to know, SSL stands for "Secure Sockets Layer").

Normally, the contents of any HTML document, image file, sound file, HTML form, or password entry dialog window are communicated between the WWW server and browser 'in the clear'. This type of transmission is not secure because no attempt is made by the browser to verify (authenticate) the identity of the server specified in the URL. In addition, no attempt is made by the browser or the server to encrypt or encode the information to make it useless to anyone 'eavesdropping' on the transmission.

A secure WWW server allows a more secure connection to the browser because the browser can trust that it is communicating with the server that was specified in the URL and because all communications between the browser and the server will be encrypted.

How do I know if my browser is communicating with a secure server?

* Your browser may notify you before displaying the page
* A 'lock' symbol may appear in 'locked' position on your browser
* The URL will have 'https:' at the beginning.

When would I want to use the central secure WWW server to deliver or collect information at my website?

If you would feel uncomfortable entering the requested data into your form, consider the necessity for collecting it at all. Is it really necessary that you have that data item? If you feel uneasy about a data item because of the consequences if it was illegally intercepted on the Internet, consider using the secure WWW server to encrypt the data in transit.

Commonly, empty forms are delivered to the user from a non-secure server. Once the user fills in the form, the 'action' directive in the form specifies that the contents is to be sent to a secure (https) server for further processing.

Another instance when using a secure server to deliver a document may be appropriate is when all or part of a document's content is sensitive regardless of whether the document is static or was generated by a CGI program 'on the fly'. You may or may not need to have .htaccess-style access protection on the file in addition.

Are there some issues to consider using the secure server?

It is important to remember the following about data that is collected via the secure server:

* is encrypted while in transit on the Internet (to or from a capable browser)
* is not encrypted in transit while being subsequently e-mailed by a CGI program (e.g., Transform)
* can only be processed by Transform if you install Transform in your Webserve account (please read the instructions for installing Transform in your account in the Transform User's Guide.)

It is best to avoid using the secure server to deliver or receive pages/forms to or from the browser that contain large images, incorporate long sound, animation or video sequences, or which contain a very large amount of text. Why is this? Because all of the elements of a page add to the amount of data that must be encrypted by the server before transmission and subsequently decrypted by the browser upon reception. Large amounts of encyption and decryption can introduce delays.

When using the secure server we recommend that you place any files that are referenced from a delivered page (such as an image) in the same directory as the one that contains the HTML file for the page. This is especially true for directories that have an .htaccess file mediating access. The general rule would be: 'Try to keep everything that is related to a given page in the same directory as the page'.

Your Ad Here

http://improvemysite.blogspot.com