Wesbite Security and ‘https’ - How Does it Work?
Anyone who has looked at the address bar in their web browser might have noticed that the majority of web pages that they visit begin with the acronym ‘http’. A few might even know that it stands for ‘hypertext transfer protocol’ – the protocol (or ‘language’) of the World-Wide Web. Sometimes though, they might notice that a web page begins with ‘https’ and if they are particularly observant, that such pages are accompanied by the image of a closed padlock – usually somewhere in the status bar. That gives us a clue as to what is going on: the ‘s’ stands for ‘secure’.
So why might we want a ‘secure’ protocol? The most common place that we will find ourselves on a secure page is where the information being displayed or entered is sensitive and must be protected from a ‘man in the middle’ attack where the data could be intercepted between the server and the browser. The obvious example of this is a page where credit card or bank details are being entered. Obviously, with the rapid growth of e-commerce, these types of web pages are proliferating.
For the more technical amongst you, the data on a secure page is transmitted through ‘SSL’ – a ‘secure socket layer’ and uses a different port – normally 443 instead of 80. In order for this to work, an SSL certificate registered to the website owner must be installed by the web server. To go even more technical for a moment, SSL uses one of the most secure cryptographic mechanisms currently available using two keys – one public and one private – that is theoretically unbreakable within a reasonable amount of time. If this sounds like double-dutch to you then don’t worry – you don’t need to understand how it works in order to use it. What you do need to know is that you can trust it and the only habit you need to adopt is to check that if you are entering sensitive data the address of the web page begins with ‘https’ and, probably, that there is a closed padlock (or similar) displayed somewhere in your browser window. It is worth taking a few minutes right now to familiarise yourself with your favourite browser and discover the difference between a secure and insecure web page.
To help you with that here is an example of a secure page:
https://www.paypal.com/uk/cgi-bin/webscr?cmd=_send-money&nav=0.1
and an insecure one:
See if you can spot the difference!
Finally, if you are developing or specifying the creation of a web site for your own company and you expect your users to enter sensitive data, you must ensure that such pages use the secure protocol otherwise you will lose valuable business as potential customers will abandon the checkout process if they feel the security of their personal data is threatened.
Other useful links:
http://en.wikipedia.org/wiki/Https
http://en.wikipedia.org/wiki/HTTP
http://www.instantssl.com/ssl-certificate-products/https.html
This entry was posted on Friday, August 15th, 2008 at 2:05 pm and is filed under Articles, Business Advice, Data Security, Hints and Tips, IT Advice . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
