Secured Transmission (SSL , HTTPS)

SSL, an open, non-proprietary protocol designed by Netscape, is perhaps the most common way of providing encrypted transmission of data between web browsers and web servers (HTTP-S is the runner up). Built upon private key encryption technology, SSL provides data encryption, server authentication, message integrity, and client authentication for any TCP/IP connection.

For our purposes, SSL provides these services between SSL-enabled browsers and SSL-enabled servers. Fortunately, since both Netscape and Microsoft have implemented SSL, we as web developers can use SSL without much fear.

For the most part, as a developer implementing SSL will be out of your hands. Your code remains the same. All that changes is the web server that you serve your application from. When served from an SSL enabled server and directory, the browser and server will do all the work of encryption.

The browser will even let the client know that they have moved into a secure transmission mode for you. Consider the Netscape lock symbol:

Additional Resources:

• Web Browsers
• Servers.
• Internet Protocols
• HTTP
• Netscape: Secure Sockets Layer
• RealAudio
• Multipurpose Internet Mail Extensions (MIME)
• GET or
• POST.
• RSA Data Security,
• Diffie-Hellman Method For Key Agreement
• Elliptic curve cryptography FAQ v1.12 22nd December 1997
• PGP 2.6.2: Frequently Asked Questions, Known Bugs, and Improvements

Public Versus Private Key Encryption
Introduction to the Web Application Development Environment (Tools)
Introduction to Server-Side Processing