Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
https quick question
- Thread starter lucidtech
- Start date
FALCONSEYE
Programmer
HTTPS differentiates one sender and receiver from another. SSL takes the data, going or coming, and encrypts it. This means that SSL uses a mathematical algorithm to hide the true meaning of the data. The hope is that this algorithm is so complex it is either impossible or prohibitively difficult to crack.
The encryption begins when the owner of the Web site purchases a time-sensitive certificate from a trusted certificate authority such as VeriSign. You can get a certificate anywhere, or even make your own, but is it trusted? Your browser will let you know. This certificate is a security code created specifically for that one user, or even for that one Web site. The code is so complex that no one else on Earth should have a duplicate.
Getting a certificate can be an involved task. All types of information must be recorded so the issuer of the certificate can be a reliable authority on the certificate’s owner. Information that must be provided includes the name of the site and even the name of the server that hosts the site. Complexity makes counterfeiting incredibly difficult.
So, the question is why the extra overhead???
The encryption begins when the owner of the Web site purchases a time-sensitive certificate from a trusted certificate authority such as VeriSign. You can get a certificate anywhere, or even make your own, but is it trusted? Your browser will let you know. This certificate is a security code created specifically for that one user, or even for that one Web site. The code is so complex that no one else on Earth should have a duplicate.
Getting a certificate can be an involved task. All types of information must be recorded so the issuer of the certificate can be a reliable authority on the certificate’s owner. Information that must be provided includes the name of the site and even the name of the server that hosts the site. Complexity makes counterfeiting incredibly difficult.
So, the question is why the extra overhead???
- Thread starter
- #3
I appreciate the response, but it's not exactly what I was asking...
My question is more this.. I can make it so that whenever a user comes upon the website, they are redirected to https rather than http.. no matter what page and/or whether they plan to login.
My question is whether or not there is any reason as to why I shouldn't make it so that the user is always on https rather than http? Bandwidth issues or anything along those lines.
My question is more this.. I can make it so that whenever a user comes upon the website, they are redirected to https rather than http.. no matter what page and/or whether they plan to login.
My question is whether or not there is any reason as to why I shouldn't make it so that the user is always on https rather than http? Bandwidth issues or anything along those lines.
FALCONSEYE
Programmer
>> It would make every thing slow more expensive and more complicated to use exclusively with https.
- Thread starter
- #5
Okay. Another question... do you know of any sites or anything that have good information or tutorials on the best ways to implement https? I understand how it works and how I CAN set it up, but I'm quite sure that the way I'm doing it is not the best way to go about it.
- Status