Forum Moderators: coopster
I've seen https pages (https appears at the beginning of the url string and a little padlock usually (always?) appears at the bottom of the browser window) but what does https do? And how do you do it? and what is the advantage of a https page over a regualr http page?
As you can tell, I really know nothing about this, but I want to do what i'm doing correctly and - even if my login script is working well and appears to be secure - I just want to make sure.
Thanks to all in advance.
Neophyte
a secure connection with the web server is established before any information is transferred
to do this one purchases secure certificate and then installs it on their web server
try a search for ssl [google.com] to get better definitions, there are other steps involved with installing this as well. Most hosts offer some kind of option for secure certs and can inform you about costs and options.
I have purchased all of my certs from thawte but verisign is another option
I can see how purchasing a certificate would be critical for something like an e-commerce site where financial information is being sent.
Do people, however, purchase a certificate to provide a secure connection for, say, a CMS admin area of a web site? Would such precautions for this kind of use be considered overkill if not downrigt unnecessary?
Neophyte
the level of security you need is dependant on what you need to protect
I don't think normally it would be needed for cms admin but I don't know what there is to protect.
Though if an admin section incorporates viewing client data, then yes.
Remember that ssl is to secure the connection, so the transfer of information. It isn't to protect from unauthorized access. So focus on what information is being transferred, that will tell you whether you need ssl or not.
