I have looked all over, and I can't seem to find any quality articles on SSL.
Could some one please tell me exactly how SSL is supposed to make things more secure? How would I use SSL?
The most information I could really find (up to the 8th page in google and going through the web of affiliates some sites have) is that you should use SSL for securing things like credit card numbers. I don't know how it works at all.
You know, I've had the same problems finding the information, but it really changes nothing in terms of PHP. Look for general articles on setting up SSL and getting a certificate from a recognised ceritifer, and then you'll simply have either a new FTP, or a separate directory on your FTP which is for the secure files, so then you'll have the HTTP version and HTTPS.
Therefore when you want to use the secure SSL, link to the files on the HTTPS. The only real difference in terms of PHP is that you'll want to check for the protocol being used - HTTP or HTTPS. This prevents secure pages being used without the secure protocol.
As SSL is quite expensive in terms of the bandwidth being utilised to first setting up a encryption system, a lot of websites load the main chuck of the page in HTTP and then embed the login boxes in HTTPS. If you remember, there used to be a warning in Internet Explorer, and still is, where it informs you that there are both secure and insecure elements on the page. That happens for that very reason because of HTTP and HTTPS on one page.
Trying to explain the SSL browser<->server process is complicated but I've taken a stab at it :-D It's a bit of a ramble but hopefully makes sense.
Note: For those unsure of public/private keys, think of them as very long passwords :)
Edit: And the reason for using SSL to send things like credit card numbers is so that no-one can perform a "man in the middle" attack - basicly someone records all info sent between you and the server. If the credit card number was sent un-encrypted then they would see it in plain text - which would be bad :-D
Addendum: Alan's post is better than mine, though slightly less general in description.
SSL is a communication protocol similar in nature to HTTP, hence why it is HTTPS. SSL stands for: Secure Socket Layer. Without getting too technical, the basics of SSL are these:
Obviously there is a great deal more behind this technology, but SSL is a very potent security package. SSL1 has a few problems now due to age, but it is still better than plain HTTP. SSL2, on the other hand, requires someone to "tap" your datastream from the beginning for them to have any chance to spy on you.
It doesn't do anything more than make the transport of the data between server and client secure through encryption.
|All times are GMT. The time now is 02:33 PM.|
Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0