Chapter 22. SECURING DYNAMIC WEB SITES
Understanding TLS/SSL Encryption
Every modern Web browser supports the two major forms of encryption technology: transport layer security, or TLS, and its predecessor, secure sockets layer, or SSL. Enabling TLS/SSL encryption on your Web site makes it virtually impossible for a third party to listen in on any session activity between the end-user and the Web server.
In other words, not enabling TLS/SSL encryption means that a clandestine individual could spy on an end-user's HTTP session and record its communication activity. If any sensitive data is transmitted, such as a login username and password, that data is visible to anyone with access to one of the Internet's core routing hubs, and at both the end-user's ...