Chapter 22. SECURING DYNAMIC WEB SITES

Understanding TLS/SSL Encryption

Every modern Web browser supports the two major forms of encryption technology: transport layer security, or TLS, and its predecessor, secure sockets layer, or SSL. Enabling TLS/SSL encryption on your Web site makes it virtually impossible for a third party to listen in on any session activity between the end-user and the Web server.

In other words, not enabling TLS/SSL encryption means that a clandestine individual could spy on an end-user's HTTP session and record its communication activity. If any sensitive data is transmitted, such as a login username and password, that data is visible to anyone with access to one of the Internet's core routing hubs, and at both the end-user's ...

Get Perl and Apache: Your visual blueprint for developing dynamic Web content now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.