Chapter 22. SECURING DYNAMIC WEB SITES

Understanding TLS/SSL Encryption

Every modern Web browser supports the two major forms of encryption technology: transport layer security, or TLS, and its predecessor, secure sockets layer, or SSL. Enabling TLS/SSL encryption on your Web site makes it virtually impossible for a third party to listen in on any session activity between the end-user and the Web server.

In other words, not enabling TLS/SSL encryption means that a clandestine individual could spy on an end-user's HTTP session and record its communication activity. If any sensitive data is transmitted, such as a login username and password, that data is visible to anyone with access to one of the Internet's core routing hubs, and at both the end-user's ...

Get Perl and Apache: Your visual blueprint for developing dynamic Web content now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.