HTTPS

Suppose you visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sublayer.

HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. SSL is an open, nonproprietary protocol that Netscape proposed as a standard to the World Wide Consortium (W3C). HTTPS is not to be confused with S-HTTP, a security-enhanced version of HTTP developed and proposed as a standard by EIT.

Getting started with HTTPS

To explore how HTTPS is used in the enterprise, here are some additional resources for learning about HTTPS and Web page security:

Enabling HTTPS in J2EE Web components: The HTTPS protocol is a valuable security feature for J2EE Web components. Expert Ramesh Nagappan explains how to implement HTTPS in JSPs and servlets.

Authentication and authorization for Web applications: Web applications need robust authentication and authorization mechanisms, such as HTTPS. Expert Ramesh Nagappan explains what measures are needed before you deploy Web apps.

How to create a secure login page using ASP.NET: A secure ASP.NET login page is easier to create than one might assume. Expert Dan Cornell explains how to use authentication, authorization and HTTPS to ensure your login page is safe.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us