Web Design ABC - Encryption and Security with SSL.

Encryption and Security with SSL.

When it comes to accepting online payments and other sensitive information over the web, normal HTTP just doesn't cut it. It's an insecure method of communication where everything is sent over the wire in cleartext - it's completely trivial for anyone in a network administrator position at a business or ISP to gain access to the network, and most networks are even vulnerable to 'sniffing' by non-privileged users of the network.

Things are bad enough that you really shouldn't even transmit any passwords without taking additional security measures, unless the things the passwords give access to are entirely trivial - put simply, as a webmaster, you need to be worried about encryption and security. But how can you add them to your website? Well, it's not as difficult as you think, because there's a standardised way of doing it:

SSL.

What is SSL?

SSL stands for Secure Sockets Layer. It is a method of using cryptography to make sure that communication between a server and a client is secure: in other words, data sent can't be intercepted or tampered with in any way. SSL works using a variety of encryption methods, but the most important feature is that SSL certificates effectively certify that a site is the real thing, which helps to prevent spoofing. When SSL is combined with HTTP, it becomes HTTPS (Secure HTTP), a powerful way for web browsers and web servers to send sensitive data back and forward securely.

If all that was over your head, maybe I should put it to you in the way that your customers will. SSL is what makes their web browser come up with the little padlock symbol that means your website is secure for them to enter sensitive information into. If there's no padlock, they don't want to do business with you.

However, you should also be aware of what SSL is not: it isn't a complete security package. If you transmit data over HTTPS and then store it in a database unencrypted when it reaches your server, someone with access to the database will still be able to easily retrieve the data. SSL is not the answer to everything - it's simply a way of avoiding anything happening to the data while it's 'out there', travelling across the Internet. Of course, your customers are unlikely to realise that (they think the padlock works like magic), but you at least should.

Levels of Encryption.

There are three main levels of SSL encryption: 40-bit, 128-bit and 256-bit.

It's very important to emphasise at this point that 40-bit SSL is now outdated and deprecated: you would be a fool to use it. The only reason 40-bit encryption was available to begin with was because the US government was initially afraid of exporting cryptographic algorithms that were strong enough to be used against them: 40-bit was strong enough for most web uses, but still weak enough that they could break it by brute force with their powerful computers. The US was persuaded to relax the restrictions when the government realised that they were doing nothing but forcing IT development to other countries, but by then there had been widespread adoption of 40-bit encryption.

Now, years later, there's really no reason to be using it. You should go for 128-bit as a minimum, and preferably 256-bit - what you can afford will likely be dictated by the value of the goods you sell. If you think anyone is likely to try to break your encryption, you should get the best you can.

How Do I Use SSL?

If your web host supports SSL, then it should already be all set up for you (if you host your website yourself, then you might like to take a look at the tutorials at modssl.org to get it installed). However, before you can use SSL, you need to get certified - that is, buy an SSL certificate from one of the trusted certificate authorities. The big three are VeriSign, GeoTrust and Thawte, but they charge relatively high prices.

The whole thing works more-or-less the same way as buying a domain name, and, in fact, many domain registrars resell certificates - you can often get a better deal from them than you would from one of the big companies. You can often find perfectly good certificates for as little as $30 per year, if you shop around.

All About Design Principles and Elements

Content is King

7 Ways to Make Your Web Forms Better

Focus on the User Task Oriented Websites

10 Easy Ways to Promote Your Website

Web Design
◦ 5 Simple Steps to Accepting Payments.
◦ 5 Ways to Avoid the 1998 Look.
◦ 6 Reasons Why You Need a Website.
◦ 7 Ways to Make Your Web Forms Better.
◦ A Question of Scroll Bars.
◦ Ads Under the Radar: Linking to Affiliates.
◦ AJAX: Should You Believe the Hype?
◦ All About Design: Principles and Elements.
◦ An Introduction to Paint Shop Pro.
◦ An Issue of Width: the Resolution Problem.
◦ Avoiding the Nuts and Bolts: Content Management Software.
◦ Beware the Stock Photographer: Picking Your Pictures.
◦ Building a Budget Website.
◦ Building Online Communities.
◦ Clean Page Structure: Headings and Lists.
◦ ColdFusion: Quicker Scripting, at a Price.
◦ Column Designs with CSS.
◦ Content is King.
◦ CSS and the End of Tables.
◦ Cut to the Chase: How to Make Your Website Load Faster.
◦ Designing for Sales.
◦ Designing for Search Engines.
◦ Dreamweaver: The Professional Touch.
◦ Encryption and Security with SSL.
◦ Finding a Good HTML Editor.
◦ Focus on the User: Task-Oriented Websites.
◦ Fonts are More Important Than You Think.
◦ Free Graphics Alternatives.
◦ FrontPage: Easy Pages.
◦ Hints All the Way.
◦ Hiring Professionals: 5 Things to Look For.
◦ How Databases Work.
◦ How the Web Works.
◦ How to Get Your Website Talked About on Blogs.
◦ How to Install and Configure a Forum.
◦ How to Make Visitors Add You to Their Favorites.
◦ How to Run Ads Without Driving Visitors Crazy.
◦ How to Set Up Your Hosting in 5 Minutes Flat.
◦ IIS and ASP: Microsoft's Server.
◦ Image Formats: GIF, JPEG, PNG and More.
◦ It's a World Wide Web: Going International.
◦ JSP: Java on Your Server.
◦ LAMP: The Most Popular Server System Ever.
◦ Making Friends and Influencing People: the Importance of Links.
◦ Making Searches Simple.
◦ Offering Free Downloads on Your Website.
◦ Opening a Web Shop with E-Commerce Software.
◦ tag - they have one extra tag before it. This is the doctype, and it must be present right at the top of your document for it to be valid HTML. There are only really
◦ Perl: Cryptic Power.
◦ Photoshop: a Graphic Designer's Dream.
◦ Picking a Colour Scheme.
◦ Printing and Sending: the Two Things Users Want to Do.
◦ Putting Multimedia to Good Use.
◦ Python and Ruby: the Newer Alternatives.
◦ Registering a Domain Name.
◦ Registering Your Users by Stealth.
◦ RSS: Really Simple Syndication.
◦ Setting Up a Mailing List.
◦ Setting up a Test Server on Your Own Computer.
◦ Some Places to Go For More Information.
◦ Taking HTML Further. HTML might seem like a simple language for web documents, and to an extent, it is - that's what it was intended to be. If you know what
◦ Taking HTML Further with Javascript. Once you've built your HTML pages, you might need them to do something a little more interactive on the client-side (that
◦ Taking Your Website Mobile.
◦ Text Ads: Unobtrusive Advertising.
◦ The 5 Principles of Effective Navigation.
◦ The Art of the Logo.
◦ The Basics of Web Forms.
◦ The Basics of Web Servers.
◦ The Case Against Flash.
◦ The Confusing World of Web Hosting: Making Your Decision.
◦ The Evils of PDFs.
◦ The Importance of Validation.
◦ The Many Flavours of HTML.
◦ The Smaller, the Better: Avoiding Graphical Overload.
◦ The Top 10 Biggest Web Design Mistakes.
◦ The Web Designer's Toolbox.
◦ The Web is Not Paper.
◦ There's More than One Web Browser.
◦ Time for User Testing.
◦ Titles and Headlines: It's Not a Newspaper.
◦ Tracking Your Visitors.
◦ Understanding Web Jargon.
◦ Uploading Your Website with FTP.
◦ Using Flash Sensibly.
◦ Using Quizzes and Games to Get Traffic.
◦ VBScript: Javascript Made Easy.
◦ Websites and Weblogs: What's the Difference?
◦ What Do You Want Your Website to Do?
◦ What You See Isn't Always What You Get.
◦ Which Database is Right for You?
◦ Why Doing It Yourself is Best.
◦ Why Java Will Drive Your Visitors Away.
◦ Why Word is Bad for the Web.
◦ Why You Should Put Your Content in a Weblog Format.
◦ Why You Should Stick to Design Conventions.
◦ Working With Templates.
◦ Writing for the Web.

GoogleSense

Making Money with Articles

Webhosting

RSS
◦ Reading RSS Feeds with an RSS Aggregator