SSL
Posted: Fri Aug 03, 2007 9:34 pm
I know there where other post about SSL. But I have some of my own questions about it.
So far I know that SSL only secures the data transmitted from server to client and visa versa. What I don't understand about that though is: what's the purpose of having encrypted data like that; do I need this; do credit card companies require this?
Also I've come to find that I need all pages to be using the https protocol and if an image or script, that is included in that page, to have that protocol as well.
This is a bit compelling as I don't know how do go through my whole site, change all the links, images, (et cetera) without pulling some hair.
Also what's the point of having this when a client can manually browse to my site with the http protocol? For example, they say "Hay lets go to such and such web site.", They click on their address bar in their browser and start typing in the full address "http://www.suchandsuch.com" instead of just typing in "www.suchandsuch.com" or "suchandsuch.com" and letting the browser do the rest of the work... But wait, even then the browser would, probably, assume the protocol to be http.
So this results to another question of mine: How do i make sure my server only sends data though this secure protocol (https)?
Thanks for barring with me on this post. I'd so much appreciate any help at this moment...
So far I know that SSL only secures the data transmitted from server to client and visa versa. What I don't understand about that though is: what's the purpose of having encrypted data like that; do I need this; do credit card companies require this?
Also I've come to find that I need all pages to be using the https protocol and if an image or script, that is included in that page, to have that protocol as well.
This is a bit compelling as I don't know how do go through my whole site, change all the links, images, (et cetera) without pulling some hair.
Also what's the point of having this when a client can manually browse to my site with the http protocol? For example, they say "Hay lets go to such and such web site.", They click on their address bar in their browser and start typing in the full address "http://www.suchandsuch.com" instead of just typing in "www.suchandsuch.com" or "suchandsuch.com" and letting the browser do the rest of the work... But wait, even then the browser would, probably, assume the protocol to be http.
So this results to another question of mine: How do i make sure my server only sends data though this secure protocol (https)?
Thanks for barring with me on this post. I'd so much appreciate any help at this moment...