Protocol World Wide Web Web Servers Browsers URL Web Page HTML
Protocol World Wide Web Web Servers Browsers URL Web Page HTML
Protocol World Wide Web Web Servers Browsers URL Web Page HTML
Short for HyperText Transfer Protocol, HTTP is the underlying protocol used by the World
Wide Web. HTTP defines how messages are formatted and transmitted, and what actions
Web servers and browsers should take in response to various commands. For example, when
you enter a URL in your browser, this actually sends an HTTP command to the Web server
directing it to fetch and transmit the requested Web page.
The other main standard that controls how the World Wide Web works is HTML (HyperText
Markup Language), which covers how Web pages are formatted and displayed.
https is "Hyper Text Transfer Protocol" with Secure Sockets Layer (SSL), another
protocol primarily developed with secure, safe Internet transactions in mind.
FTP (File Transfer Protocol)
Short for File Transfer Protocol, the protocol for exchanging files over the Internet. FTP
works in the same way as HTTP for transferring Web pages from a server to a user's browser
and SMTP for transferring electronic mail across the Internet in that, like these technologies,
FTP uses the Internet's TCP/IP protocols to enable data transfer.
FTP is most commonly used to download a file from a server using the Internet or to upload a
file to a server (e.g., uploading a Web page file to a server).
SSL (Secure Socket Layer)
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link
between a web server and a browser. This link ensures that all data passed between the web server
and browsers remain private and integral, without the problems of eavesdropping, data
tampering, or message forgery.
. SSL is an industry standard and is used by millions of websites in the protection of their
online transactions with their customers.
To be able to create an SSL connection a web server requires an SSL Certificate. When you
choose to activate SSL on your web server you will be prompted to complete a number of
questions about the identity of your website and your company. Your web server then creates
two cryptographic keys - a Private Key and a Public Key.
The Public Key does not need to be secret and is placed into a Certificate Signing Request
(CSR) - a data file also containing your details. You should then submit the CSR. During the
SSL Certificate application process, the Certification Authority will validate your details and
issue an SSL Certificate containing your details and allowing you to use SSL. Your web
server will match your issued SSL Certificate to your Private Key. Your web server will then
be able to establish an encrypted link between the website and your customer's web browser.
The complexities of the SSL protocol remain invisible to your customers. Instead their
browsers provide them with a key indicator to let them know they are currently protected by
an SSL encrypted session - the lock icon in the lower right-hand corner, clicking on the lock
icon displays your SSL Certificate and the details about it. All SSL Certificates are issued to
either companies or legally accountable individuals.
Typically an SSL Certificate will contain your domain name, your company name, your
address, your city, your state and your country. It will also contain the expiration date of the
Certificate and details of the Certification Authority responsible for the issuance of the
Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate
and check that it has not expired, it has been issued by a Certification Authority the browser
trusts, and that it is being used by the website for which it has been issued. If it fails on any
one of these checks the browser will display a warning to the end user letting them know that
the site is not secured by SSL.
The use of an SSL certificate on a website is usually indicated by a padlock icon in web
browsers but it can also be indicated by a green address bar. Once you have done the SSL
install, you can access a site securely by changing the URL from http:// to https://. When an
SSL certificate is installed on a website, you can be sure that the information you enter
(contact or credit card information), is secured and only seen by the organization that owns
the website.
When your browser connects to an SSL server, it automatically asks the server for a digital
Certificate of Authority (CA). This digital certificate positively authenticates the server's
identity to ensure you will not be sending sensitive data to a hacker or imposter site. The
browser also makes sure the domain name matches the name on the CA, and that the CA has
been generated by a trusted authority and bears a valid digital signature. If all goes well you
will not even be aware this handshake has taken place.
However, if there is a glitch with the CA, even if it is simply out of date, your browser will
pop up a window to inform you of the exact problem it encountered, allowing you to end the
session or continue at your own risk.
Once the handshake is completed, your browser will automatically encrypt all information
that you send to the site, before it leaves your computer. Encrypted information is unreadable
en route. Once the information arrives at the secure server, it is decrypted using a secret key.
If the server sends information back to you, that information is also encrypted at the server's
end before being sent. Your browser will decrypt it for you automatically upon arrival, then
display it as it normally does.
Though SSL makes exchanging sensitive information online secure, it cannot guarantee that
the information will continue to be kept secure once it arrives safely at the server. For
assurance that sensitive information is handled properly once it has been received, you must
read the site's privacy policy. It does little good to trust your personal data to SSL, if the
people who ultimately have it will be sharing it with third parties, or keeping it on servers that
are not bound by restricted access and other security protocols. Therefore it is always wise to
read any site's privacy policy, which includes security measures, before volunteering your
personal information online.