Such an attack could be made when an administrator logs in
while the attacker listens to the network traffic to intercept the administrator??™s username
and password. To guard against this potential problem, we use the HTTPS protocol, which
encrypts the transmitted data and ensures a degree of confidentiality of the transmission.
Using Secure Connections
HTTP isn??™t a secure protocol, and even if your site protects sensitive areas using passwords (or
other forms of authentication), the transmitted data could be intercepted and stolen. To avoid
this, you need to set up the application to work with Secure Socket Layer (SSL) connections
using the Hypertext Transport Protocol, Secure (HTTPS) protocol.
To be able to accept incoming HTTPS connections, a web server must be configured with
a security certificate. Security certificates are basically public-private key pairs similar to those
used in asynchronous encryption algorithms. You can generate these yourself, but if you??™re not
a trusted certification authority (such as VeriSign or Thawte), this method may be problematic.
Digitally signed SSL certificates that aren??™t issued by trusted certification authorities will
cause browsers to doubt your security. When a user accesses secure pages whose certificate
isn??™t issued by a trusted certification authority, the browser will show a warning message.
Pages:
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388