|
|
|
|
|
|
|
|
- Implementing secure transactions via the TLS/SSL protocol
- Transactions secured by TLS/SSL in a WEBDEV site
17. TLS/SSL: Encrypting information on the Web
By default, the data exchanged between the end user computer and the Web server is not encrypted. The authenticity of the server identity, the confidentiality and the integrity of exchanged data are not guaranteed. To insure confidentiality, the most used method is the TLS/SSL protocol (Transport Layer Security, formerly Secure Socket Layer). This protocol guarantees the identity of the server to which the Internet accesses and encrypts the data exchanged between the server and the browser. Implementing secure transactions via the TLS/SSL protocol To implement secure transactions via the TLS/SSL protocol, you must comply with all the requirements linked to this protocol (purchase of a certified SSL key from a specific organization or generation of a self-signed key for private use or for test). For more details, see the WEBDEV online help. Transactions secured by TLS/SSL in a WEBDEV site In most cases, only the transfer of sensitive data must be secured: transferring a credit card number for example. The secure mode is slower. However, a growing number of sites are operating entirely in TLS/SSL thanks to the increase in machine power, which ensures greater confidentiality of user operations.
The secured mode is implemented when opening a new page via a button (or link). Simply call SSLActive in the browser code of the button (or link). As soon as the secure page is opened, all the actions will be performed in secure (encrypted) mode. To go back to non-secure mode, simply use SSLActive(False) in the browser code of a button (or link) used to open a new page. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|