BigNoseBird.Com- Home Small Logo
The 508 compliant Guide to 
       Big Nose Bird
Return to the Secure Server Page

HOW DOES A SECURE SERVER WORK

ESTABLISHING THE CONNECTION
Unlike requesting a regular (http) web page or script, the browser and server must go through a few gyrations before anything can happen of interest to the reader. Here is a simplified outline of how the SSL connection is made.

  • The browser asks to start a secure session with the server.

  • The server returns the site's certificate.

  • The browser checks the certificate information for validity.

  • The browser creates a session key which is encrypted with the server's public key which is then sent to the server.

  • The server then decrypts this information using its private key.

  • Both the browser and the server now are using the same session key.
As the webmaster, you can have a level of control of which method and strength of encryption is required. There are environment variables available to your pages and scripts that allow you for example, to see if 128 bit encryption is supported by the browser. If you have a policy of enforcing very strong encryption, then you can send a message back to the user suggesting they download a 128 bit enabled browser.

NOW WHAT?
Once both the browser and the server are using the same secret key for encrypting and decrypting their information, they can then have a certain amount of comfort in knowing their information cannot be intercepted and decoded by a third party. Of course, this depends on whether strong or weak encryption is used.

For the visitor to you site, the little lock icon will appear on their browser. As long as you continue to use the https: protocol, everything between the browser and your scripts is handled tranparently without you having to worry about the details.




Find or Give Help on the BBS
 
Home Top E-Mail
If it looks great, it's by Christine
Some Fine Print
© 1997-2003 BigNoseBird.Com®, Inc. All rights reserved. All other trademarks are the sole property of their respective owners. The products that we recommend are only ones that we use. We have no relationship with any of the authors or their companies. We cannot assume responsibility for their ultimate performance or lack of same. We also cannot assume responsibility for either any programs provided here, or for any advice that is given since we have no control over what happens after our code or words leave this site. Always use prudent judgment in implementing any program- and always make a backup first! For further information, please read our Privacy Statement. We can be contacted at webmaster@bignosebird.com.


<reallybig.com>
Web Builder Network Portal
Advertise
on the
Reallybig.com
Network
BigNoseBird Newsletter
Subscribe
Un-Subscribe


Sign up today to receive our low volume newsletter. Tips, tricks, news, and whatever else crosses our minds.
Back Issues
Privacy Statement