A lot of web developers or webmaster today over AND undermines the importance of SSL (Secure Socket Layer), not solid state drive (if you're in the wrong article the back button's located on your toolbar). SSL is a security feature or function to enhance the overall user experience and trust. In this article I will briefly explain what SSL is, how its used and if it is right for you.

So as we know the internet, we open up our favourite browser (Internet Explorer, Firefox, etc.) and we type in a website and BAM! we arrive at the website full of information. For this article I'll say there's three components in this situation – the browser, the website AND the connection between the both of them. When it comes to security over the internet all three of these components must be secured.

As a web developer or webmaster you are responsible for two of these components: the website and the connection. The browser resides in the user's computer so they have to take the proper measures to secure that (anit-virus, trojan, spamware blah blah blah). For you, the website requires a lot of things to be secured and we'll leave this for another discussion.

Three Paragraphs and Still No SSL Talk Yet

So the remaining component here is the connection. SSL's responsibility is to encrypt/secure the data transmitting between the browser and the website. Image this, you have a client who's trying to shout to you his credit card number, 100 meters away, in a busy mall. Neither your client or you is comfortable with this (well you might be if you're that type of person). If you had a real life SSL in this situation it would work like this. Everybody in the mall speaks English, so SSL will translate what your client is saying into French and emit it. You don't have to understand French because SSL will translate it back to you. So eventhough you're yelling sensitive information, nobody can understand what is being said except you and your client.

The internet now-a-days is not just about getting content. Its about interactions between users and websites or users and users. If a hacker is sitting at the connecting listening (sniffing) the information they can hear everything you're saying. Yes, they can hear everything from your credit card information to your secret crush in the next cubicle. Having a certified SSL connection means that security is tighter and mitigates anything like that from happening.

Note: How can you tell if the site you're on has SSL implemented? Websites with SSL implemented will lead you to a website starting with HTTPS://. Just look at the URL right now as Crankberry Blog doesn't have SSL it just says HTTP://. Not only does the site need to have HTTPS:// they also need to have to have the proper certificate. Your browser will tell you if they do or not. Here are some examples of certified SSL pages through different browsers.

Internet Explorer 7

Firefox

Chrome

Safari 4

Do I need SSL

Here you are developing your website and wondering if you need SSL on your site. Well ask yourself these questions. Do you have any user interaction? Is your interactions sensitive? If your answers are yes then you would most likely need SSL. If your site is people discussing about their secret crushes or how much people should FMyLife then you shouldn't be too concern. In addition, if you have users signing up for accounts, how much would be compromised if their account information gets in the hands of a hacker? Sometimes people sign up for accounts with real and sensitive information while sometimes they just give out a bogus alias. Here is a list of some examples where I believe SSL is required, not required or borderline.

Required

• Online Banking
• Payment transfers
• Classified postings with transaction information
• Government websites
• Employment information sites
• Company intranets
• Email accounts
• Auction sites

Not-Required

• General Forums
• Blogging
• Commenting systems
• Guestbooks

Border-line

• Social networking
• Exclusive Forums

So there you have it. A general outlook at what SSL is and how it may help you. If you were looking for something more technical, by this point you may have already been disappointed.

Share It

This entry was posted on Saturday, September 26th, 2009 at 11:42 pm and is filed under Hosting Server, Web Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.