Secure Socket Layers (SSL)

Chris Hirst's Avatar
Written by Chris Hirst. Posted in Web Development and Site Management on 09 February 2012.
Hot 2107 hits 0 favoured

There is a general misconception that having a SSL certificate secures your entire website from being compromised and/or having users details "stolen", this is not the case.
What SSL actually does is to encrypt the communication between the client and the server so the information cannot be read using network "sniffers". Once the information is on the server it is easily read by anyone with server access or by hijackers if they have managed to infiltrate your server and have placed "rogue scripts" that send the information to a remote site.

Because only the communications are secured, a "self-signed certificate" offers exactly the same protection as a "known provider" certificate does, the only difference being that "known providers" of SSL certificate are already included in the computer operating system and therefore accessible to any browser running on that machine. With a self-signed certificate it is safe to allow this provided you verify that the certificate is issued by the same website you are visiting or by the server operators. Alternatively if it is a hosting control panel such as Plesk or cPanel the certificate issuer may be Plesk or cPanel, again it is perfectly safe to add these providers as well.

 


Chris Hirst's Avatar

Author: Chris Hirst

36 0 0
...
Powered by CjBlog