Transcript web server - gozips.uakron.edu

2440: 141
Web Site Administration
Web Application Resources
Instructor: Joseph Nattey
Client/Server Basics
 The Internet revolves around the client-server architecture.
 Your computer runs software called the client and it interacts with another software known
as the server located at a remote computer.
 The client is usually a browser such as Internet Explorer/Edge, Chrome or Firefox.
 Browsers interact with the server using a set of instructions called protocols.
 These protocols help in the accurate transfer of data through requests from a browser and
responses from the server.
 There are many protocols available on the Internet.
 The World Wide Web, which is a part of the Internet, brings all these protocols under one roof.
 You can, thus, use HTTP, FTP, Telnet, email etc. from one platform – your web browser.
 The web employs a connection-less protocol, which means that after every client-server
interaction the connection between the two is lost.
Web Application Resources
2
Client/Server Basics
 The client/server model generally has clients and servers, and business/application
logic (rules)
 Client – hardware or software used to communicate with a data
provider (server)
 Normally, one user uses a specific client at a time
 Server – a computer capable of providing data to many clients at the
same time
 Application/business logic – rules written in a programming language
to help the communication between clients and the server
Web Application Resources
3
Client/Server Basics
Web Application Resources
4
Network Connections and Ports
 TCP/IP is a two-layer program.
 The higher layer, Transmission Control Protocol, manages the assembling of
a message or file into smaller packets that are transmitted over the
Internet and received by a TCP layer that reassembles the packets into the
original message.
 The lower layer, Internet Protocol, handles the address part of each packet
so that it gets to the right destination.
 Each gateway computer on the network checks this address to see where
to forward the message.
 Even though some packets from the same message are routed differently
than others, they'll be reassembled at the destination.
Web Application Resources
5
Network Connections and Ports
 TCP is a connection-oriented protocol, which means a connection is established
and maintained until the application programs at each end have finished
exchanging messages.
 It determines how to break application data into packets that networks can
deliver,
 sends packets to and accepts packets from the network layer,
 manages flow control, and
 handles retransmission of dropped or garbled packets as well as acknowledgement
of all packets that arrive.
Web Application Resources
6
Network Connections and Ports…
 In computer networking, port numbers are part of the addressing




information used to identify the senders and receivers of messages.
Port numbers are associated with TCP/IP network connections.
They allow different applications on the same computer to share network
resources simultaneously.
Port numbers work like telephone extensions.
Just as a business telephone switchboard can use a main phone number
and assign each employee an extension number, so a computer has a main
address and a set of port numbers to handle incoming and outgoing
connections.
Web Application Resources
7
Network Connections and Ports…
 An Internet Protocol address (IP address) is a numerical label




assigned to each device (e.g., computer, printer) participating
in a computer network that uses the Internet Protocol for
communication.
An IP address serves two principal functions: host or network
interface identification and location addressing.
IP addresses are usually written and displayed in humanreadable notations, such as 172.16.254.1
Any device connected to the IP network must have an unique
IP address within the network.
An IP address is equivalent to a street address or telephone
number in that it is used to uniquely identify an entity.
Web Application Resources
8
Web Servers
 A web server is a computer system that processes requests via HTTP, the




basic network protocol used to distribute information on the World Wide Web.
The most common use of web servers is to host websites, but there are other uses
such as gaming, data storage, running enterprise applications, handling email, FTP,
or other web uses.
The primary function of a web server is to store, process and deliver web
pages to clients.
The communication between client and server takes place using the Hypertext
Transfer Protocol (HTTP).
Pages delivered are most frequently HTML documents, which may
include images, style sheets and scripts in addition to text content.
Web Application Resources
9
Web Servers
 The European Lab for Particle Physics (CERN) produced one of
the first Web servers
 The World Wide Web Consortium (W3C) took over the
development of the CERN HTTPD (W3C HTTPD)
 The National Center for Supercomputing Applications (NCSA)
also created an HTTP server which quickly became popular
between 1993 and 1995
 The Apache server (based on the NCSA implementation) has
become very popular
Web Application Resources
10
Web Browsers
 A web browser (commonly referred to as a browser)
is a software application for retrieving, presenting
and traversing information resources on the World
Wide Web.
 An information resource is identified by a Uniform
Resource Locator (URL) and may be a web page,
image, video or other piece of content.
 Hyperlinks present in resources enable users easily to
navigate their browsers to related resources.
Web Application Resources
11
Web Browsers
 Although browsers are primarily intended to use the World
Wide Web, they can also be used to access information
provided by web servers in private networks or files in file
systems.
 The major web browsers are Firefox, Internet Explorer, Google
Chrome, Opera, and Safari.
 Earlier Web browsers were text-based
 E.g. gopher, WAIS(Wide Area Information Servers), telnet, FTP
 NCSA Mosaic was the first real HTML browser that was
developed in 1993
Web Application Resources
12
Electronic Publishing
 The two main types of files in Web publishing are:
 ASCII Text Files – uses numeric values (0 – 127) to represent
letters, numbers, and other characters

Each byte of the file represents a specific character
 Binary Files – contain images, sounds, compressed ASCII text, etc
Web Application Resources
13
Images
 There are several file formats available for storing graphics and
images
 Web browsers support just a few image format
 The most common type of formats are:
 GIF (Graphic Interchange Format) – mostly used for graphics (like clip arts
logos, icons, etc) requiring fewer colors because it displays only 256 colors
 JPEG/JPG (Joint Photographic Expert Group) – mostly used for photographs
and images covering a wide spectrum of color because it uses the full 16.7
million colors (ksp)
 PNG (Portable Network Graphic) – offer millions of colors, lossless
compression, and other features that make them a good alternative to GIF
images in most cases
Web Application Resources
14
Audio
 Embedded in Web applications to play automatically,
or used as links to be played when a user clicks on a
link to the sound file
 There are a number of different types of Audio files.
 The most common are Wave files (wav) and MPEG Layer3 files (mp3).
Web Application Resources
15
Audio
 Some of the common sound files include:
 WMA - Windows Media Audio (.wma)
 Short for Windows Media Audio, WMA is a Microsoft file format for encoding digital audio
files similar to MP3 though can compress files at a higher rate than MP3. WMA files, which
use the ".wma" file extension, can be of any size compressed to match many different
connection speeds, or bandwidths.
 WAV (.wav)
 WAV is the format used for storing sound in files developed jointly by Microsoft and IBM.
WAV sound files end with a .wav extension and can be played by nearly all Windows
applications that support sound.
Web Application Resources
16
Audio
 Real Audio (.ra .ram .rm)
 Real Audio is a proprietary format, and is used for streaming audio that enables you to play
digital audio files in real-time.
 To use this type of file you must have RealPlayer (for Windows or Mac), which you can
download for free. Real Audio was developed by RealNetworks.
 MIDI - Musical Instrument Digital Interface (.mid)
 Short for musical instrument digital interface, MIDI is a standard adopted by the electronic
music industry for controlling devices, such as synthesizers and sound cards, that emit music.
At minimum, a MIDI representation of a sound includes values for the note's pitch, length, and
volume.
 It can also include additional characteristics, such as attack and delay time.
Web Application Resources
17
Audio
 Ogg (.ogg)
 Ogg is an audio compression format, comparable to other formats used to store and play digital
music, but differs in that it is free, open and unpatented.
 It uses Vorbis, a specific audio compression scheme that's designed to be contained in Ogg.
 Hundreds of file formats exist for recording and playing digital sound and music files.
 AIFF – originated on Macintosh
 Standard audio file format used by Apple.
 It could be considered the Apple equivalent of wav.
Web Application Resources
18
Multipurpose Internet Mail Extensions (MIME) Types
 MIME stands for "Multipurpose Internet Mail Extensions.
 It's a way of identifying files on the Internet according to their nature and format.
 Originally designed for sending email attachments and incorporated into http
 Both the Web server and the Web browser must have a MIME types database
 Mime type database – used to identify the file extension and
determine how the file must be sent
Web Application Resources
19
Multipurpose Internet Mail Extensions (MIME) Types
Application
MIME Type
File Extension
audio file
audio/basic
au
sound file
audio/basic
snd
midi file
audio/mid
mid
MP3 file
audio/mpeg
mp3
Web Application Resources
(sp)
20
The Hypertext Transfer Protocol (HTTP)
 HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files (text,
graphic images, sound, video, and other multimedia files) on the World Wide Web.
 Provides a standard way of communication and information exchange between the
Web browsers and Web servers
 As soon as a Web user opens their Web browser, the user is indirectly making use of
HTTP.
 HTTP is an application protocol that runs on top of the TCP/IP suite of protocols (the
foundation protocols for the Internet).
Web Application Resources
21
The Hypertext Transfer Protocol (HTTP)
 An HTTP client sends a request message to an HTTP server.
 The server, in turn, returns a response message.
 In other words, HTTP is a pull protocol, the client pulls information from the server
(instead of server pushes information down to the client).
Web Application Resources
22
The Hypertext Transfer Protocol (HTTP)
 HTTP concepts include (as the Hypertext part of the name implies) the idea that




files can contain references to other files whose selection will elicit additional
transfer requests.
Any Web server machine contains, in addition to the Web page files it can serve, an
HTTP daemon, a program that is designed to wait for HTTP requests and handle
them when they arrive.
Your Web browser is an HTTP client, sending requests to server machines.
When the browser user enters file requests by either "opening" a Web file (typing in
a Uniform Resource Locator or URL) or clicking on a hypertext link, the browser
builds an HTTP request and sends it to the Internet Protocol address (IP address)
indicated by the URL.
The HTTP daemon in the destination server machine receives the request and sends
back the requested file or files associated with the request. (A Web page often
consists of more than one file.)
Web Application Resources
23
The Hypertext Transfer Protocol (HTTP)
 HTTP is the foundation of data communication for the World Wide Web.
 Each request and response has three parts:
 Request/Response line

A request message from a client to a server includes, within the first line of that message, the request method
to be applied to the resource, the identifier of the resource, and the protocol version in use.
 Header section

The request-header fields allow the client to pass additional information about the request, and about the
client itself, to the server.
 Entity body – contains other data to be passed to the server
Web Application Resources
24
The Hypertext Transfer Protocol (HTTP)
 Whenever you issue a URL from your browser to get a web resource using HTTP, e.g.
http://www.nowhere123.com/index.html, the browser turns the URL into a request
message and sends it to the HTTP server.
 The HTTP server interprets the request message, and returns you an appropriate
response message, which is either the resource you requested or an error message.
This process is illustrated below:
Web Application Resources
25
HTTP Request/Response Example…
 Now let's put it all together to form an HTTP response for a request to fetch the hello.htm
page from the web server running on example.com
HTTP/1.1 200 OK
Date: Fri, 02 Sept 2016:21:53 GMT
Server: Apache/2.4.23
Last-Modified: Thurs, 31 Aug 2016 19:15:56 GMT
Content-Length: 88
Content-Type: text/html
Connection: Closed
<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>
Web Application Resources
26
HTTP Request/Response Example…
 The following example shows an HTTP response message displaying error condition when the web server
could not find the requested page:
HTTP/1.1 404 Not Found
Date: Fri, 02 Sept 2016:21:53 GMT
Server: Apache/2.4.23
Content-Length: 230
Connection: Closed
Content-Type: text/html; charset=iso-8859-1
<html>
<head>
<title>404 Not Found</title>
</head>
<body>
<h1>Not Found</h1>
<p>The requested URL /h.html was not found on this server.</p>
</body>
</html>
Web Application Resources
27
HTTP Request Methods
 The Web server uses the request method to determine what to do with the
browser’s request
 There are several methods defined by the HTTP 1.1 standard but only a few
are widely supported by the HTTP servers
 Some of the most widely used methods are:
 GET

The GET method is used to retrieve information from the given server using a given URI. Requests using
GET should only retrieve data and should have no other effect on the data.
 HEAD

Same as GET, but transfers the status line and header section only.
 POST

A POST request is used to send data to the server, for example, customer information, file upload, etc.
using HTML forms.
 PUT

Replaces all current representations of the target resource with the uploaded content.
 DELETE

Removes all current representations of the target resource given by a URI.
Web Application Resources
28
HTTP Request Methods
 GET Method
 A GET request retrieves data from a web server by specifying parameters in the URL
portion of the request. This is the main method used for document retrieval. The
following example makes use of GET method to fetch hello.htm:
GET /hello.htm HTTP/1.1
User-Agent: Mozilla/4.0
Host: www.example.com
Accept-Language: en-us
Connection: Keep-Alive
Web Application Resources
29
HTTP Request Methods
 The server response against the above GET request will be as follows:
HTTP/1.1 200 OK
Date: Fri, 02 Sept 2016:21:53 GMT
Server: Apache/2.4.23
Last-Modified: Thurs, 31 Aug 2016 19:15:56 GMT
Accept-Ranges: bytes
Content-Length: 88
Content-Type: text/html
Connection: Closed
<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>
Web Application Resources
30
HTTP Server Responses
 When a Web server responds to a HTTP request to the browser, the response typically
consists of a status line, some response headers, a blank line, and the document.
 A typical response looks like this:
HTTP/1.1 200 OK
Content-Type: text/html
Header2: ...
...
HeaderN: ...
(Blank Line)
<!doctype ...>
<html>
<head>...</head>
<body>
...
</body>
</html>
Web Application Resources
31
HTTP Server Responses
 The server generates an error if the resource requested cannot be located
 The status line consists of the HTTP version (HTTP/1.1 in the example), a status code (200 in
the example), and a very short message corresponding to the status code (OK in the
example).
HTTP/1.1 200 OK
Content-Type: text/html
Header2: ...
...
HeaderN: ...
(Blank Line)
<!doctype ...>
<html>
<head>...</head>
<body>
...
</body>
</html>
Web Application Resources
32
HTTP Server Responses
 The Status-Code element is a 3-digit integer result code of the attempt to
understand and satisfy the request.
 The first digit of the Status-Code defines the class of response.
 The last two digits do not have any categorization role.
 There are 5 values for the first digit:
 1xx: Informational - Request received, continuing process
 2xx: Success - The action was successfully received, understood, and accepted
 3xx: Redirection - Further action must be taken in order to complete the request
 4xx: Client Error - The request contains bad syntax or cannot be fulfilled
 5xx: Server Error - The server failed to fulfill an apparently valid request
Web Application Resources
33
The requester has asked the server to switch protocols and the server has agreed to d
Common Response Codes
 Informational 1xx
 100 Continue
 the initial part of the request has been received and the client should continue
 101 Switching Protocols
 The requester has asked the server to switch protocols and the server has agreed to do so.
 102 Processing
 A may contain many sub-requests involving file operations, requiring a long time to
complete the request.
 This code indicates that the server has received and is processing the request, but no
response is available yet.
 This prevents the client from timing out and assuming the request was lost.
Web Application Resources
34
Common Response Codes
 2xx Success
 200 OK
 the client’s request was successful and the server’s response contains the
resource requested

Standard response for successful HTTP requests.
 201 Created
 The request has been fulfilled, resulting in the creation of a new resource.
 202 Accepted
 The request has been accepted for processing, but the processing has not been
completed.
 The request might or might not be eventually acted upon, and may be disallowed
when processing occurs.
 204 No Content –
 The request was successful but the response is empty
Web Application Resources
35
Common Response Codes…
 Client Error 4xx
 400 Bad Request
 The server cannot or will not process the request due to an apparent
client error (e.g., malformed request syntax, too large size, invalid request
message framing, or deceptive request routing).
 403 Forbidden
 The request was a valid request, but the server is refusing to respond to it.
 The user might be logged in but does not have the necessary permissions
for the resource.
 404 Not Found
 the resource requested was not found on the server
Web Application Resources
36
Common Response Codes…
 Server Error 5xx
 500 Internal Server Error

A generic error message, given when an unexpected condition was encountered and
no more specific message is suitable.
 501 Not Implemented

The server either does not recognize the request method, or it lacks the ability to
fulfill the request.
 502 Bad Gateway

The server was acting as a gateway or proxy and received an invalid response from the
upstream server.
Web Application Resources
37
Common Response Codes…
 Server Error 5xx
 503 Service Unavailable

The server is currently unavailable (because it is overloaded or down for
maintenance). Generally, this is a temporary state.
 504 Gateway Timeout

The server was acting as a gateway or proxy and did not receive a timely response
from the upstream server.[61]
 505 HTTP Version Not Supported

The server does not support the HTTP protocol version used in the request.
Web Application Resources
38
HTTP Headers
 HTTP headers are the core part of these HTTP requests and
responses, and they carry information about the client browser, the
requested page, the server and more.
 When you type a url in your address bar, your browser sends an HTTP request
Web Application Resources
39
HTTP Headers
 Used to transfer Information between the client and server
 Has a name and value associated with it
 There is one header per line
Web Application Resources
40
Common Request Headers
 Accept
 Content-Types that are acceptable for the response.

example: Accept: text/plain
 Cookie
 contains cookie information (name/value pair) for the requested URL
 Referrer
 this is the address of the previous web page from which a link to the
currently requested page was followed.
 User-Agent
 identifies the Web browser software
 Server
 identifies the server software
Web Application Resources
41
Common Entity Headers
 Content-Length – specifies the size of the data transferred in the
entity body
 Content Type – specifies the MIME Type of the data returned in
the entity body
 Last-Modified – specifies the date/time the document was last
modified
Web Application Resources
42
Other Web-Related Servers
 Some of the most common servers that run along HTTP
servers are:
 Proxy servers
 Streaming Audio/Video
 File Transfer Protocol (FTP)
 Databases
 Secure Socket Layer (SSL)
Web Application Resources
43
Proxy Servers
 An intermediary server between a client and destination server
 Allows extra processing of returned data
 Have three main uses:
 Security – act as a firewall by rejecting other protocols
 Content filtering – restricts access to content based on file type
 Caching – stores frequently accessed pages
 A client connects to the proxy server, requesting some service, such as a
file, connection, web page, or other resource available from a different
server and the proxy server evaluates the request as a way to simplify and
control its complexity.
Web Application Resources
44
Proxy Servers
 Proxies were invented to add structure and encapsulation to distributed
systems.
 Communication between two computers (shown in grey) connected
through a third computer (shown in red) acting as a proxy.
 Bob does not know whom the information is going to, which is why proxies
can be used to protect privacy.
Web Application Resources
45
Streaming Audio and Video
 Allows a media player (or plug-in) to start playing multimedia content
while data is still being received
 With streaming media, a user does not have to wait to download a file
to play it.
 Because the media is sent in a continuous stream of data it can play as
it arrives.
 Users can pause, rewind or fast-forward, just as they could with a
downloaded file, unless the content is being streamed live.
Web Application Resources
46
Streaming Audio and Video
 Here are some advantages of streaming media:
 Makes it possible for users to take advantage of interactive applications like video search




and personalized playlists.
Allows content deliverers to monitor what visitors are watching and how long they are
watching it.
Provides an efficient use of bandwidth because only the part of the file that's being
transferred is the part that’s being watched.
Provides the content creator with more control over his intellectual property because the
video file is not stored on the viewer's computer.
Once the video data is played, it is discarded by the media player.
Web Application Resources
47
Streaming Audio and Video
 Media is usually streamed from prerecorded files but can also be distributed as part





of a live broadcast feed.
In a live broadcast, the video signal is converted into a compressed digital signal and
transmitted from a Web server as multicast, sending a single file to multiple users at
the same time.
Streaming media is transmitted by a server application and received and displayed
in real-time by a client application called a media player.
A media player can be either an integral part of a browser, a plug-in, a separate
program, or a dedicated device.
Streaming media technologies have improved significantly since the 1990s, when
delivery was typically uneven.
However, the quality of streamed content is still dependent upon the user's
connection speed.
Web Application Resources
48
Streaming Audio and Video
 Web browsers employ a plug-in to view any type of streaming content
 Unlike HTTP, many streaming media formats may use User Datagram
Protocol (UDP) instead of TCP/IP as a network protocol
 UDP is good for transmitting very small pieces of data quickly
 UDP will not retransmit data if there is an error
 UDP is faster than TCP/IP although TCP/IP is more reliable
 UDP is suitable for purposes where error checking and correction is either not
necessary or is performed in the application, avoiding the overhead of such
processing at the network interface level.
 Time-sensitive applications often use UDP because dropping packets is
preferable to waiting for delayed packets, which may not be an option in a realtime system.
Web Application Resources
49
File Transfer Protocol (FTP)
 The File Transfer Protocol (FTP) is a standard network protocol used to transfer




computer files between a client and server on a computer network.
FTP uses the Internet's TCP/IP protocols to enable data transfer.
FTP uses a client-server architecture, often secured with SSL/TLS.
FTP promotes sharing of files via remote computers with reliable and efficient data
transfer
Users provide authentication using a sign-in protocol, usually a username and
password,
 however some FTP servers may be configured to accept anonymous FTP logins where
you don't need to identify yourself before accessing files.
 FTP is most commonly used to download a file from a server using the Internet or
to upload a file to a server (e.g., uploading a web page file to a Web server).
Web Application Resources
50
Server-Side Programming
 Server-side scripting is a technique used in website
design which involves embedding scripts in an HTML source
code which results in a user's (client's) request to the server
website being handled by a script running on the server-side
before the server responds to the client's request.
 Scripts can be written in any number of server-side scripting
languages that are available (see next slide).
 Server-side scripting differs from client-side scripting where
embedded scripts, such as JavaScript, are run client-side in
a web browser.
Web Application Resources
51
Server-Side Programming
 Some popular programming languages are:
 Perl
 Active Server Pages (ASP)
 ASP.NET
 Java Server Pages (JSP) and Java Servlets
 PHP: Hypertext Preprocessor (PHP)
 Coldfusion
Web Application Resources
52
Server-Side Programming
 Advantages of Server-Side Scripting:
 Server-side scripting often reduces the loading time for web pages which




can improve the Google ranking of your site and prevent users leaving
because of issues with site speed.
As the scripting takes place on the server, the script itself is not sent to the
browser, this prevents it being copied, cloned or scrutinized for hacking
vulnerabilities.
Server-side scripting offers greater protection for user privacy and is the
preferred option for e-commerce, membership and social media sites.
The majority of websites now use dynamic content, much of which is
managed using server-side scripting.
Without server-side scripting the functionality of the internet as we know
it today would just not exist
Web Application Resources
53
Server-Side Programming
 Disadvantages of Server-Side Scripting:
 Scripting puts increased demands on a website’s server.
 Websites using large applications and with heavy traffic may need to utilize more
powerful hosting methods such as dedicated servers or cloud hosting to cope with
demand.
 Server-side scripting requires a database in order to store the dynamic data.
 This is not an issue in itself, but the database will need backing up regularly and will
need to be kept secure.
 .
Web Application Resources
54
Databases
 A database is an organized collection of data.
 It is the collection of schemas, tables, queries, reports, views, and other objects
 is a collection of information that is organized so that it can easily be accessed,
managed, and updated.
 The data is typically organized to model aspects of reality in a way that supports
processes requiring information.
 Such as modelling the availability of rooms in hotels in a way that supports finding a
hotel with vacancies.
 A large corporate database should typically be installed on its own dedicated server and
not on a Web server machine
Web Application Resources
55
Databases
 A database management system (DBMS) is a computer software application that interacts
with the user, other applications, and the database itself to capture and analyze data.
 A general-purpose DBMS is designed to allow the definition, creation, querying, update, and
administration of databases.
 Well-known DBMSs include MySQL, PostgreSQL, Microsoft SQL Server, Oracle, Sybase, and
IBM DB2.
 A database is not generally portable across different DBMSs, but different DBMS can
interoperate by using standards such as SQL and ODBC or JDBC to allow a single application
to work with more than one DBMS.
 Database management systems are often classified according to the database model that
they support; the most popular database systems since the 1980s have all supported the
relational model as represented by the SQL language.
 Structured Query Language (SQL) – language built in relational DBMSs to create and manipulate
databases
Web Application Resources
56
Databases
 Traditional databases are organized by fields, records, and files.
 A field is a single piece of information; a record is one complete set of fields; and a file is a
collection of records.
 For example, a telephone book is analogous to a file. It contains a list of records, each of which
consists of three fields: name, address, and telephone number
Web Application Resources
57
Secure Socket Layer (SSL)
 SSL (Secure Sockets Layer) is a standard security technology for establishing an
encrypted link between a server and a client
 typically a web server (website) and a browser; or a mail server and a mail client
 Often used with HTTP to allow information exchange between a Web browser and
a Web server
 SSL allows sensitive information such as credit card numbers, social security
numbers, and login credentials to be transmitted securely.
 Normally, data sent between browsers and web servers is sent in plain text—
leaving you vulnerable to eavesdropping.
 If an attacker is able to intercept all data being sent between a browser and a web server
they can see and use that information.
 More specifically, SSL is a security protocol.
Web Application Resources
58
Secure Socket Layer (SSL)
 SSL secures millions of peoples’ data on the Internet every day, especially during
online transactions or when transmitting confidential information.
 Internet users have come to associate their online security with the lock icon that
comes with an SSL-secured website.
 SSL-secured websites also begin with https rather than http.
 Why Do I Need SSL?
 One of the most important components of online business is creating a trusted
environment where potential customers feel confident in making purchases.
 Browsers give visual cues, such as a lock icon or a green bar, to help visitors know when
their connection is secured.
Web Application Resources
59
Secure Socket Layer (SSL)
1.
2.
3.
4.
5.
Browser connects to a web server (website) secured
with SSL (https). Browser requests that the server
identify itself.
Server sends a copy of its SSL Certificate, including the
server’s public key.
Browser checks the certificate root against a list of
trusted CAs and that the certificate is unexpired,
unrevoked, and that its common name is valid for the
website that it is connecting to. If the browser trusts
the certificate, it creates, encrypts, and sends back a
symmetric session key using the server’s public key.
Server decrypts the symmetric session key using its
private key and sends back an acknowledgement
encrypted with the session key to start the encrypted
session.
Server and Browser now encrypt all transmitted data
with the session key.
Web Application Resources
60
Secure Socket Layer (SSL)
 If your site collects credit card information you are required by the
Payment Card Industry (PCI) to have an SSL Certificate.
 If your site has a login section or sends/receives other private
information (street address, phone number, health records, etc.), you
should use SSL Certificates to protect that data.
 Your customers want to know that you value their security and are
serious about protecting their information.
 More and more customers are becoming savvy online shoppers and
reward the brands that they trust with increased business.
Web Application Resources
61