How protection does SSL provide to a web site ? RSS

• • Reply
  

  GMann

  Member

  406 Points

  519 Posts

  How protection does SSL provide to a web site ?

  Nov 08, 2012 10:54 PM|LINK

  HI;

  I never thought about this before but if your web controls are not html.encoded but your view state is encrypted

  does the fact the site has a SSL provide "additional" ?

   I know of no e-commerce site that doesn't use SSL to "try"

  and protect it's transactions.

  Thanks for your thoughts !

   

  • Moved by mbanavige on Dec 11, 2012 10:44 PM
• • Reply
  

  BrockAllen

  All-Star

  28072 Points

  4996 Posts

  MVP

  Re: How protection does SSL provide to a web site ?

  Nov 09, 2012 02:17 AM|LINK

  GMann

  I never thought about this before but if your web controls are not html.encoded but your view state is encrypted

  ViewState, by default, is not encrypted -- it's only base64 encoded.

  GMann

  does the fact the site has a SSL provide "additional" ?

  SSL provides 1) confidentiality, 2) integrity and 3) authentication.

  confidentiality means the channel between the browser and server is encrypted and no eavsedroppers on the shared netowrk doing packet sniffing can read the data.

  integrity means that the bits being sent from the client to the server and from the server to the client can be modified without detection. so an eavsedropped can't change packets in transit.

  authentication means that the client knows that the server is the right server (and optionally the server knows the client is the client). when you enter your username/password (or credit card number or anything else sensitive into the browser) that you know you really are sending it to a server you know and trust.

  Brock Allen | http://brockallen.com
  DevelopMentor | http://www.develop.com
  thinktecture | http://www.thinktecture.com/
  • Edited by BrockAllen on Nov 09, 2012 02:32 AM
  • Marked as answer by GMann on Nov 17, 2012 09:51 AM
• • Reply
  

  Shailendra S...

  Member

  551 Points

  145 Posts

  Re: How protection does SSL provide to a web site ?

  Nov 09, 2012 02:43 PM|LINK

  1. A browser attempts to connect to a website secured with SSL.
  2. The browser requests that the web server identify itself.
  3. The server sends the browser a copy of its SSL Certificate.
  4. The browser checks whether it trusts the SSL Certificate. If so, it sends a message to the server.
  5. The server sends back a digitally signed acknowledgement to start an SSL encrypted session.
  6. Encrypted data is shared between the browser and the server.
  Mark as answer if it answered your question.
  
  www.techaray.com
  
  
  
  • Marked as answer by GMann on Nov 17, 2012 09:51 AM