When you call some website, you may see a padlock like that pictured below:
It means the website you are browsing is encrypted. When the padlock is green, it generally means all the items on the website is encrypted. In some cases the padlock may appear but it is not green. This usually implies that some errors are present. It may simply mean the certificate (I will touch on this elsewhere as a troubleshooting piece) does not match the browser address or that some items on the page are simply not encrypted. Different browsers offer different ways of troubleshooting the problem.
What is the underlying technology?
Usually to call up a website you put the following:
This is known technically as the Hypertext Transfer Protocol. This is not encrypted and in most cases it does need to be. When someone intercepts that communication with the website, they have access to that information. Secure Hypertext Transfer Protocol (ref 1), introduces encryption to the communication by passing it over a transport layer security (TLS) or secure layer security (SSL) (ref 2). I am not going to bore you with the technical details but the video below does a really good job of explaining it:
It is best practice to encrypt sensitive communication between the user and the server. Encryption can slow down the communication between the user and the website but you will hardly notice. Encryption is necessary for sensitive transactions like credit card processing.
How I implemented it:
In a recent project, I recommended the encryption of the repeat prescription data sent by customers to the pharmacy. I achieved this by suggesting a hosting package that comes with an SSL Certificate as standard and enforcing SSL protocol on the necessary pages using a really nice WordPress plug in created by David Gregg of Creative Cloud Solution called CCS-HTTPS under the GPLv3 Licence.
Of course you can enforce SSL on pages using the the following codes depending on the programming environment you are using:
Active Server Pages:
Put this code below in a file called “enforcessl.asp”
If Request.ServerVariables("SERVER_PORT")=80 Then
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables("URL")
For each web page you want to enforce ssl, simply include the code below at the top of the page
The code you need to secure other technology pages can be find below:
Just keep adopting best practices online.