The padlock in my browser

When you call some website, you may see a padlock like that pictured below:

padlock

 

 

It means the website you are browsing is encrypted. When the padlock is green, it generally means all the items on the website is encrypted. In some cases the padlock may appear but it is not green. This usually implies that some errors are present. It may simply mean the certificate (I will touch on this elsewhere as a troubleshooting piece) does not match the browser address or that some items on the page are simply not encrypted. Different browsers offer different ways of troubleshooting the problem.

 

What is the underlying technology?

 

Usually to call up a website you put the following:

 

 http://mylovelyaddress.com

 

This is known technically as the Hypertext Transfer Protocol. This is not encrypted and in most cases it does need to be. When someone intercepts that communication with the website, they have access to that information. Secure Hypertext Transfer Protocol (ref 1), introduces encryption to the communication by passing it over a transport layer security (TLS) or secure layer security (SSL) (ref 2). I am not going to bore you with the technical details but the video below does a really good job of explaining it:

 

 

It is best practice to encrypt sensitive communication between the user and the server. Encryption can slow down the communication between the user and the website but you will hardly notice. Encryption is necessary for sensitive transactions like credit card processing.

 

How I implemented it:

In a recent project, I recommended the encryption of the repeat prescription data sent by customers to the pharmacy. I achieved this by suggesting a hosting package that comes with an SSL Certificate as standard and enforcing SSL protocol on the necessary pages using a really nice WordPress plug in created by David Gregg of Creative Cloud Solution called CCS-HTTPS under the GPLv3 Licence.

 

Of course you can enforce SSL on pages using the the following codes depending on the programming environment you are using:

 

Active Server Pages:

 

Put this code below in a file called “enforcessl.asp”

 

<%
If Request.ServerVariables("SERVER_PORT")=80 Then
Dim strSecureURL
strSecureURL = "https://"
strSecureURL = strSecureURL & Request.ServerVariables("SERVER_NAME")
strSecureURL = strSecureURL & Request.ServerVariables("URL")
Response.Redirect strSecureURL
End If
%>

For each web page you want to enforce ssl, simply include the code below at the top of the page

 

<%@Language="VBSCRIPT"%>
<!--#include virtual="/enforcessl.asp"-->

 

The code you need to secure other technology pages can be find below:

PHP

Javascript

 

Just keep adopting best practices online.

admin

CEO and Technology Manager at Iforg Limited

3 Responses to “The padlock in my browser”

  1. Front and Back | Net Projects

    […] month I posted something about best practice with respect to site encryption. That sorts out the front door. If you wanted to protect your house from buglers, would you lock […]

    Reply
  2. Troubleshooting a website using Google Chrome | Net Projects

    […] the next few weeks and months, I hope to bring you tips for troubleshooting sites (after all, I touched on this in this post) . Google Chrome offers a powerful troubleshooting tool called inspect element. The video below […]

    Reply
  3. My heart bleeds! | Net Projects

    […] come together so devastatingly. I talked about how it is best practice to encrypt website using the Secure Hypertext Transfer protocol. I also recently described the open source philosophy. It is now clear that a security bug has […]

    Reply

Leave a Reply