Domainmonster.com Domain Editorials
Security on Your Website: HTTPS
What is HTTPS?
Secure-http, or https, is a secure protocol designed to be used in conjunction with http on websites where there is the need for encryption of data, such as credit card details.
Clients and servers who are not "aware" of https can still communicate with https websites, although without the additional security that https can provide. Https sites use a different default TCP port and an additional encryption/authentication layer between the http and TCP.
When visiting a secure website such as Paypal, you may have noticed that the address begins with "https" rather than "http", that there is a small padlock in your address bar and/or in the bottom right of your browser, and that, if you use Firefox, the address bar has changed to a pale yellow colour. All of these signs indicate that you are on a secure page.
If you think you ought to be on a secure page, but you don't see these things, check that you are at the correct URL and not on a "phishing site". These are sites where fraudsters attempt to steal personal details by imitating a legitimate login page.
Https is a must if any secure transactions happen on your website. If you have any sort of ecommerce site, or you offer a login page which allows access to sensitive data, you will need these to be on https pages.
The Costs of Using HTTPS
Using https requires certification, which is not cheap. VeriSign and various other companies offer a selection of https packages.
Https pages need to be posted on separate IP addresses from the rest of your site. You will probably have to pay your web hosting company extra for this. You will also need hosting which has SSL (secure socket layer).
However, having https if you are dealing with people's credit cards is vital, because web users are increasingly careful about where they give out their details, and you must be seen to care about security. In addition, good https packages should offer you some sort of insurance (although you should check under what circumstances you will be able to make a claim).
HTTPS: Problems and Limitations
- Https considerably slows down page loading.
- Https only prevents the information being sent on its journey between the user's computer and the server. It does not ensure the security of the server itself.
- The level of encryption provided depends on, among other things, the user's browser, over which you have no control.
By Helena Henderson