Course Overview Section 1 Section 2 Section 3 Section 4 Search Site

SECTION 1

Part A Part B Part C Assignments

---

 

 

 

Security and the Web

CIW Website Design Manager Course Section 1, Part A, Chapter 3

Cookies

Cookies are small text files placed on a web site visitor's computer so that Web site managers can gain marketing information about their visitors, and can customise their Web site with visitor preferences. Cookies are, most often, used to personally identify the visitor. Because cookies are simple text files, they do not, as such, present a security danger. They can however, be considered an invasion of privacy so most, if not all, browsers can be configured to block cookies. This can give peace of mind, but it will mean having to log-on to shopping sites, forums, and other sites that require your identity. With cookies enabled you can re-visit the type of sites and they will be able to "remember" you through the use of cookies.

Again, in most browsers you can configure them to block cookies, but make exceptions for known sites. This gives the best of both worlds, in that only sites you have chosen to trust can place cookies on your machine.

Sending Secure Data over the Web

Most business Web pages encourage you to subscribe to, register for, or purchase products from, their web pages. The pages are usually directly, or indirectly, soliciting personal information. If you fill in a Web form, how do you know if your personal details will be securely transmitted?

Both Netscape Navigator and Microsoft Internet Explorer display a security information alert, to warn you of potential security risks. This warning tells you that you are about to send un-encrypted information, allowing you the chance to cancel the operation.

Secure Sites

When you enter secure site, the browser will display a different warning:

This indicates that you are about to view pages over a secure connection. When completing and submitting a form in a secure web site, encryption is used to encode the data between your computer and the web server. Therefore, even if your data is intercepted, it will be unusable.

Encryption Protocols

There are several protocols that have been created to transfer information securely over the inherently insecure channels of the Internet.

• Secure Sockets Layer (SSL). SSL is a lower-level protocol that works directly on top of TCP/IP and it is easily used to add security to protocols used for Web communication. SSL functions by using a number of key-based algorithms.

• S/MIME. Secure/Multipurpose Internet Mail Extensions is emeging as the protocol of choice for asynchronous messaging over the Internet.

Digital Certificates

Digital Certificates prove the identity of an individual or company over the Web. They are equivalent to ID cards and are digitally signed by the creator of the certificate. Most often, they are created by and signed by a certificate authoroty who is a third party trusted by both the sender and receiver of the certificate.

 

Site Map CIW Books JavaScript Books Perl Books Acronyms MyODBC CSS SQL Hosting

Design by Stephen

Certified Internet Webmaster

Page last Edited: 10 Nov 2011