Tuto WEBDEV 25

Part 7: Specific Web features 291 Securing the information and the pages via TLS/SSL Overview By default, the data exchanged between the computer of Web user and the Web server is not protected. This data flows in clear on the network. Several systems can be used to secure the data. A common system consists in using the TLS (Transport Layer Security) / SSL (Secure Socket Layer) protocol. The information is not longer exchanged via the HTTP protocol but via the HTTPS protocol (for example : https://customers.mywebdevsite.com/customers) . Implementing secure transactions via the TLS/SSL protocol To implement secure transactions via TLS/SSL, you must install a certificate on the Web server and configure the Web server. Two different methods can be used to get a certificate: 1. A purchase beside a certified organism. 2.  The generation of a self-signed certificate. See the online help for more details, keyword: "SSL". Transactions secured by TLS/SSL in a WEBDEV site The secure mode is implemented when displaying the page that requires to be secured (page for entering the credit card number for example). All you have to do is call SSLActive in the browser code of the button that opens this page. As soon as the secure page is opened, all actions will be performed in secure mode (which means encrypted), regardless of the objects used (link, table, looper, clickable image, ...). See the online help for more details, keyword: "SSLActive". Secure payment Overview Most of the business sites allowing the Web users to perform an online purchase are using a system for online payment by credit card. The secure payment is an essential feature for an e-commerce site. The payment solution must reassure the Web user (the "customer") and must guarantee the payment to the business site. The data exchanged during this transaction must be secured (via the SSL protocol that was described in the previous paragraph for example).