Step 1

Enter your contact information.

Step 2

Enter your project information.

Step 3

Choose the PHP programmers you want to hire.

Compare Free PHP Quotes





Country



HTTPS Is More Secure, So Why Isn’t the Web Using It?

*Attention PHP Programmers* - Add A Free Listing! Get more clients.

Win a new Compaq Presario Notebook!

You wouldn’t write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection, that’s essentially what you’re doing.

There is a better way, the secure version of HTTP — HTTPS. That extra “S” in the URL means your connection is secure, and it’s much harder for anyone else to see what you’re doing. But if HTTPS is more secure, why doesn’t the entire web use it?

HTTPS has been around nearly as long as the web, but it’s primarily used by sites that handle money — your bank’s website or shopping carts that capture credit card data. Even many sites that do use HTTPS use it only for the portions of their websites that need it — like shopping carts or account pages.

Web security got a shot in the arm last year when the FireSheep network-sniffing tool made it easy for anyone to detect your login info over insecure networks — your local coffeeshop’s hotspot or public Wi-Fi at the library. That prompted a number of large sites to begin offering encrypted versions of their services on HTTPS connections.

Lately even sites like Twitter (which has almost entirely public data anyway) are nevertheless offering HTTPS connections. You might not mind anyone sniffing and reading your Twitter messages en route to the server, but most people don’t want someone also reading their username and password info. That’s why Twitter recently announced a new option to force HTTPS connections (note that Twitter’s HTTPS option only works with a desktop browser, not the mobile site, which still requires manually entering the HTTPS address).

Google has even announced it will add HTTPS to many of the company’s APIs. Firefox users can go a step further and use the HTTPS Everywhere add-on to force HTTPS connections to several dozen websites that offer HTTPS, but don’t use it by default.

So, with the web clearly moving toward more HTTPS connections, why not just make everything HTTPS?

That’s the question I put to Yves Lafon, one of the resident experts on HTTP(s) at the W3C. There are some practical issues most web developers are probably aware of, such as the high cost of secure certificates, but obviously that’s not as much of an issue with large web services that have millions of dollars.

The real problem, according to Lafon, is that with HTTPS you lose the ability to cache. “Not really an issue when servers and clients are in the same region (meaning continent),” writes Lafon in an e-mail to Webmonkey, “but people in Australia (for example) love when something can be cached and served without a huge response time.”

Lafon also notes that there’s another small performance hit when using HTTPS, since “the SSL initial key exchange adds to the latency.” In other words, a purely security-focused, HTTPS-only web would, with today’s technology, be slower.

For sites that don’t have any reason to encrypt anything — in other words, you never log in, so there’s nothing to protect — the overhead and loss of caching that comes with HTTPS just doesn’t make sense. However, for big sites like Facebook, Google Apps or Twitter, many users might be willing to take the slight performance hit in exchange for a more-secure connection. And the fact that more and more websites are adding support of HTTPS shows that users do value security over speed, so long as the speed difference is minimal.

Another problem with running an HTTPS site is the cost of operations. “Although servers are faster, and implementations of SSL more optimized, it still costs more than doing plain HTTP,” writes Lafon. While less of a concern for smaller sites with little traffic, HTTPS can add up, if your site suddenly becomes popular.

Perhaps the main reason most of us are not using HTTPS to serve our websites is simply that it doesn’t work with virtual hosts. Virtual hosts, which are what the most common cheap Web-Hosting providers offer, allow the web host to serve multiple websites from the same physical server — hundreds of websites all with the same IP address. That works just fine with regular HTTP connections, but it doesn’t work at all with HTTPS.

There is a way to make virtual hosting and HTTPS work together — the TLS Extensions protocol — but Lafon notes that, so far, it’s only partially implemented. Of course that’s not an issue for big sites, which often have entire server farms behind them. But until that spec — or something similar — is widely used, HTTPS isn’t going to work for small, virtually hosted websites.

In the end there is no real reason the whole web couldn’t use HTTPS. There are practical reasons why it isn’t happening today, but eventually the practical hurdles will fall away. Broadband speeds will improve, which will make caching less of a concern, and improved servers will be further optimized for secure connections.

In the web of the future the main concern won’t just be how fast a site loads, but how well it safeguards you and protects your data once it does load.

Photo: Joffley/Flickr/CC

Source http://www.webmonkey.com/?p=50283
Fri, 18 Mar 2011 19:41:11 GMT
Tags: HTML, Programming, Security,

*Attention PHP Programmers* - Add A Free Listing! Get more clients.

HTML

JavaScript WYSIWYG Editor – TinyEditor

TinyEditor is a simple JavaScript WYSIWYG editor that is both lightweight (8KB) and standalone. It can easily be customized to integrate with any website through CSS and the multitude of parameters.

Build your own website, 10 Tips for Success!

If you’re a webmaster or a website owner, this article is for you: These 10 tips can help you to build better and more successful websites. We suggest to hire a web developer if you can’t write the HTML source code. Even if you’re able t

Programming

Cussing in Commits: Which Programming Language Inspires the Most Swearing?

As any programmer can tell you, programming will make you swear. But did you know that writing C++ will make you swear considerably more than PHP or Python? Developer Andrew Vos was looking for a weekend project when he decided to grab some one million co

Amazon S3 Storage Now Handles Entire Websites

Cheap, cloud-hosted web servers are a key component of a distributed web. But sometimes you don’t need a server, you just need a cheap way to host your static files, like images and videos. That’s the gap Amazon’s S3 service has long fil

Who Swears the Most? How Foursquare Used Hadoop to Find Out

We told you who swears the most in their code, but what about in the real world? Foursquare, the location check-in service, has used its rather large dataset to graph the “rudest” places in the English-speaking world — Manchester, U.K. t

Security

It’s World Backup Day, Do You Know Where Your Files Are?

Amazon’s recent leap into the world of online backups, with its new CloudDrive service, is just one of several dozen ways you can backup your files. And, as anyone with a failed hard drive can tell you, there’s no such thing as too many backup

EFF Wants to Secure the Web With “HTTPS Now” Campaign

The Electronic Frontier Foundation (EFF) has kicked off a new “HTTPS Now” campaign to educate consumers and help “make web surfing safer.” The new campaign is a two part effort. First the EFF would like to encourage users to instal

Members:
Rocky River
Lytell Designs Profile
Lytell Designs

Creating unique design solutions that are both affordable and inspiring. Specializing in design, layout & production of printed materials, logos & illustrations.

Rocky River, Ohio US
Lahore
id4brands Profile
id4brands

I am Graphics Designer, I have Experience in this Field more than 10 years. i mostly work in print field. Products Catalog, e-catalog, brochures, flyers, brands names. logos. business cards.

Lahore, Punjab PK
Chelsea
Ann Arbor Software Profile
Ann Arbor Software

Chelsea, Michigan US
Dumaguete City
RetiredCoder Profile
RetiredCoder

I retired 4 years ago at 32 & I'm now living in the Philippines. With 16 years experience in PHP/MySQL/JavaScript development, my passion is code. My work always exceeds expectations.

Dumaguete City, Central Visayas PH
Dunmore
Computer Wonders Profile
Computer Wonders

Get a website for $400.00. Please see our Facebook page for more details. http://www.facebook.com/Computer.Wonders

Dunmore, Pennsylvania US
Design Leads


PHP Programmers Valid HTML 4.0 Transitional Valid CSS!

Why Wait for Google? Use Encrypted Search Today

The beta version of Google Chrome is now selectively redirecting users to Google's encrypted search


Offline Gmail Returns, Sort of

Offline Gmail is back. Originally built around Google’s Gears plugin, the company announced ea


A Rose by Any Other Name Might Smell as Sweet, But it Would Probably Be Larger

The JS1K contest seeks the web's smallest, most impressive JavaScript experiments. This year's love-


Build Faster Mobile Websites With ‘Adaptive Images’

Responsive design means your website can adapt to any screen size, but without some extra help your


Archive Your Social-Network Life With ThinkUp 1.0

The new ThinkUp web app wants to help rescue your online social life from the clutches of Twitter, F


Article Tags
PHP Programmers Articles
Browsers| CSS| HTML5| Web Standards| firefox| Web Basics| Programming| Web Services| Web Development| JavaScript| Mobile| This Week in Web| Visual Design| chrome| Multimedia| Google| CSS 3| Opera| responsive design| Web Apps|
Friends:
Live Help Chat Software
Web Design Quote
Web Design