You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
usiness with you.<br />
However, you should also be aware of what SSL is not: it isn't a complete<br />
security package. If you transmit data over HTTPS and then store it in a<br />
database unencrypted when it reaches your server, someone with access to<br />
the database will still be able to easily retrieve the data. SSL is not the<br />
answer to everything – it's simply a way of avoiding anything happening to<br />
the data while it's 'out there', travelling across the Internet. Of course, your<br />
customers are unlikely to realize that (they think the padlock works like<br />
magic), but you at least should.<br />
Levels of Encryption.<br />
There are three main levels of SSL encryption: 40-bit, 128-bit and 256-bit.<br />
It's very important to emphasise at this point that 40-bit SSL is now outdated<br />
and deprecated: you would be a fool to use it. The only reason 40-bit<br />
encryption was available to begin with was because the US government was<br />
initially afraid of exporting cryptographic algorithms that were strong<br />
enough to be used against them: 40-bit was strong enough for most web<br />
uses, but still weak enough that they could break it by brute force with their<br />
powerful computers. The US was persuaded to relax the restrictions when<br />
the government realized that they were doing nothing but forcing IT<br />
development to other countries, but by then there had been widespread<br />
adoption of 40-bit encryption.<br />
Now, years later, there's really no reason to be using it. You should go for<br />
128-bit as a minimum, and preferably 256-bit – what you can afford will<br />
likely be dictated by the value of the goods you sell. If you think anyone is<br />
likely to try to break your encryption, you should get the best you can.<br />
How Do I Use SSL?<br />
If your web host supports SSL, then it should already be all set up for you (if<br />
you host your website yourself, then you might like to take a look at the<br />
tutorials at modssl.org to get it installed). However, before you can use SSL,<br />
you need to get certified – that is, buy an SSL certificate from one of the<br />
trusted certificate authorities. The big three are VeriSign, GeoTrust and<br />
Thawte, but they charge relatively high prices.<br />
The Web Design Guide for Newbies |104