10.2. Using SSL Encryption

By default, all information that moves between your web browser and a web server (in either direction) is sent over the Internet in its raw, unencrypted form using HTTP (Hypertext Transfer Protocol). Ordinarily, this is no problem because most of the information on the web is, by definition, public, and most of the information sent by your web browser simply contains requests for that information. However, because it's relatively easy for someone to observe Internet traffic as it travels between browser and server, unencrypted HTTP isn't a safe way to transmit sensitive information, such as passwords, bank account numbers, and medical records.

Most sites that let you send or receive any sort of private information use SSL to encrypt the entire session between your browser and the server so that if anyone were to intercept the data, all he or she would see is a seemingly random stream of scrambled characters. SSL-protected sites use the HTTPS protocol (S for secure), and thus their URLs begin with the scheme https:// rather than http://. In addition, when you're connected to a secure website, your browser usually displays the icon of a locked padlock — often in the corner of the window, in the title bar, or (in the case of Safari 4, for example) in the tab corresponding to that page.

NOTE

SSL isn't the only way of securing data sent and received by web pages, but it's the most commonly used. Apple's MobileMe service, for example, uses SSL only for the ...

Get Mac® Security Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.