Determining Secure Sockets Layer Security

Secure Sockets Layer (SSL) is used to encrypt Internet transmissions and create a trusted relationship between servers and Web clients. SSL provides privacy through encryption and authentication between the server and the client. SSL also detects tampering. The following protocols can use SSL:

• Hypertext Transfer Protocol (HTTP)

• Internet Inter-ORB Protocol (IIOP)—Java applets that use this protocol must be set up to use SSL

• Lightweight Directory Access Protocol (LDAP)

• Mail Protocols—IMAP, POP3, and SMTP

Not all applications need to be secured. If you are building an application that requires users to supply personal or confidential information, such as credit cards or social security numbers, then using SSL is essential. SSL could be applied to just a single database or the whole Web site.

Your administrator can require users to use SSL through a Web site document when accessing the server, as discussed in Chapter 15, “Manage and Maintain.” Designers can require users to use a secure SSL connection to access a single database, as discussed in section “Using SSL” later in this chapter.

For SSL type of authentication, Web users have been issued an X.509 client certificate and connect to the server over a SSL port; they are authenticated with this client certificate.