How can I get HTTPS in my web application?

9

In this link I learned how HTTPS works: StackOverFlow - How HTTPS works

But I do not know which applications I should use, and how to get HTTPS, if it depends on some host , programming language etc.

For more detail I say, my application and collection of defaults created with PHP, JavaScript, CSS and HTML.

    
asked by anonymous 16.01.2015 / 16:06

2 answers

9

You should use applications you need to protect your data traffic. And only this data. Never use HTTPS for data that does not need to be protected since there is an extra cost to manipulate this data.

But understand that a lot needs to be protected. Remember that data can be manipulated in the middle of the path. HTTPS helps prevent them from being altered in this process without even being detected. So I'm not just talking about passwords or credit card numbers. Any information that is unacceptable that can be intercepted should be protected, even some that seem trivial. Imagine an address changed and delivery goes the wrong place. Even a simple age can make you display inappropriate content for people who can not access it. The examples can be numerous.

HTTP is a protocol for transporting data typically between browsers and servers. Most of the things you do for web uses HTTP. And HTTPS is just a "safe" way to traffic that data. As you have already read in the other question the data is trafficked encrypted.

Whenever someone does a login on a site , it should be encrypted so the password entered is not easily read if the data packets are unduly caught. Then you should use HTTPS.

If there are other data that should be protected, even if only to protect the privacy of those involved, it should use HTTPS.

All browsers and HTTP servers like Apache and IIS know how to handle this data traffic encrypted by the HTTPS protocol.

But this is not enough, you need a certificate installed on the server to use the protocol correctly. This certificate must be purchased ( free options with limitations) in a in English ) that is recognized at least in the most used versions of browsers since they must also have a certificate to establish the communication. These details are already in the other question.

Of course, for internal things, you can generate your own certificate. It can be used for everything, but it will not be considered reliable outside of its internal use, which also needs to be configured to accept its own certificate.

The language itself does not necessarily have to know how to handle the protocol. At least not to do trivial things. Of course in some situations you may want to know how to handle the protocol directly. But in general you just need to determine which protocol to use indicating HTTPS. So you do not need to deeply understand how the protocol works to do the basics, you just have to have your server configured correctly with a valid certificate.

Remember that if the page is HTTPS. All your content should be too.

Overall this is it, of course there are some simplifications there. If you have more specific questions, post more specific questions.

    
16.01.2015 / 16:26
4

First you can not acquire HTTPS . If you read the response from @mgibsonbr in the question you refer to it explains and poses the question as it is.

If you visit the Wiki it will read that:

  

HTTPS (Hyper Text Transfer Protocol Secure)   secure hypertext transfer) is an implementation of the protocol   HTTP over an additional layer of security that uses the protocol   SSL / TLS. This additional layer allows the data to be transmitted   through an encrypted connection and that the   authenticity of the server and client through certificates   digital images. The TCP port used by default for the HTTPS protocol is 443.

That said, I think you'd like to know how to get an SSL certificate and I'll refer you back to the same answer, but I'd recommend contacting your hosting service provider so this will certainly a response more according to the specifications of the service you use.

Installation on the server and consequent use is not complicated, and once again your hosting provider will certainly help you. The installation will depend a lot on the system you use but nowadays there are already solutions that allow you a very intuitive way of doing it.

    
16.01.2015 / 16:28