Secure WWW server

On this page:


About secure WWW servers

A secure WWW server:

  • Is capable of identifying itself authoritatively to a browser
  • Allows for encrypted communications between the WWW server and browser over the internet

A secure WWW server, also called an SSL (Secure Sockets Layer) server, is capable of communicating over the internet with a WWW browser in a secure manner.

Normally, the contents of any HTML document, image file, sound file, HTML form, or password entry dialog window are communicated between the WWW server and browser "in the clear". This type of transmission is not secure because no attempt is made by the browser to verify (authenticate) the identity of the server specified in the URL. In addition, no attempt is made by the browser or the server to encrypt or encode the information to make it useless to anyone monitoring the transmission.

Know if your browser is communicating with a secure server

  • Your browser may notify you before displaying the page.
  • A "lock" symbol may appear in "locked" position on your browser.
  • The URL will begin with https:.

When to use the secure WWW server to deliver or collect information at your website

If you would feel uncomfortable entering the requested data into your form, consider whether you really need to collect that data. Additionally, many data elements are protected, either by university policy or law, and must be kept secure. If you are requesting or sending/displaying sensitive data on your page, you must use the secure WWW server to encrypt the data in transit.

For more about institutional data, see About institutional data at IU.

Commonly, empty forms are delivered to the user from a non-secure server. Once the user fills in the form, the "action" directive in the form specifies that the contents are to be sent to a secure (https) server for further processing.

It may also be appropriate to use a secure server to deliver a document when all or part of a document's content is sensitive, regardless of whether the document is static or was generated by a CGI program on the fly. You may or may not need to have .htaccess-style access protection on the file.

Issues to consider when using the secure server

Note that data collected via the secure server:

  • Are encrypted while in transit on the internet (to or from a capable browser)
  • Are not encrypted in transit while being subsequently emailed by a CGI program (for example, MachForm)
  • Can only be processed by MachForm if you install MachForm in your account.

When using the secure server, you should place any files (for example, images) related to a delivered page in the directory that contains the HTML file for the page. This is especially true for directories that have an .htaccess file mediating access.

Authenticate users and control access to web pages with a virtual hostname

This is document bfrv in the Knowledge Base.
Last modified on 2021-09-21 15:35:42.