Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 2 of 2
  1. #1
    Registered User
    Join Date
    Oct 2004
    Posts
    592
    Thanks
    0
    Thanked 1 Time in 1 Post

    Ways to secure a website?? ? Anonymous!! Airing Feelings!!

    Hi Masters,

    I've heard of that Java can secure a web site like https
    Is it true? If so, how can we do it? Are there any other ways to secure a website without subscribing SSL providers? If possible, I'd like to know security free service providers.

    Please don't think it's a silly question.I'm a student from one of 3rd party countries. Our ISP is blocking and banning all the world free services and popular anonymous surfing providers.like free emails, free web hostings.If we use this free service, then they ban. On and on.We can't create accounts in Yahoo, Gmail, geocities,walla...and many other. You know all anonymous surfing like www.proxyweb.net or www.proxify.com can't support HTTPS://

    You might ask me if they do that,what kind of profits do they gain from?
    Right, if they don't, all the mail and web hosting sevices at home will be broken down.They haven't the right mind to compete with the world.They can't challenge with the world.

    We can't enjoy the benefits of the Internet to the greatest extent. In our country, students hardly to touch the Internet for knowledge but only for fun.
    ..Believe it or not. It's true.

    I can't control my feelings any more..We can't do anything..We have everyday worries to secure us. We are dial-up users..They check us by hacking into us .We know it via anti hacker softwares. We can't do anything. They are servers.We are clients. If we can't give access to them, then they shut down our computers...

    So countless thankz for your time to read me. Your advice on HOW-TO's will be willingly wanted.


    iota

  • #2
    Regular Coder
    Join Date
    Nov 2004
    Location
    Somewhere over the rainbow
    Posts
    208
    Thanks
    0
    Thanked 0 Times in 0 Posts
    you can use password control in any server-side language like Java - but if you are just using HTTP the password information is transmitted from your client's PC to the server in clear text form - this is okay for most applications like forums, but not for intranet access, for example.

    HTTPS creates an encrypted channel for data from your client to the server using a Public Key Encryption - it can only be decoded if you have the private key, which you don't send out.
    You do still need to have the user log in to your site - but there information is made more secure.
    It also requires that you distribute a certificate to allow the client to authenticate the server - making sure you are connecting to the real site, and not some clone (has been known). This can be downloaded by the client the first time they connect, and only needs you to have a valid certificate from a trusted authority (verisign, microsoft, for example).

    For total security, you can limit access to clients who only have a certificate matching the server, which you distribute only through emails - this is still only the public key (the private is secure on the server), but it means only those PC's with the certificate can access - everyone else gets a 403 error.


    Was this any help? Ask for more info if you want
    Questions are what binds the universe,
    Questions lead to answers,
    Answers lead to knowledge,
    Knowledge leads to wisdom,
    Wisdom brings more questions -- Horus Kol, 2004 :)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •