View Full Version : Ways to secure a website?? ? Anonymous!! Airing Feelings!!

12-15-2004, 08:01 PM
Hi Masters,

I've heard of that Java can secure a web site like https
Is it true? If so, how can we do it? Are there any other ways to secure a website without subscribing SSL providers? If possible, I'd like to know security free service providers.

Please don't think it's a silly question.I'm a student from one of 3rd party countries. Our ISP is blocking and banning all the world free services and popular anonymous surfing providers.like free emails, free web hostings.If we use this free service, then they ban. On and on.We can't create accounts in Yahoo, Gmail, geocities,walla...and many other. You know all anonymous surfing like www.proxyweb.net or www.proxify.com can't support HTTPS://

You might ask me if they do that,what kind of profits do they gain from?
Right, if they don't, all the mail and web hosting sevices at home will be broken down.They haven't the right mind to compete with the world.They can't challenge with the world.

We can't enjoy the benefits of the Internet to the greatest extent. In our country, students hardly to touch the Internet for knowledge but only for fun.
..Believe it or not. It's true.

I can't control my feelings any more..We can't do anything..We have everyday worries to secure us. We are dial-up users..They check us by hacking into us .We know it via anti hacker softwares. We can't do anything. They are servers.We are clients. If we can't give access to them, then they shut down our computers...

So countless thankz for your time to read me. Your advice on HOW-TO's will be willingly wanted.


Horus Kol
12-16-2004, 10:51 AM
you can use password control in any server-side language like Java - but if you are just using HTTP the password information is transmitted from your client's PC to the server in clear text form - this is okay for most applications like forums, but not for intranet access, for example.

HTTPS creates an encrypted channel for data from your client to the server using a Public Key Encryption - it can only be decoded if you have the private key, which you don't send out.
You do still need to have the user log in to your site - but there information is made more secure.
It also requires that you distribute a certificate to allow the client to authenticate the server - making sure you are connecting to the real site, and not some clone (has been known). This can be downloaded by the client the first time they connect, and only needs you to have a valid certificate from a trusted authority (verisign, microsoft, for example).

For total security, you can limit access to clients who only have a certificate matching the server, which you distribute only through emails - this is still only the public key (the private is secure on the server), but it means only those PC's with the certificate can access - everyone else gets a 403 error.

Was this any help? Ask for more info if you want :)