What is the difference between SSL and HTTPS?

What is SSL and do I need it?

SSL stands for Secure Sockets Layer and it is a standard for secure communication over the Internet.

If your computer is connected to the Internet, it usually has an SSL port number on it, like 80 or 443. This means you can view secure sites over the Internet without problems. It works just like a normal site and you click on the URL or name of the site. But if you want to see the pages in your web browser like Firefox, Internet Explorer, Google Chrome, or Safari, you will need to turn on the use SSL option. There are two kinds of SSL. One is called Server SSL and the other is Client SSL. With both, you have two keys. One is a Public Key and the other is a Private Key. The public key is shared by the website owner. When you log on to the site, you and the server both have a unique private key. If someone else gets a copy of your private key, they can't decrypt the data that you send. With SSL, we encrypt all of the data we send to your web browser. If you're sending a credit card number or account number over the Internet, you might not want to give the information out in clear text. You can use a credit card company like Visa or Mastercard and they will encrypt all of your data. However, the server at your bank has to have a public key so it can let the bank know you are a real person. Your private key is kept safe and you can never give it to anyone. If the server at your bank has your public key, they can tell who you are when you send a transaction. However, the server won't decrypt your private key and you can keep it safe. You don't have to get special software or anything extra to make it work. If you're viewing an SSL web site, your web browser needs an SSL plugin. It doesn't matter which type of SSL you have. It's important for any online transaction and if you click on the secure option on an SSL site, you don't have to worry about identity theft or the safety of your data.

Who can view my e-mail? If someone knows your username, they could be able to look at all of your messages. All of the message you receive from the website is encrypted. When you send a message to someone, it gets scrambled and only the recipient can read it.

Should use SSL be on or off?

In terms of keeping personal data and credit card information private, is it generally better to keep it off the web or keep it on?

If so why? I'm thinking about how best to store users' financial information for payments to companies like Amazon and Google so that I can offer people who purchase certain products, free delivery at no additional cost. I'm looking into if/how to setup a login script that will take my users' emails and password then redirect them to a page that they're going to need to submit credit card details to in order for the company to confirm. I've done this before in PHP for an ecommerce site (for a limited product range) that has SSL for the payment process but just now wondering if it's worth keeping the information on the web pages that they don't see? Thanks! In the scenario you describe you're going to have to be dealing with SSL with any kind of credit card based transaction that involves any kind of information that the user doesn't actually see. That is true, but then what? What happens when there is an error with the transaction, eg a duplicate? Now the user has their credit card info posted on the page, unless we have a system in place to protect against that. I think you can get by with the SSL thing if we have a database of the users and such, and you aren't selling personal information (I hope you're not). However, if were collecting names, addresses, etc. From people for future marketing emails, then we should be doing SSL for that info.

You can set up something where they're redirected to a form on a secure page (which has only fields that are required for the transaction), and if they submit it the page becomes https as well. You could even use AJAX and do the whole thing with the initial redirect.

You need to be able to deal with the error. Otherwise you might as well keep the information out of the page, since once it's out there then the user knows it's there - but what good is that if you can't keep them away from it, even if they look? We are currently setting up a service which will enable our customers to pay online and avoid the paper check and waiting process. We offer a service where we forward the customer's details via Email to a payment portal where they can make the payment.

Do I need SSL on my computer?

It is true that all my computer communication is secure because I use https:// and https:// in the URL line of the web browser (Firefox). If, however, I am not using can people see what information I am communicating via the internet? Or are their websites which I want to access safe (such as youtube.com or my bank's website) secure, so I needn't worry about the fact that I am communicating with them via a computer, and not their website itself? Does the website need to be able to detect if a user is accessing it via http or https? HTTPS does encrypt communication between you and the site you're accessing; but it doesn't protect your ISP's or the network between you and the site you're accessing. It won't prevent anyone else from snooping on your unencrypted traffic over the connection. It won't protect you if someone else sniffs your unencrypted traffic on the wire.

HTTPS is only about protecting what happens inside of the browser; it does not prevent others from snooping on your traffic. It doesn't matter if you're getting your information through https or http: it's just for you.