如何使以https安全网站 [英] How to make a website secured with https
问题描述
我要建立一个小型Web应用程序的公司保持其业务数据......只有那些在公司内部将使用它,但我们正在计划举办其在公共领域,使员工可以连接到应用程序从不同的位置。 (到现在我已经构建的Web应用程序,在内部托管只)
我不知道我是否需要使用一个安全的连接(HTTPS),或只是窗体身份验证就足够了。
如果你说HTTPS,我有一些问题:
- 我应该怎么做,以prepare我的网站HTTPS。 (我需要改变code /配置)
- 是SSL和HTTPS同一个...
- 请我需要有人来申请获得某些许可证或东西。
- 请我需要让我的所有网页安全或仅在登录页面...
我在寻找答案的互联网,但我没能得到所有这些问题...任何白皮书或其它引用也将是有益的...
随意问柜面你需要更多的信息。
感谢
- 拉贾
我应该怎么做,以prepare我的网站
对于HTTPS。 (我需要改变
code /配置)您应该保持最佳实践记(这里是一个很好的介绍安全编码:<一href=\"http://www.owasp.org/index.php/Secure_Coding_Principles\">http://www.owasp.org/index.php/Secure_Coding_Principles ),否则你需要的是一个正确设置SSL证书。
是SSL和HTTPS同一个..
pretty多,肯定的。
我需要与别人申请获得
某些许可证或者什么的。您可以购买从证书颁发机构的SSL证书或使用自签名证书。你可以购买的那些在价格差异很大 - 从$ 10到每年数百美元。您需要其中的一个,如果你建立一个网上商店,例如。自签名证书是一个内部应用程序一个可行的选择。您还可以使用那些发展方向之一。下面是关于如何设置IIS为自签名证书,一个很好的教程:<一href=\"http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx\">Enabling在IIS 7.0上使用SSL自签名证书
我需要让我的所有网页安全
还是只在登录页面。使用HTTPS的一切,不只是初始用户登录。它不会是太大的开销,这将意味着用户发送/从你的远程托管应用程序接收不能由外部各方如果被拦截读取的数据。即使是现在的Gmail默认开启HTTPS。
I have to build a small webapp for a company to maintain their business data... Only those within the company will be using it, but we are planning to host it in public domain, so that the employees can connect to app from various locations. (Till now I have built web apps that are hosted internally only)
I'm wondering whether I need to use a secured connection (https) or just the forms authentication is enough.
If you say https, I have some questions :
- What should I do to prepare my website for https. (Do I need to alter the code / Config)
- Is SSL and https one and the same...
- Do I need to apply with someone to get some license or something.
- Do I need to make all my pages secured or only the login page...
I was searching Internet for answer, but I was not able to get all these points... Any whitepaper or other references would also be helpful...
Feel free to ask incase you need more information.
Thanks
- Raja
解决方案What should I do to prepare my website for https. (Do I need to alter the code / Config)
You should keep best practices for secure coding in mind (here is a good intro: http://www.owasp.org/index.php/Secure_Coding_Principles ), otherwise all you need is a correctly set up SSL certificate.
Is SSL and https one and the same..
Pretty much, yes.
Do I need to apply with someone to get some license or something.
You can buy an SSL certificate from a certificate authority or use a self-signed certificate. The ones you can purchase vary wildly in price - from $10 to hundreds of dollars a year. You would need one of those if you set up an online shop, for example. Self-signed certificates are a viable option for an internal application. You can also use one of those for development. Here's a good tutorial on how to set up a self-signed certificate for IIS: Enabling SSL on IIS 7.0 Using Self-Signed Certificates
Do I need to make all my pages secured or only the login page..
Use HTTPS for everything, not just the initial user login. It's not going to be too much of an overhead and it will mean the data that the users send/receive from your remotely hosted application cannot be read by outside parties if it is intercepted. Even Gmail now turns on HTTPS by default.
这篇关于如何使以https安全网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
