Servers How Does Web Server Security Work? Page 8

How Does Web Server Security Work? Page 8




There are two different levels of security for a Web server. On one level is the security of the data stream itself so that it may not be viewed or modified by a malicious third party. On another level is the security of the content itself — the authentication and authorization of people to view and change that content.

When discussing how a Web server works, it is not enough to simply outline a diagram of how low-level network packets go in and out of a Web server.

As we mentioned earlier, URLs that begin with “https” are handled using SSL (now referred to as Transport Level Security — TLS) algorithms. These algorithms basically work by setting up a secure, encrypted link between a Web browser and a Web server.

However, you might ask, what is SSL protecting anyway? There are really only two choices: SSL is protecting either the data being posted to the Web server or the retrieval of some confidential data from the Web server.

An example of a user posting confidential data to a Web server can be found in a typical Web store application. In such an application, the user is usually given a choice of presenting his or her credit card information to the order form. Although the Web server may not echo the user’s credit card information again to the Web browser, the actual transmission of this information must to be treated as confidential.

Then, there is the issue of protecting content on the Web server that is being served. For example, an auction site may want to protect the bids a user is receiving for an item so that only the individual who posted the item sees all the bids.

In this case, it is not enough to simply encrypt the traffic being sent. The Web server must also be able to identify the user and the data she has access to. These two processes are referred to as authentication and authorization, respectively.

Web servers usually support authentication using a technique called basic authorization. In this technique, a Web server sends a special header to the user’s Web browser asking for a username/password combination. This results in the Web browser popping up a log-in window.

Web servers are usually less sophisticated with regard to authorizing the viewing of data. Most Web servers merely allow the restriction of the reading of directories and files within a directory by group or user. More sophisticated options for determining whether a user is authorized to view files (such as time of day) must usually be programmed into a Web application.

Latest Posts

Get-MsolUser PowerShell Attributes & Properties

This article has been updated for 2020. Please note that WAAD was retired in 2018, but the cmdlets listed in this article are still...

Microsoft Azure PowerShell Scripts and Commands

Using PowerShell scripts and commands for quickly executing tasks in Windows operating systems offers a number of benefits over traditional scripting languages, such as...

Microsoft Hyper V Review

Microsoft Hyper-V: The Bottom line Microsoft Hyper-V lagged behind VMware's virtualization tool, one of the most popular tools in the space, when it was first...

Best Cloud Based Services & Companies

Any company that’s delayed introducing cloud-based software into their infrastructure needs to consider leveraging these new technologies to reap all the benefits cloud computing...

Best Load Balancers for 2020

The best load balancers are able to provide either hardware or software-based load balancing to ensure maximum service availability by offering network traffic distribution...

Related Stories