HTTPS and Form Encryption Other Security Considerations


HTTPS can be a valuable tool for securing your website. It operates much the same way as standard HTTP, with an added SSL/TLS encryption layer. This serves to create a secure means of communication over the inherently insecure internet.

Trust in me, just in me

HTTPS is somewhat based on trust, as servers must have a security certificate for HTTPS to operate. These can be issued, in theory, by anybody - therefore only a few authorities are automatically trusted by browsers, and it is these companies (such as VeriSign, GlobalSign and Ebizid) that you should acquire a certificate from if you wish to use HTTPS with your site.

Shut up and take my money

It can be quite expensive to get a suitable certification - some companies do offer cheaper certificates, which simply verify that a domain exists. These are not generally considered to be of much worth by the security community (although an end-user is unlikely to notice or care).