One of the greatest concerns about using web technologies for business applications is security, especially when applications are extended to users of the Internet. Many applications, such as online banking, require the highest level of security to protect individuals and corporations from fraudulent use.
Two Internet security standards have been adopted:
SSL provides encryption and user authentication services at the network transport layer, making it ideal to secure not only HTTP messages but also applications such as FTP and telnet. SSL processes all data flowing between the applications. You cannot selectively encrypt a field on a form; this may increase processing time. Another drawback of SSL is that it only authenticates between server applications. In applications that need to authenticate a client, such as online banking, SSL should not be used.
S-HTTP is an extension of the HTTP protocol that lets you selectively encrypt field data. S-HTTP also supports client and server authentication, making it ideal for applications that provide access to untrusted sources like the Internet. Because S-HTTP is a derivative of HTTP, however, it can only be used to secure web transactions; S-HTTP does not work with applications such as FTP and telnet.
Using a combination of these technologies, along with the services of a firewall, can help minimize your security risk when deploying web-to-host solutions to a wide range of users from untrusted networks.