World Wide Web as one of the most commonly used network services, has been accepted by the majority of users and there are numerous applications on the WEB. Everything from online shopping to bank financing can be completed in the WEB page. Due to the traditional Web sites using the Http protocol, the protocol is a stateless protocol, data are easy to be intercepted in communications of the parties or tampered with, the client can't know the authenticity of a server, in order to improve the security of Web applications, this paper introduces the HTTPS protocol instead of the Http protocol, by creating a certificate and a private key, in the process of communication using CA authentication, data encryption, data integrity and non-repudiation, so as to ensure the security of data.%万维网作为最常用的网络服务之一已经被广大用户所接受,在Web上的应用也层出不穷,从网络购物到银行理财全都可以在Web页面中完成,在人们得到极大方便的同时,安全问题也越发突出.由于传统的Web站点使用HTTP协议,该协议是无状态的协议,双方所通讯的数据容易被截获或被篡改,客户端无法知道服务器的真伪,为了提高Web应用的安全性,引入了HTTPS协议代替HTTP协议,通过创建证书和私钥在通讯过程中使用CA认证,对数据进行加密,实现数据的完整性与不可抵赖性,从而保证数据的安全.
展开▼
