Webguide Home | Search
New York University


How can I protect information sent through form submissions?

Secure Sockets Layer (SSL)

Secure Sockets Layers (SSL) can increase the security of your data. When you use SSL, information is encrypted as it leaves your computer.

If your page is publicly available, it makes little sense to encrypt it for transfer over the network; everyone can already see it.

Sometimes, however, a page may accept sensitive data, for example, usernames and passwords. In this case, sending the information over the network in an unencrypted form permits snooping, i.e., the act of “spying” on network traffic as it passes from point A to point B. (Remember that when you download a page from, say, Amazon.com, that page passes through possibly many other networks before reaching your computer.)

When you use SSL, information is encrypted as it leaves your computer. Anyone snooping the data while it’s on the network will see only random characters, not the information as it was originally formatted.

Once the traffic reaches its final destination, the destination computer decrypts the encrypted data, returning it to its original state. It then forwards the decrypted data to the recipient. To both the sender and the recipient of the data, the encryption/decryption process is transparent.

Activating SSL on www.nyu.edu requires changing any intra-site http links into https links. If you’re using relative links in your pages (links that do not include the full URL), then SSL-enabling your entire site might mean having to change only the entrance URL from http to https. Experienced webmasters may know that a http-style URL maps to port 80 on the server machine, while https-style URLs map to port 443. If you want to selectively activate SSL within your site, you will need to use full http or https URLs in your pages. (Don’t forget to test the links.) SSL-capable browsers that follow your https links will use the encryption layer SSL provides.

If you're using .htaccess restriction files with NetID/NetID password authentication (http://www.nyu.edu/webguide/development/tutorials/restrict/netid.html), you are required to have SSL in place.

Use the code below within your .htaccess file:

RewriteEngine On
RewriteCond %{HTTP:X-HTTP} !NYUhttps
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

Write to: webteam@nyu.edu if you have any questions.