As discussed, there are quite a few different methods for controlling a web application's security. No matter how you decide to go about it, though, there are certain elements that will probably make an appearance. This is mainly because certain ways of doing things are better than others, and as such, these have evolved into industry standards more or less. This section aims to give you a brief outline of everything you will be using and how it works, before we begin with the actual task of implementing a well-secured site.
Without g etting bogged down in too much detail, the basic outline of how SSL works can be summed up as follows:
In order for SSL to work, the server sends a public key and its certificate over to the browser, which performs some validation of the certificate before using the server's public key to encrypt its own key. Now, the server is the only machine that can decrypt this message, which contains a key from the browser. The server can then use the...