The Basics of Web Security

Security on the Internet is a very important, complicated topic. Because this is not an Internet book, you won't find much detail in this section. But there are really only three things you need to know.

If you are looking at an unsecured page, everything you see and everything you provide via forms can be intercepted by a third party. Unsecured Web pages do not have the Lock icon in the bottom-left corner of the Internet Explorer window and their URLs begin with "http."

If you are visiting a site and don't see the lock, don't provide any data that you don't want someone else to see?such as credit card information, your Social Security number, and so on. In fact, this is a general principle you should follow while you are on the Net. Unless you are sure that the service you are using is secure, don't provide any information you don't want transmitted to the world.

This sounds pretty dramatic, and it is a bit overstated. I believe that the chances of anyone intercepting any particular data on the Net are pretty small, but if the potential loss is great, even that small risk may be too much. It's up to you to choose how much risk you want to assume.

Fortunately, you can provide data via a secure connection to sites that are running the proper server software. A secure connection is one in which the data transmitted is scrambled, encrypted, or both. This data may still be intercepted, but the person intercepting it won't be able to do anything with it. Only the server receiving the data will be able to decode and unscramble it. Although this system isn't perfect, it's about as close to perfect as you'll get. After all, the only way to be perfectly safe is to never do anything at all.

How do you tell that you are using a secure connection? Look for the lock at the bottom of the window. If it is there, you are using a secure connection. You can also tell by looking at the URL. If it begins with an https instead of just http, you are visiting a secure location.

You can usually find secure sites in places where you have the opportunity to buy things and need to transmit your credit card information to do so. Of course, how you want to deal with sensitive data is up to you. Some people can accept more risk than others. However, here is the guiding principle that I use:

Do not transmit?via an unsecured means?any data for which you can't accept the risk of a third-party intercepting that data.

Like me, you may find shopping via the Web extremely convenient, easy, and inexpensive, but I suggest that you only transmit credit card data via secure sites. And always remember: Do not judge what you do on the Net against a perfect world (where there is no chance of your data being misused). Consider the risks you are willing to accept in the non-Net world. For example, you probably think nothing of using your credit card in one of those gas pumps with an integrated card reader. That is certainly no more secure, and might be much less secure (especially if your card number is printed on the paper receipt), than using your credit card on a secure Web site.

Web browsers have many security features, and you configure them with the browser's Preferences window. The details of these settings are beyond the scope of this book, but you can explore them on your own to see whether you need to make changes?the default settings work for most people.


On the Web, cookies are small text files that Web sites use to track information about you. When you visit a site that uses cookies, the site can check the cookies it previously installed on your machine to serve you or to capture more information about you. For example, a cookie may contain areas of interest so that you are automatically taken to spots on the site that are more likely to generate a sale from you.

If you don't like the idea of spreading your cookies all over the Web, you can control how your Web browser deals with cookies by using the cookies settings preferences. You can refuse to accept any cookies, or you can choose to accept or reject them on a case-by-case basis.

Third, some sites provide digital certificates that are used to verify from data from that site. When you view a site that uses such a certificate, you will see a window that gives you some options. One will be to install the certificate on your machine. When you do so, the certificate will be installed in the appropriate directory and your browser will be able to access that certificate as needed. You can also choose to always trust data from the site so that you don't see any security warnings during future visits.

    Part I: Mac OS X: Exploring the Core
    Part III: Mac OS X: Living the Digital Lifestyle