Esporta (0) Stampa
Espandi tutto

Encryption in IIS 6.0

Aggiornamento: agosto 2005

Si applica a: Windows Server 2003, Windows Server 2003 with SP1

Encryption is the process of scrambling information by applying a mathematical function in such a way that it is extremely difficult for anyone other than an intended recipient to retrieve the original information. Central to this process is a mathematical value, called a key, which is used by the function to scramble the information in a unique and complex way.

Your Web server uses essentially the same encryption process to secure communication links with users. After establishing a link, a special session key is used by both your Web server and the user's Web browser to both encrypt and decrypt information. For example, when an authenticated user attempts to download a file from a Web site requiring a SSL–secured channel, your Web server uses a session key to encrypt the file and related HTTP headers. After receiving the encrypted file, the Web browser then uses a copy of the same session key to recover the file.

This method of encryption has an inherent drawback: During the process of creating a link, a copy of the session key might be transmitted across an unsecured network. This means that a malicious user can compromise the link by intercepting and stealing the session key. To safeguard against this possibility, however, your Web server implements an additional method of encryption.

Aggiunte alla community

© 2016 Microsoft