Secure site pages

You can configure individual pages in Composer to be delivered to end users via a secure connection ("HTTPS"). Secure connections are encrypted, unlike standard connections, meaning they are significantly less vulnerable to being intercepted than regular web-viewing sessions. It's a good idea to encrypt the connection of any page that will receive or transmit sensitive information to or from an end user - including personal information like a user's name or address, information submitted to a form, or online purchases such as event registrations or form purchases.

Securing site pages

Secure connections for Composer pages are activated in the Page Settings menu. Click the pink “gear” icon on the bottom nav bar to open up Page Settings.

2017-04-25_13-42-51.png

 

In the Page Settings window, select the "Serve page over secure (SSL) connection" checkbox.

2017-04-25_13-46-00.png

Once the page has been set to use a secured SSL connection, site visitors will see a "Secure" badge in the address bar of their browser when they visit the page in the future.

2017-04-25_14-20-52.png

Page security, generally

In previous eras, web designers and engineers spoke of a tradeoff between secure connections and site usability. These days, processing speeds are sufficient that pages can be delivered over encrypted connections without imposing an overwhelming performance hit on the speed of the site.

We recommend activated secure connections for any pages that request any sort of personal information from site visitors via a form. It's also a good idea to encrypt any forms which have a payment component. Form payments are already transferred via a secure connection that is created when users click the form submit button. That said, wrapping the entire page in another, separate layer of encryption is a double-layered belt-and-suspenders approach that costs nothing but makes it significantly more difficult for anyone to eavesdrop on that communication.

Page security terminology

When speaking about secure pages, web engineers often throw around a whole bunch of acronyms. "HTTPS" is heard frequently, usually to say that a page is (or is not) "served over HTTPS." The "S" in "HTTPS" stands for "secure," and it's contrasted with regular, non-secure "HTTP."

Other common acronyms are "SSL" ("Secure Sockets Layer") and "TSL" ("Transportation Security Layer.") Both refer to methods of ensuring that a server's connection with a site visitor are cryptographically secure.

With regards to TSL in particular, this is a robust technology with a relatively long life. In 2017, Finalsite (along with most of the online world) dropped support for the earliest version of TLS, called TLS 1.0. This will only affect users with old and out-of-date browsers - TLS 1.0 is already fairly old and has not been in use for years. This change only means that it's no longer available to use, and site visitors with old, out-of-date browsers will have to update their systems in order to access secure pages on your site.

Was this article helpful?
5 out of 5 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please Sign in to leave a comment if you don't see the comment box below.