Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

6. Securing Server Interactions > SSL/TLS: The Industry Standard

SSL/TLS: The Industry Standard

The gold standard in protecting data in transit over the Internet is the Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS). This protocol is designed to provide the two critical services I laid out in the preceding section: protecting the confidentiality of data as it is transported across a network and allowing the client to authenticate the server it is communicating with, so that it knows it is sending data to, and receiving data from, the correct entity. It is also possible to use SSL/TLS to allow the server to authenticate the client, in a reversal of the traditional mechanism.

Note

Note that this section, and most of this chapter, talks about protecting data that is sent between the client (your Android application) and a server. Included in this discussion is device authentication—letting the server verify it is actually talking to the client it thinks it is and also allowing the client to verify that it is actually talking to the server it thinks it is. Authentication of a user is not part of this discussion, but is something that you should consider when designing your application and the system it will be a part of.


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint