We need to secure information while it is travelling back and forth from server to client
-
If both server and client are in an institution, we can hope that network linking them is "secure" I.e. that data travelling back and forth cannot be diverted or eavesdropped by the bad guys.
-
Generally this is not a safe assumption and one needs to encrypt the data and provide authentication so that data cannot be read and you know where it comes from
-
Even in a corporation, one often has islands of relatively secure networks linked by insecure links such as the Internet
-
Technologies such as SSL (Secure socket Layer) implement encryption of messages between server and client
|