Wednesday, 9 February 2011

Http Vs Https

What is Http ?

HTTP is hyper text transfer protocol which is responsible for sending and receiving information across the Internet.It is transmitted over the web via PORT 80(TCP).We normally use HTTP while browsing the web, but its not secure and so someone can eavesdrop the conversation between the web server and us.

What is Https ?

HTTPs is hypertext transfer protocol over Secure Socket Layer , which is responsible for sending and receiving confidential information with a server.So the information must be secured in order to prevent unauthorized access.HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.It is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscapes Secure Socket Layer (SSL) as a sub layer under its regular HTTP application layering. This ensures reasonable protection from eavesdroppers. HTTPS is normally used in login pages, shopping/commercial sites etc.

How it Works?

To prepare a web-server for accepting https connections the administrator must create a public key certificate for the web-server.This certificate must be signed by a certificate authority of one form or another, who certifies that the certificate holder is who they say they are. Web browsers are generally distributed with the signing certificates of major certificate authorities, so that they can verify certificates signed by them.


Why Https?

if we visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://. This means that the website is talking to our browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on our computer's conversation with the website. If we fill out a form on the website, someone might see the information we send to that site.This is why we never ever enter our credit card number in an http website.But if the web address begins with https://, that basically means our computer is talking to the website in a secure code that no one can eavesdrop on. So If a website ever asks us to enter our credit card information, we should automatically look to see if the web address begins with https://. Although it may be encrypted does not mean its safe, there are tools out there to decrypt the information being sent over the wire, although its more difficult to do so.

Example :

So here is some examples of sites which uses Https

PayPal: https://www.paypal.com
Google AdSense: https://www.google.com/adsense/

No comments:

Post a Comment

what is Juice Jacking SCAM

  Juice Jacking is a cybersecurity threat that occurs when cybercriminals manipulate public charging stations, such as USB charging ports in...