HTTPS / HTTP Secure is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS was developed by Netscape.
HTTPS is useful for privacy, and information secureness. Especially when you want your information exchange to be secure. For example, when you want to do a transaction over the internet, or when you're about to enter your credit card number on a form. The simplest example is facebook, you can actually turn on HTTPS on facebook, but it's optional, why it's not the default setting? I have no idea.
Other than facebook, sites that use HTTPS usually enabled the HTTPS by default, so there's no need to actually look around every time you visit a site, and want to use HTTPS.
Suppose you visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sublayer.
The effectiveness of HTTPS can be limited by poor implementation of browser or server software or a lack of support for some algorithms. Furthermore, although HTTPS secures data as it travels between the server and the client, once the data is decrypted at its destination, it is only as secure as the host computer. According to security expert Gene Spafford, that level of security is analogous to "using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box."
What's its difference with HTTP?
As opposed to HTTP URLs that begin with "http://" and use port 80 by default, HTTPS URLs begin with "https://" and use port 443 by default.
HTTP is unsecured and is subject to man-in-the-middle and eavesdropping attacks, which can let attackers gain access to website accounts and sensitive information. HTTPS is designed to withstand such attacks and is considered secure against such attacks (with the exception of older deprecated versions of SSL).
For more on HTTPS, check out Wikipedia
No comments:
Post a Comment