Tuesday, April 10, 2012

Look for the S in The HTTP

We are all familiar with the word HTTP, Hyper Text Transfer Protocol. It is an application protocol that functions as a request/response protocol in the client/server computing model. Basically, most of what you see in your browser is transferred to your computer over HTTP. Our topic is not about HTTP and its functions, it is about HTTP and security.

Some of us are familiar with HTTPS, Hyper Text Transfer Protocol Secure. As you can see, the letter ‘S’ stands for secure. The ‘S’ comes from SSL/TLS protocol, which provides communication security over the Internet. A combination of HTTP and SSL/TLS produces HTTPS. The main objective of HTTPS is to provide a secure connection over an insecure network. Not all pages have HTTPS since it is very expensive. Pages that communicate personal data like passwords and credit cards use the HTTPS.

A page who’s URL begins with “https://” means that this page is secured and the current connection between you and the server is secured, since it provides an encrypted communication and secure identification. Payment transactions on the Internet often use HTTPS communication in order to prevent any third part interception.
You can now easily differentiate between HTTP and HTTPS. HTTP starts with “http://” :

It is an unsecured connection that is subject to third party interception, which can allow attackers to gain access to sensitive information. On the other hand, HTTPS starts with “https://”  
It is a secured connection that is designed to resist attacks or interception or even eavesdropping.

To conclude, always look for the ‘S’ in HTTP when providing secure and confidential data, this will ensure that this page is secure and nothing is suspicious about it. In my next post I will address more about HTTPS.

No comments:

Post a Comment