HTTPS (Hyper-Text Transfer protocol) is a protocol that allows to determine a secure connection between the server and the client, which cannot be intercepted by unauthorized persons. In short, it is the secure version of the http (Hyper Text Transfer Protocol)
How does it work
A standard HTTP connection on the Internet can easily be hijacked by unauthorized parties. The purpose of a connection HTTPS is to avoid this: encrypt data to ensure secure data transmission. The transmission is encrypted and the server authenticated.
When a user clicks a link or confirms a URL entry in the address bar with the Enter button, the browser defines a connection. The server presents a certificate that authenticates it as a genuine and trusted provider. After the client has verified authenticity, it sends a session key that can only be read by the server. Based on this key data, encryption can now be performed. Typically, an SSL certificate is used.
File: 600 × 400-https-en-01.png
Background and objectives
The purpose of a connection HTTPS is to protect the data that is transmitted. An HTTP connection can be easily intercepted, allowing targeted attacks on individuals. The data entered by a user in their browser window is usually personal (account information, email, credit card information, etc.) and must be protected from such access.
Another problem is identity theft (phishing), whereby data entered by a user is sent to unauthorized people using fake websites. The use of HTTPS Instead of HTTP you can prevent both interception and phishing. The latter is feasible with a certificate. In other words, the goal of HTTPS is to provide Internet users with privacy, security and data protection.
Use and relevance
HTTPS It is used for all websites where a user enters data. An important field of application is online banking. Anywhere a password protected account is used, it would be wise to have a connection HTTPS. This includes access to social networks, or email and shopping accounts, in which great personal harm could otherwise be caused by the illegal acquisition of personal data. Personal information can also be submitted without an account. If, for example, a flight or an entire vacation is booked online, then the applicable data must be communicated to the providers in a secure manner.
In their own interest, any Internet user should consider a secure connection in the right place and thus protect their privacy. If there is a connection HTTPS it can be easily viewed in the address bar. It will show "https" at the beginning and is even highlighted in many cases. In addition, a small padlock icon is displayed.
HTTPS has some disadvantages compared to HTTP connections. However, they are very few and should be accepted as a compromise for the security they provide.
- There are additional charges for certificates and increasing costs with increasing traffic. These can be specifically high. Especially for new and small websites, these fees can be relatively high.
- With HTTPS connections, content cannot be cached. But the trend towards higher bandwidth counteracts this disadvantage.
- A weak point is also the lower performance resulting from the use of SSL encryption. The server has to perform many more calculations, thus increasing the response time.
- Virtual hosts do not work with HTTPS.
Along with the obvious advantage of online privacy, there is also another pro. Using HTTPS does not require any additional software installation. This means that it can be used without restrictions by anyone. Authentication with a certificate also inspires confidence in potential customers.
Difference with HTTP
The main difference is security. The technology is essentially the same, but HTTPS includes SSL encryption. In this way, in principle it is feasible to determine the entire Internet with HTTPS connections. However, due to the aforementioned disadvantages and out of habit, hardly anyone uses a secure connection when it is not completely necessary.
Since the difference from HTTP is the use of encryption, HTTPS security depends solely on the encryption technique used. Right now it consists of SSL, which is generally considered secure. However, it should be noted that a secure data transmission alone is not sufficient to protect it absolutely, but must also be stored securely by the recipient.