Differences Between http and https
THIS IS IMPORTANT..............................
What is the difference between http and https?
FIRST MANY PEOPLE ARE UNAWARE OF
**The main difference between http:// and
https:// is It's all about keeping you secure**
HTTP stands for HyperText Transport Protocol,
which is just a fancy way of saying it's a protocol
(a language, in a manner of speaking) for data to
be passed back and forth between web servers and
clients. The important thing is the letter 'S' which
makes the difference between HTTP and HTTPS.
The S (big surprise) stands for "Secure".
If you visit a website or webpage, and look at the
address in the web browser, it will likely begin with
the following: http://.
This means that the website is talking to your browser
using the regular 'unsecure' language. In other words,
it is possible for someone to "eavesdrop" on your
computer's conversation with the website. If you fill
out a form on the website, someone might see the
information you send to that site. This is why you
never -ever- enter your credit card number in an
http website!
But if the web address begins with https://, that
basically means your computer is talking to the
website in a secure code that no one can eavesdrop on.
You understand why this is so important, right?
If a website ever asks you to enter your credit card
information, you should automatically look to see
if the web address begins with https://.
If it doesn't, there's no way you're going to enter
sensitive information like a credit card number.
PASS IT ON (You may save someone a lot of grief)
Differences Between http and https
-
splattermaster
- Posts: 153
- Joined: Wed Jan 07, 2009 12:15 pm
- Location: Tennessee, USA
-
QwazyWabbit
- Posts: 162
- Joined: Thu Jun 16, 2005 12:15 am
- Location: Southern California, USA
Re: Differences Between http and https
Well, the mere presence of HTTPS:// is not a guarantee that the session is secure. A man in the middle (MITM) attack can be executed where the MITM forges the credentials of a secure server and captures the traffic between the client and the legitimate server. It's complex and rare but it can be done with the proper knowledge and tools.
When establishing secure sessions it's important to CHECK THE CERTIFICATE of the server to be sure the server you are communicating with is who they present themselves to be and not a fraudulent site. The certificate should be signed and countersigned by trusted CA like ETrust or Verisign or Thawte. Only then can you have reasonable confidence that your data communication is secure. This does nothing to assure the server back end handling of data is secure, however. For that you have to have faith that once they have your data the back office behind the web portal is managed properly.
When establishing secure sessions it's important to CHECK THE CERTIFICATE of the server to be sure the server you are communicating with is who they present themselves to be and not a fraudulent site. The certificate should be signed and countersigned by trusted CA like ETrust or Verisign or Thawte. Only then can you have reasonable confidence that your data communication is secure. This does nothing to assure the server back end handling of data is secure, however. For that you have to have faith that once they have your data the back office behind the web portal is managed properly.