Moumita Das's Blog

What is HTTPS? Things you should know about HTTPS as a beginner!!

What is HTTPS? Things you should know about HTTPS as a beginner!!

Moumita Das's photo
Moumita Das
·

5 min read

INTRODUCTION:

1.What is HTTPS?

2.How does HTTPS work?

3.Why is HTTPS important?

4.Why is HTTPS important how is it different from HTTPS?

5.What is HTTPS advantages and disadvantages?

OVERVIEW:

1.Full form of HTTPS is Hypertext Transfer Protocol Secure.It is an extension of the Hypertext Transfer Protocol. It uses cryptography for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS,or HTTP over SSL.

(Now you maybe thinking what is TLS or SSL. So, TLS is Transport Layer Security which is an encryption protocol that protects internet communications and SSL is a protocol for establishing secure links between networked computers. Now TLS is an improved version of SSL. It works in much the same way as the SSL, using encryption to protect the transfer of data and information.)

So basically as a simple definition i would recommend you to remember that HTTPS is used cryptography for secure communication over a computer network.

2.HTTPS uses an encryption protocol to encrypt communications. The protocol is called Transport Layer Security (TLS), although formerly it was known as Secure Sockets Layer (SSL). This protocol secures communications by using what’s known as an asymmetric public key infrastructure. This type of security system uses two different keys to encrypt communications between two parties:

The private key - this key is controlled by the owner of a website and it’s kept, as the reader may have speculated, private. This key lives on a web server and is used to decrypt information encrypted by the public key.

The public key - this key is available to everyone who wants to interact with the server in a way that’s secure. Information that’s encrypted by the public key can only be decrypted by the private key.

3.Now you can ask me why we should use https or is HTTPS important if it is, then why it is important! So, yes https is very because one the main reason is that it adds security and trust. Hackers can use such techniques to steal your customer's sensitive information.With HTTPS, data is encrypted in transit in both directions: going to and coming from the origin server. The protocol keeps communications secure so that malicious parties can't observe what data is being sent. As a result usernames and passwords can't be stolen in transit when users enter them into a form. If i need to make points over the importance of HTTPS then it will go like:

(i).Website using HTTPS are more trustworthy for users.

(ii).HTTPS is more secure, for both users and website owners.

(iii).HTTPS authenticates websites.

4.The only difference between the two protocols means difference between HTTPS and HTTP is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP. A website that uses HTTP has http:// in its URL, while a website that uses HTTPS has https://.

5.Advaantages of HTTPS:

(i). Encryption

One of the major benefits of HTTPS is its data encryption. The data that travels through HTTPS always gets encrypted. Thus, the informations are highly secured. Even if the hackers manage to get those informations, they will not be able to misuse them since the data is already encrypted.

(ii). Protection

Unlike HTTP where it saves data on the client system, no any data of the user is stored inside the client system in HTTPS. Hence, the data is not at the risk of theft at the public space.

(iii). Verification

Always a certificate makes sure that their policies and the website's policies are the same. If not the users will get a notification that it is unsecured connection. Therefore, if you are using HTTPS, users can guarantee that their data is sent to the right place and not to any invalid sites. This builds up a trust in potential clients who are trying to do business online.

(iv). Data validation

HTTPS does the process of data validation through handshaking. All of the data transfers that are taking place and components such as sender and receiver are validated. Only if the validations are successful that data transfer occurs. If not the operations are aborted.

(v). Reliability

The green padlock that appears on the webpage URL always gives a sense of trust to the visitors that the site is security conscious. When the site is reliable, the customers will probably will be ready to do transactions.

(vi). SEO

Having a HTTPS connection is one of the ranking signals to Google. A site that contains a HTTPS certificate will rank higher than the site that doesn't. Therefore, HTTPS is most often preferred by sites that regularly deals with money transfers, usernames and passwords.

Disadvantages of HTTPS:

(i). Cost

When you move onto HTTPS, you need to purchase a SSL certificate. Al though many SSL certificates are issued from the website hosting provider, it should be renewed yearly through an annual fee. Apart from that there are ways to get a free SSL certificate, but for security reasons its not recommended.

(ii).Performance

HTTPS connections does involves lots of computations to encrypt and decrypt data. Thus, the response time is delayed decreasing the speed of the website.

(iii).Coaching

Some contents will have a problem of caching in HTTPS. Public caching those which happened earlier will not occur again. Therefore, ISPs will be unable to cache encrypted content. This kind of problems are usually faced by sites with large visitors. However as a result of higher bandwidth these issues are counteracted.

(iv).Accessibility

There are some firewalls and proxy systems that deny access to HTTPS sites. This can be intentional as well as non-intentional. In the case of non-intentional the administrators might have forgotten to allow access to HTTPS. Sometimes this can be done deliberately as a security measurement.

(v). Mixed Content

If there are problems in the configuration, your site will start downloading files from HTTP instead of HTTPS. Therefore, during a course of time, the users will get a warning message as insecure content.

(vi).Computing Overhead

Due to the work of encrypting and decrypting data, additional computing overheads are prossessed from both servers and the browser. However these overheads are usually not noticeable as there are extra latency emitted from a connection setup. But if your HTTPS connection handles multiple HTTPS connections simultaneously this can be an issue.

CONCLUSION:

So yes https is completely safe and more safer than http because it is secure and encrypts your/our data. We all should know about HTTPS and need to use this, this is my opinion.

httpsapi