Difference Between HTTP and HTTPS

You might have seen many sites using the https:// in front of url, while many others use http://.
Well the question arises what is the basic difference of this two protocols and why are they used differently for some sites and not for all. Lets see some Difference Between HTTP and HTTPS.
Which is better and which we should always trust is the question here, also what difference does it make using either https:// or http://. Sometimes even if we type http:// URL it turns to https://, why is it so and whats behind using it.

The differences between HTTP and HTTPS

Firstly HTTP is an acronym for “Hyper Text Transfer Protocol” and is basically the protocol used to communicate with websites. As you type in the URL into your web browser, it then “talks” to the server utilized by the website and allows you access. Many times, you can just put the site name with the “.com,” “.org,” etc., and your web browser will auto fill the rest of the address for you with the rest of the URL.

The problem with HTTP is that the communication isn’t necessarily completely secure and private. Such communication can be intercepted by a third party in between the communication and they can get your valuable Information you provide to a website, as contact or financial information. Suppose you are on using paypal.com, you want to be sure that the information you share won’t be seen by anyone else. So you would always want that your communication with the site be always secure and safe.

This is what the ‘s’ stands for in HTTPS, or “secure HTTP.” The ‘s’ stands for “secure.” It’s not a completely different protocol. Instead it’s a layering effect. The HTTP is layered on top of the SSL/TLS (Secured Socket Layer/Transport LayerSecurity) to create a larger security for you. It will authenticate the site so that you know you are dealing with a site that is who they say the they are and will also encrypt the data.

Let’s see using paypal.com. When I enter “paypal.com” into my web browser, it automatically fills in the rest, including recognizing me and my account and signing me in. I don’t need any more protocol other than HTTP. I’m not providing any information about myself.

However, if I am going to get into my actual account to either edit information or purchase an item, it includes not only my address, but my credit card information, so I want it to be more secure. Once I click on my account, it automatically switches on its own to an HTTPS where I know it will be more secure.

Is HTTPS really secure

The HTTPS protocol is supposedly secured, but it doesn’t necessarily mean you are completely safe. In some occasion, the site owners might not have implemented HTTPS correctly, or that the signing certificate is expired/invalid. In addition, being on HTTPS doesn’t mean it is a legitimate site. It could be a phishing or hacking site that looks exactly like amazon.com or paypal.com. In these cases, you have to use your own judgement whether the site can be trusted or not.

Check whether site has implemented HTTPS correctly?

If you are using a recent build of the web browser, regardless if it is Firefox, Chrome, IE or Safari, you should be able to view the HTTPS status of the site from the URL bar.

In Firefox, when you access a HTTPS site, you will see a padlock beside the URL. Click on it and you will see the status of the signing certificate. From here, you can see who provides the signing certificate and whether it is implemented correctly to prevent eavesdropping.
In Chrome, you can see even more detail about the connection and how secure it is.
You can then decide if you want to “Add Exception” and continue, or to leave the site.

This entry was posted in Computer Networking and tagged . Bookmark the permalink.