A log of articles I found for later reading. ...................................................... ..............................Not necessarily my point of view though.

Sunday, January 25, 2009

HTTP vs. HTTPS :: It's all about keeping you secure

HTTP stands for HyperText Transport Protocol, Which is just a fancy way of saying it's a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients. The important thing is the letter S which makes the difference between HTTP and HTTPS.

The S (big surprise) stands for "Secure". If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://.

This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.

This is why you never ever enter your credit card number in an http website! But if the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on.

You understand why this is so important, right?

If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn't, there's no way you're going to enter sensitive information like a credit card number.

PASS IT ON (You may save someone a lot of grief).

Going Through the Process

HTTP vs. HTTPS

With HTTP, you sit at your browser and interact with data. HTTP’s job is to present that data to you, and browsers are the means of doing so. Mozilla’s Firefox browser, for example, understands HTTP instructions and arranges the data as the site’s designer intended. The browser knows what to do when you click. It uses HTTP to do this. But HTTP cannot do much beyond that. How the data travels from Point A to Point B, or even if it travels at all, is none of HTTP’s concern. This is a great compromise if you want speed and elegance and couldn’t care less about security. One does not require security to view BizTech’s latest online articles, for instance.

With HTTPS, the story is quite the same. But when security is a must, HTTPS differentiates one sender and receiver from another. SSL takes the data, going or coming, and encrypts it. This means that SSL uses a mathematical algorithm to hide the true meaning of the data. The hope is that this algorithm is so complex it is either impossible or prohibitively difficult to crack.

The encryption begins when the owner of the Web site purchases a time-sensitive certificate from a trusted certificate authority such as VeriSign. You can get a certificate anywhere, or even make your own, but is it trusted? Your browser will let you know. This certificate is a security code created specifically for that one user, or even for that one Web site. The code is so complex that no one else on Earth should have a duplicate.

Getting a certificate can be an involved task. All types of information must be recorded so the issuer of the certificate can be a reliable authority on the certificate’s owner. Information that must be provided includes the name of the site and even the name of the server that hosts the site. Complexity makes counterfeiting incredibly difficult.

This makes the issuer a trusted third party. When your browser sees the secure Web site, it uses the information in the certificate to verify that the site is what it claims to be. Browsers commonly indicate security by presenting a picture of a shiny closed lock at the bottom of the screen. This process is not always perfect because of human error. Maybe 53.com is a valid banking site, but 53RD.com is not. We call that phishing. Unscrupulous people phish for careless people. So be cautious. After the identity of the Web site is accepted, the encryption is negotiated between the browser and the Web server, and the data is all but locked up tight.

via http://www.allvoices.com/contributed-news/2332033-http-vs-https-its-all-about-keeping-you-secure