Cheap Hosting Domain Names

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Sunday, 22 April 2012

HTTP vs HTTPS: Similarities and Differences

Posted on 20:23 by Unknown
What is HTTPS?

HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a web protocol developed by Netscape.

One can say: HTTPS = HTTP + SSL

HTTPS uses Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering.

Need of HTTPS:

Hypertext Transfer Protocol (HTTP) is a protocol for transmitting and receiving information across the Internet. HTTP serves as a request and response procedure that all agents on the Internet follow so that information can be rapidly, easily, and accurately disseminated between servers, which hold information, and clients, who are trying to access it. You normally use HTTP when you are browsing the web, its not secure, so someone can eavesdrop on the conversation between your computer and the web server. In many cases, clients may be exchanging confidential information with a server, which needs to be secured in order to prevent unauthorized access. For this reason, https, or secure http, was developed by Netscape corporation to allow authorization and secured transactions.

Similarity between HTTP and HTTPS:

In many ways, https is identical to http, because it follows the same basic protocols. The http or https client, such as a Web browser, establishes a connection to a server on a standard port. When a server receives a request, it returns a status and a message, which may contain the requested information or indicate an error if part of the process malfunctioned. Both systems use the same Uniform Resource Identifier (URI) scheme, so that resources can be universally identified. Use of https in a URI scheme rather than http indicates that an encrypted connection is desired.

Difference between HTTP and HTTPS:

1. URL begins with “http://" in case of HTTP while the URL begins with “https://” in case of HTTPS.
2. HTTP is unsecured while HTTPS is secured.
3. HTTP uses port 80 for communication while HTTPS uses port 443 for communication.
4. HTTP operates at Application Layer while HTTPS operates at Transport Layer.
5. No encryption is there in HTTP while HTTPS uses encryption.
6. No certificates required in HTTP while certificates required in HTTPS.

How HTTPS works?

For HTTPS connection, public key and signed certificates are required for the server.
When using an https connection, the server responds to the initial connection by offering a list of encryption methods it supports. In response, the client selects a connection method, and the client and server exchange certificates to authenticate their identities. After this is done, both parties exchange the encrypted information after ensuring that both are using the same key, and the connection is closed. In order to host https connections, a server must have a public key certificate, which embeds key information with a verification of the key owner's identity. Most certificates are verified by a third party so that clients are assured that the key is secure.
In other words, we can say, HTTPS works similar to HTTP but SSL adds some spice in it.

HTTP includes the following actions:

1. The browser opens a TCP connection.
2. The browser sends a HTTP request to the server
3. The server sends a HTTP response to the browser.
4. The TCP connection is closed.

SSL will include the following actions:

1. Authenticate the server to the client.
2. Allow the client and server to select the cryptographic algorithms, or ciphers, that they both support.
3. Optionally authenticate the client to the server.
4. Use public-key encryption techniques to generate shared secrets.
5. Establish an encrypted SSL connection.
6. Once the SSL connection is established the usual transfer of HTTP requests will continue.

Where should https be used?

HTTPS should be used in Banking Websites, Payment Gateway, Shopping Websites, Login Pages, Emails (Gmail offers HTTPS by default in Chrome browser) and Corporate Sector Websites. For example:

PayPal: https://www.paypal.com
Google AdSense: https://www.google.com/adsense/

Beware of using Credit Card Numbers on Internet:  If a website ever asks you to enter your credit card information, you should automatically look to see if the web address begins with https://. If it doesn't, there's no way you're going to enter sensitive information like a credit card number!

Browser integration

Most browsers display a warning if they receive an invalid certificate. Older browsers, when connecting to a site with an invalid certificate, would present the user with a dialog box asking if they wanted to continue. Newer browsers display a warning across the entire window. Newer browsers also prominently display the site's security information in the address bar. Extended validation certificates turn the address bar green in newer browsers. Most browsers also display a warning to the user when visiting a site that contains a mixture of encrypted and unencrypted content.
Email ThisBlogThis!Share to XShare to Facebook
Posted in DOTNET | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • Online Economics Degrees
    Economists research and analyze economics, or the way people choose to use their resources to produce goods and services. Economists typical...
  • Online DBA (Database Administrator) Degrees
    Database managers keep vital information organized.  With a database technology degree, you may find yourself organizing customer informatio...
  • Online Advertising Degrees
    The objective of any business firm is to market and sell its products or services profitably. In small firms, the owner or chief executive o...
  • Online Photography Degrees
    For those crave autonomy, flexibility, and, above all, creativity, a career in photography may seem ideal. If you have an artistic eye, tech...
  • Online BCA Degrees
    The boom in the IT industry has opened up plenty of job opportunities for computer professionals. As a result, computer application courses ...
  • Online Professional Degrees
    Going back to get more education can be a difficult, time consuming and sometimes impossible proposition. But with new advances in virtual t...
  • Online Pharmacy Degrees
    Filling prescriptions is only one job that pharmacists perform each day. Taking inventory, making sure people are taking the right medicatio...
  • Online MA Degrees
    A Master of Arts (MA) is a postgraduate academic degree that is typically awarded in Humanities, Fine Art, Theology or Social Sciences. The ...
  • Online Social Science Degrees
    Social science covers a broad range of fields: behavioral science, history, economics, geography, political science, women''s studie...
  • Online Human Resource (HR) Degrees
    In today's economy, the quality of a company''s personnel can mean the difference between a slot on the Fortune 500 and a trip t...

Categories

  • AJAX
  • C++
  • CSS
  • Delphi
  • DOTNET
  • HTML
  • Javascript
  • jQuery
  • Management
  • Online Degrees
  • Oracle
  • Others
  • Phonegap
  • PHP
  • Unix
  • XML

Blog Archive

  • ▼  2012 (180)
    • ►  September (89)
    • ►  August (11)
    • ►  July (4)
    • ►  June (3)
    • ►  May (25)
    • ▼  April (48)
      • DOM Events: Mouse Events, Keyboard Events, Form Ev...
      • What is DOM (Document Object Model): Tree and Node...
      • DocType: Strict, Transitional and Frameset
      • How the ASP.NET authentication process works?
      • Response.Redirect vs Server.Transfer: What to use ...
      • GET vs POST: Which one is better? A 10 point compa...
      • HTTP vs HTTPS: Similarities and Differences
      • How IIS processes ASP.NET request?
      • AutoEventWireup in ASP.NET: Why my ASP.NET events ...
      • Web Farms in ASP.NET: Advantages and Issues
      • Cautions while dropping a tablespace
      • 12 Point Comparision between FTP and HTTP Protocol...
      • Dataset, Dataview, Datatable and common operations...
      • Client Side State Management in ASP.NET
      • Difference between page_init, page_load and page_p...
      • Database FLASHBACK mode: Overview
      • Database ARCHIVELOG mode: Overview
      • Hash Collision Attacks in .NET
      • ADO.NET: A quick revision
      • What is SQL Injection?
      • What is ASP.NET AJAX?
      • What is DLL HELL?
      • DIV vs TABLE tag: Which one to use?
      • Exception Handling in ASP.NET
      • Business Intelligence (BI): Data Warehouse, Data M...
      • UDDI: Universal Description, Discovery and Integra...
      • Web Services: Exposing and Consuming
      • Web Service Description Language
      • Simple Object Access Protocol
      • Caching in ASP.NET
      • Partial Classes in ASP.NET
      • Difference between DLL and EXE Files
      • What is an ASP.NET User Control?
      • Page Directive in ASP.NET
      • DOTNET Framework: CLR, CTS and CLS
      • What is Tethering and Hotspot?
      • Preventing Caching in AJAX URLs
      • What is web.config file? What is the significance ...
      • HTML vs XHTML vs DHTML
      • AJAX - A quick revision
      • Web Server vs Application Server vs Database Server
      • Difference Between ASP.NET Server Controls and HTM...
      • web.config vs app.config vs machine.config
      • Assemblies in .NET Framework
      • Silver Bullets for Testing
      • Unix Commands which should be on tips of each deve...
      • Basics of IBM Websphere MQ (Part 1)
      • What is Garbage Collector? How and when does it run?
Powered by Blogger.

About Me

Unknown
View my complete profile