The internet we widely use in these days, works on two major protocols HTTP and HTTPS. But what are those and what is the basic difference between those two.
A protocol is a set of rule to carry out operations between two different parties. In information technology, a protocol is the special set of rules that end points in a telecommunication connection use when they communicate. Protocols specify interactions between the communicating entities. Protocols exist at several levels in a telecommunication connection. For example, there are protocols for the data interchange at the hardware device level and protocols for data interchange at the application program level. HTTP and HTTPS are protocols for data interchange at the application level that specify how the data would be received and sent from the application end.
HTTP (Hyper Text Transfer Protocol)
The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, and hypermedia information systems.HTTP is the foundation of data communication for the World Wide Web. The Web Pages and Web Sites we browse through Web Browsers are created using HTML(Hyper text media language) and provide the structure to those web pages. HTTP is the protocol to exchange or transfer hypertext between two ends i.e. the client and the server applications. The client application is usually the Web browser and the server applications are Web Servers or Application Servers hosting the web pages or web applications. This protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
For example, when you enter a URL in your browser, this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page. Web Server tries to find the requested page and if it finds the requested page and sends it back as a response along with a standard success code decided and defined by the HTTP protocol. If the server cannot find the page or there is some error on the server it sends the standard error codes like 404 (resource not found) or 500 (Server Error) defined in protocol as a response. The browser gets response and checks the status and gets to know how to proceed with displaying the response according the status code. If it is success then browser can render the response sent by server. If it is an error code then it sees if the server has sent any custom error page and renders it otherwise dispays the default error message on browser.
In such a way. the HTTP defines the codes to communicate, data whcih can be carried in request and response etc. and helps establishing a communication between Browser and Server applications.
Development of HTTP was initiated by Tim Berners-Lee, the inventor of World Wide Web, at CERN in 1989. At the time of inception of WWW, it was intended for sharing the research and academic information over the computer networks as a interconnected Web of Hypertext pages. As the time passed by, the WWW evolved to other applications like e-commerce and industrial application. Hence the information being shared was not limited to research and academic information. The banking, financial and government organization's information also came to circulation on the network as they made it available for easy access over the WWW. This raised the concerns over the security of sensitive and confidential information being transferred over the network. Because the information that transfers between two systems on WWW over HTTP does not travel through a dedicated link between two systems. It travels through and passes through many intermediates nodes, routers,hubs and gateways and anyone could eavesdrop and impersonate itself as a receiver when the information was being passed between these system and could get access to this sensitive and confidential information. Thus an another version of protocol was required that could be used to transfer this sensitive and confidential information on WWW in a secured way. This lead to development of HTTPS.
HTTPS(HTTP over Transport Layer Security)
HTTPS is the secure version of HTTP. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security, or its predecessor, Secure Sockets Layer. The main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data. HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with or forging the contents of the communication.
In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an impostor), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party. This protocol uses the DIgital Certificates and Public key Infrastructure to verify the identity of sender and receiver and encrypting the data betwenn two ends.
HTTPS connections are primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. In present times almost every website which collects some data from users have developed their websites to communicate over HTTPS. Whenever a user communicates with a website over HTTPS the browser displays a Lock icon and HTTPS or Secure Text in address bar. The URL for such websites also starts with HTTPS.
Is it always safe to communicate over the HTTPS?
Even if HTTPS provides the authentication of the website and encryption of communications between a client and server, but it does not means it is always safe to communicate over HTTPS. The HTTPS only guarantees the secure transmission between two ends and authenticates that the data is only transferred to the authorized end it does not guarantee the validity od sender or receiver. It is always upto the user's discretion to verify that if he has been communication or transacting with a valid or legit party. As it is also possible that any Phishing site may also communicate over HTTPS. So it is always advisable to check and verify the address in the website and adhere to the phishing attack warnings given by browsers and Anti- Viruses.
Offshorededicated.net committed to provide reliable anonymous web hosting with protection from any encroachment, maintaining our client’s rights to full freedom of information and independence.
ReplyDelete