The difference between http:// and https:// as used on a website

Posted on Posted in ICT

The main difference between http:// and https:// is all about keeping you secure.

HTTP stands for Hyper Text Transfer Protocol while the S stands for “Secure”.

If you visit a Website or web page, and look at the address in the web browser, it is likely begin with the following: http:// or https://

http://  means that the website is talking to your browser using the regular unsecured language. In other words, it is possible for someone to “eavesdrop” on your computer’s conversation with the Website. If you fill out a form on the website, someone might see the information you send to that site. When you enter HTTP:// in your address bar in front of the domain, it tells the browser to connect over HTTP. HTTP uses TCP (Transmission Control Protocol), generally over port 80, to send and receive data packets over the web. To put it simply it is a protocol that is used by a client and server which allows you to communicate with other websites. The client sends a request message to a HTTP server (after the TCP handshake) which hosts a website, the server then replies with the response message.

This is why you should never ever enter your credit card number in an Http website!

https:// The computers agree on a “code” between them, and then they scramble the messages using that “code” so that no one in between can read them. This keeps your information safe from hackers. This means your computer is talking to the website in a Secure code that no one can eavesdrop on.

The procedure for encrypting information and then exchanging it is called HyperText Transfer Protocol Secure (HTTPS).

With HTTPS if anyone in between the sender and the recipient could open the message, they still could not understand it. Only the sender and the recipient, who know the “code,” can decipher the message.

Humans could encode their own documents, but computers do it faster and more efficiently. To do this, the computer at each end uses a document called an “SSL Certificate” containing character strings that are the keys to their secret “codes.”

SSL certificates contain the computer owner’s “public key.”

The owner shares the public key with anyone who needs it. Other users need the public key to encrypt messages to the owner. The owner sends those users the SSL certificate, which contains the public key. The owner does not share the private key with anyone.

The security during the transfer is called the Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

The procedure for exchanging public keys using SSL Certificate to enable HTTPS, SSL and TLS is called Public Key Infrastructure (PKI).

You understand why this is so important, right?

So if a website ever asks you to enter your Credit/Debit card Information, you should automatically look to see if the web address begins with https:// and if it doesn’t, You should NEVER enter sensitive Information such as a credit/debit card number.

In Summary

1)      In case of HTTP URL begins with “HTTP://” and for HTTPS connection it is “HTTPS://”

2)      HTTP is unsecured on other hand HTTPS is secured.

3)      HTTP uses port 80 for communication unlike HTTPS which uses port 443

4)      No certificates required for validation in case of HTTP. HTTPS requires SSL Digital Certificate

5)      No encryption in HTTP; Data encrypted before sending and receiving in HTTPS.

I hope this has cleared the difference between HTTP and HTTPS. If you have any questions or observations to make, please do comment.

Leave a Reply

Your email address will not be published. Required fields are marked *