HTTPS


HTTPS (Hypertext Transfer Protocol Secure) is a protocol that enables you to establish a secure connection between the server and client, which cannot be intercepted by unauthorized parties.

How it works[edit]

A standard HTTP connection on the Internet can easily be hijacked by unauthorized parties. The purpose of an HTTPS connection is to avoiding this: to encrypt the data to ensure a secure data transmission. The transmission is encrypted and the server is authenticated.

When a user clicks a link or confirms a URL input in the address bar with Enter, a connection is will be established by the browser. The server presents a certificate that authenticates it as a genuine, trusted provider. Once the client has verified the authenticity, it sends a session key which is readable only by the server. Based on this key data, encryption can now take place. Usually, an SSL certificate is used.

Https.png

Background and objectives[edit]

The purpose of an HTTPS connection is to protect the data being transmitted. An HTTP connection can be easily intercepted, allowing specific attacks on individuals. Data entered by a user in their browser window is often personal (account information, e-mail, credit card information, etc.) and must be protected from such access.

Another problem is phishing, whereby the data entered by a user is sent to unauthorized persons using fake websites. The use of HTTPS instead of HTTP can prevent both interception and phishing. The latter is possible with a certificate. In other words, the objective of HTTPS is to provide internet users privacy, security, and data protection.

Use and relevance[edit]

HTTPS is used for all websites where a user enters data. A major field of application is online banking. Anywhere where a password-secured account is used, an HTTPS connection would be sensible. This includes social network access, or e-mail and shopping accounts, where otherwise great personal harm could be inflicted with the illegal acquisition of personal data. Personal information could also be submitted without an account. If, for example, a flight or an entire vacation gets booked online, then applicable data must be communicated to the providers in a secure way.

In their own interest, any internet user should pay attention to a secure connection at the right place and thus protect their privacy. Whether an HTTPS connection exists can be easily seen in the address bar. It will show “https” at the beginning and is even highlighted in many cases. A small lock icon is also displayed.

Disadvantages[edit]

HTTPS has some disadvantages compared to HTTP connections. However, these are very few and should be accepted as a compromise for the security it provides.

  • There are additional fees for certificates and increasing costs with increasing traffic. These can be particularly high. Especially for new and small websites these fees can become relatively high.
  • With HTTPS connections, content cannot be cached. But the trend towards higher bandwidth counteracts this disadvantage.
  • A weakness is also the poorer performance resulting from the use of SSL encryption. The server must perform a lot more computations, thus increasing the response time.
  • Virtual hosts do not work with HTTPS.

Advantages[edit]

Besides the obvious advantage of online privacy, there is also another big plus. Use of HTTPS does not require any additional software installation. This means it can be used without restrictions by anyone. The authentication with a certificate also inspires confidence in potential clients.

Difference with HTTP[edit]

The main difference is security. The technology is essentially the same, but HTTPS includes SSL encryption. Therefore, it is in principle possible to establish the entire Internet with HTTPS connections. However, because of the aforementioned disadvantages and out of habit, hardly anyone uses a secure connection when it is not absolutely necessary.

Security[edit]

Since the difference to HTTP is the use of encryption, HTTPS security solely depends on the encryption technique used. This is currently SSL, which is generally considered secure. However, it should be noted that a secure data transmission alone is insufficient to protect the data completely, it must also be securely stored by the recipient.