Isabella Di Fabio - Secret Story about HTTP vs HTTPS

Page 1

Isabella Di Fabio - Secret Story about HTTP vs HTTPS differences and how they influence safety - Isabella Di Fabio Understand the difference between HTTP and HTTPS, what the "S" means and how it influences the security of the information trafficked on your site with this post. Let's go there! HTTP, whose meaning in English is Hypertext Transfer Protocol, is defined as: the way, the form, or to put it colloquially, the language of minimal information communication on the Web. Basically when we open a Web page from a browser, both the client (destination) and the server (origin) communicate using the protocol called HTTP. For the message to be understandable between them, both must understand and interpret the same language at the same time, making it a common language between the parties. Let's imagine the following daily scenario: we need to transmit a message to a person, therefore here they participate: who sends (origin / sender) and who receives (destination / receiver), so that the transmitted message is understood and interpreted by the receiver is imperative that both communicate in the same language or language. This analogy is the same one that occurs in an HTTP transmission.

Isabella Di Fabio Show us All The Secret Story About HTTP HTTP is a very basic communication language since the exchange of information between one point (server) to another (client) is based on data of the text type (on the web called hypertext) and in turn the web browser: generates , displays or interprets content at an understandable level, visually speaking, for end users. Now, the fundamental difference with respect to HTTPS (apart from the letter s obviously) is that in addition to being an HTTP protocol, a data encryption component is added to both ends of the communication, through the digital certificates configured in the server and adding a new protocol called SSL, so HTTP is HTTP + SSL. Communication is secure and only the recipient of the information will be able to understand the result, but let's clarify that this does not imply that the site itself is secure.


When we talk about site security we are referring to much more technical and careful things: data type validation, filtering and sanitation of what was received, anti-robot captcha, password robustness; and a lot of other techniques to avoid attacks like: XSS, Injection SQL, among others. Therefore it is important to understand that a site with HTTPS protocol can be technically as secure or insecure as one with HTTP, although HTTPS certainly goes the extra step in ensuring the transmission of the data itself. When a page requests sensitive data, be it: passwords, access pins, and even more so when it comes to monetary transactions, the reality is that this site should inevitably have HTTPS.

It is important for a site to have HTTPS because it is one of the factors that can help improve Google ranking. It also gives a certain feeling of security to the user who enters our site.

Isabella Di Fabio Secret Story and Details about ​ HTTPS As a disadvantage we can say that the communication between the client and the server is a little slower (almost imperceptible) because it is an "additional calculation" when it comes to encrypting and decrypting the information sent in each interaction. As an advantage, Google penalizes sites that do not use HTTPS, in other words, those that have HTTPS have a higher ranking preference (obviously, we also have to take into account everything that SEO refers to) If a page requests any type of data through a web form and it does not have HTTPS, we would see the text "site not safe" in the web browser bar.


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.