What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol – Secured. This is a secured version of HTTP. Https is a primary protocol that is used to transfer the data in a secured way between two systems.
How It Works?
Before understanding how it works, please refer to the below diagram
As you can see in the above diagram, communication takes place in a readable hypertext format where sensitive information like user name, password, banking account number, etc. are transmitted without applying any encryption.
Therefore, this is highly prone to different attacks which we will cover in the following sections.
To avoid this, HTTPS is being used which uses different encryption protocols to encrypt the data sent/received from the server.
Above all, it uses Transport Layer Protocol ( sometimes referred to as Secure Socket Layer – SSL) which is based on asymmetric public key infrastructure.
It uses two different types of keys:
- Private Key – This get stored on a server where website is hosted and used to decrypt the data encrypted by public key.
- Public Key – It is stored on the local store of the client who is hitting the site. It is used to encrypt the information which is being sent to the server. Information that’s encrypted by the public key can only be decrypted by the private key.
If the website uses an HTTPS protocol, the browser will show a padlock sign as you can see for our site.
HTTP vs HTTPS
There are major differences between HTTP and HTTPS protocols.
HTTP | HTTP-Secured |
---|---|
No Encryption Available | Data Encryption is Added |
URL starts with HTTP:// | URL starts with HTTPS:// |
Default port is 80 | Default port is 443 |
Highly Prone to attack | More Secured |
What happens if a website doesn’t have HTTPS?
There are high chances of being a victim of the below attack(s) on your site if the site not secured with SSL.
- Man in the Middle Attack
- Phishing Attack
- Data Leakage
- Browser Showing Website as Unsecured!
Disadvantages of HTTPS
As we know, nothing interesting is ever completely one-sided. HTTP-Secured is not an exception as it comes with the following disadvantages:
- Cost – Installing SSL certificate to migrate your site on https need investment of some $$.
- Performance – Because of Encryption and descryption, procesing such requests will take more time.
- SSL will use lot of server resources.
- Browser Caching will not work properly with SSL somtimes.
Despite of the above disadvantages, using SSL on your site is a wise choice.