Friday, 6 May 2011

How Https is More Secured Than Http?

If you will observe your navigation bar as you surf the net, you may see that there are sites using https rather than http at the beginning of the web address. Https and http functions almost the same. The only difference is their process of transferring or keeping the data. Data that flows in https is more secure than http, see below:

  1. Https encrypts all the data going to the server.

Https uses security layers that encrypt pieces of network in the internet. It can either be TLS (Transport Layer) or SSL (Secure Sockets Layer).

SSL is the most commonly used security protocol in the web. It is included in Microsoft and Netscape and can be downloaded for commercial or non-commercial. On the other hand, TLS is an IETF standard track protocol based on SSL.

  1. Https verifies the server’s certificates.

You will notice that sometimes a popped up notification appears before you enter a secured site. This is because https protocol verifies the server certificates first before allowing your computer to interact with the site and exchange data.

  1. Https does not cache data.

Since https protocol only stores data in the server, it does not leave any cache or data in your computer. With this, your personal information is safer as long as the server is secured and does not allow unauthorized access.

In connection, if https is safer than http yet can function like an http, why not use it in everything instead? It is because of some practical reasons.

Most websites are hosted in virtual hosts, cheaper and practical hosting options. However, websites in virtual hosts are only sharing in only one IP address and that is not working well with https.

In addition, since https do not cache data, browsing speed may slow down unlike http. There are sites that give options to users of whether they will be using an https or an http protocol on certain pages. Others combine the both protocols, by default they use http but with pages that requires sensitive information like registration or payment, they use https.

If you are running an ecommerce site or an portal that will be storing customers information and data, it is highly recommended that you consider in setting up an SSL Certificate.

1 comment:


    With how common online transactions have become, web sites can’t afford to ignore SSL. You lay out some good points from the security standpoint, but from a business perspective, SSL (or HTTPS) is a smart decision because savvy end-users are looking for that little ‘s’. More than that, they are looking for indications that a site is authentic even before entering, which can be done by seeing some sort of verification in search results. I work for Symantec, and our VeriSign Seal-in-Search does this. Consumers are learning to think before they click, so a web site that’s proven authentic and secure ultimately yields better web traffic.