Let's focus on the URL. HTTP or HTTPS?

Enakshi Pal - May 28 '21 - - Dev Community

Wait! What are these? Are they even different?

Most of us being casual users around the internet, are just concerned about googling our stuff, and get over with our work. We are least bothered about the URL we see at the top of any web page we open, aren’t we?

So, let’s break the ice and get started with the facts!

There is a difference between HTTP and HTTPS.

Surprised? Not surprised at all? None of them?

Let’s have a look then.

HTTP stands for Hyper Text Transfer Protocol.

By any means have you heard about the term, Stateless?

Here it is. HTTP is a stateless protocol where the server does not keep track of any state information. This means, we or the user could send any valid information or command at any time.

The server won’t relate any of its command to its past or future commands. In essence, each command is independent of its past or future commands.

An HTTP server doesn’t remember about whether you have visited the site before or how many times you have visited the site.

Let us consider an instance.

When you open a browser, you type or request something to the browser and instantly you get the desired result within few seconds.

Have you ever wondered about how does this happen so fast or what are the processes behind it?

No, right? We, the users barely care about this. No worries, let’s have a look!

•The browser sends a request (input)_ to the web server.
•The web server receives the request.
•The server then runs an application to process the request.
•After the processing the request, the server returns an HTTP response (output) to the browser.
•Lastly, the browser receives the response and hence we get the results in our browser.

If we (the user) were getting our desired results through HTTP then, Why do we need HTTPS?

Let’s dig in!

HTTPS stands for Hyper Text Transfer Protocol Secure.

The only difference between HTTP and HTTPS is _“encryption”__. _
The purpose of HTTP was going fine until security came into the picture. Today, the world demands security above all.

Why do we need encryption or security?

HTTP is not secured. By that we mean, HTTP transfer data as plain text without any encryption. As a result, anybody who is monitoring the session, can read the request and response created by the user.

How is that even possible?

In case of http, we see that, the user submits his/her username and password, the browser sends it to the server in a plain text format, that can be read by any attacker who is monitoring the session.

Whereas in case of https, we see that, the information requested by the user, is being transferred to the web server in encrypted mode i.e., the attacker can now only see the random string or characters not the plain text.

Do you know?

HTTPS not only secures but, also helps authenticate web servers. You might be curious about the term ‘authentication’ by now.

So, the very basic meaning of authentication is, to verify. Now, verify what?

Authentication means to verify a person or a machine, who they claim to be. Just like we use an ID Card to confirm a person’s identity, similarly we need private keys to confirm the server’s identity.

By now you have got a brief idea, so let us finally draw our attention towards the key points.

HTTP use Principle of Trust, because security was not the priority back then.
HTTPS provides authentication and encryption which helps block numerous malicious attacks.

So, now the basic notion about the differences between HTTP and HTTPS is quite understandable.

From the next time, ‘http’ and ‘https’ would not look similar to you anymore, won’t they?

. . . . . . . . . . . . . . .