HTTPS to secure web transaction

A tremendous amount of information was passed back and forth to the Internet everyday. Most of the time, the protocol used in this communication is HTTP or HyperText Transfer Protocol.

In HTTP, all data is transferred in clear text - data such as User Identification (userid) and password will be transmitted as clear text as well. This is a security issue as anyone can sniff these userid/password and gain access to private information.

Overcoming this matter is not difficult. What we need to do is to use Hypertext Transfer Protocol Secure (HTTPS). HTTPS is a combination of the HTTP with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server. Essentially, anything transferred over HTTPS is encrypted. As such, data such as userid/passwd transmitted will not be easily deciphered. This in effect will protect user identities and passwords. Besides this, HTTPS will also protect credit card transactions during online consumer purchases. Having HTTPS implemented will also ensure that sensitive personal information are secured in transmission from web server to your browser. These are the reason for most of the e-commerce and banking site to implement HTTPS at their site.

From security point of view, HTTPS is useful in securing Internet transaction. It is often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. However, it is not a wise decision to encrypt every page of your site using HTTPS. When HTTPS is implemented, every bit of information sent back and forth is encrypted and decrypted. These includes graphics, text and and so on. This will generate a lot of unnecessary load to your server and client and may slow down the response time to your site. So, it is important to only encrypt absolutely necessary pages at your site.

By the way, HTTPS runs on port 443. The normal HTTP is running on port 80.

Comments

Popular Posts