Friday, July 3, 2009

Http vs Https

Are You Secured During Personal Data Sharing In Net?

Must Know “Http” and “Https”

Dear Readers,

We thought we would continue our discussion regarding different type of cybercrime but in the middle of the discussion we have decided to bring before you the difference between secured and unsecured website i.e. ‘https’ and ‘http’ as some of our readers had asked us about secured site and unsecured site. And when we are going to discuss it, we have decided that we will bring it to our readers in a very understandable language to all in part by part for making it easy accessible to our reader friends. So let’s start with those definitions, which will help all of us to understand our discussion as “https” stands for Hypertext Transfer Protocol under Secure Socket Layer.

Protocol: - A uniform set of rules that enable two devices to connect and transmit data to one another. Protocols determine how data are transmitted between computing devices and over networks. They define issues such as error control and data compression methods.

TCP/IP Protocol: - Transmission Control Protocol/Internet Protocol is the suite of communications protocols used to connect hosts on the internet.

Hypertext: - This is a special type of Database System in which objects such as documents, pictures, videos, music, programs and others can be creatively linked each other. When you select an object, you can see all the other objects that are linked to it. You can move from one object to another even though they might have very different forms. The icons that you select to view associated objects are called Hypertext links or buttons.

FTP: - File Transfer Protocol is a protocol to upload a file from a workstation to FTP server and download a file from a FTP server to a workstation. It is the way that files get transferred from one device to another in order for the files to be available on the Internet. When ftp appears in a URL it means that the user is connecting to a file server and not a Web server and that some form of file transfer is going to take place.

HTTP: - Hyper Text Transfer Protocol, or HTTP, is a protocol used to transfer files from a Web server onto a browser in order to view a Web page that is on the Internet. Unlike FTP, where entire files are transferred from one device to another and copied into memory, HTTP only transfers the contents of a web page into a browser for viewing. When http appears in a URL it means that the user is connecting to a Web server and not a file server. HTTP sends the data collected over the Internet in plain text.

HTTPS: - Hypertext Transfer Protocol with Secure Sockets Layer. This is the protocol which transfers data in an encrypted method over the web. It is a TCP/IP protocol used by Web servers to transfer and display Web content securely. The data transferred is encrypted so that it cannot be read by anyone except the recipient. So there no risk of interception by anyone with a packet sniffer. HTTPS encrypts the data sent and received with SSL, while HTTP sends it all as plain text.

We think we have been able to make you understand your quarry about secured site and unsecured site. So friends be alert on sharing your personal data with any web site and we suggest until and unless you find “https” in the browser don’t share your secret financial information with them as there is every possibility from the hackers point to get your by using packet sniffer as the data are transferred as a plain text. For bringing this information before you we are grateful to some websites like webopedia and others.


Urproblemmysolution team


Sitanshu said...

Dear Sujit,

I'm ever so gratified by your concise explanations of complicated terminologies.

Wanted to mention that there is yet another secured protocol in addition to the ones you explained so well.

This protocol is called SHTTP as opposed to HTTPS

The difference is that SHTTP is used for "Document Level Security", whereas HTTPS is "Communication Channel Level Security".

That means lesser overhead, because you only secure the message or document that you are sending this one time (SHTTP), than keeping the entire channel (or communication) secure all the time (HTTPS).

In HTTPS - HTTP sits over SSL, whereas in SHTTP, SSL sits over HTTP. Two schemes which are equally effective and both use Public key Encryption and Private Key Decryption, and both use RSA or DSA as the case maybe.

In my next post (with you permission) I would like to explain for your viewers in simple terms what "Public Key Encryption Really Means".

Warm Regards,
Sitanshu Ray

Sitanshu said...

Dear Sujit,

I posted a comment on yet another secured protocol called SHTTP as opposed to HTTPS (The more widely known secure protocol). However I failed to mention why SHTTP? when we already have HTTPS...

The answer is not that simple. You have to be an Architect to apprciate this. Still I think - I may have a way to explain this.

Please remember that the Internet Bandwidth (total spectrum) is limited. So even if we need added services such as "Secured Transmissions", we must try our best to minimize the use of that bandwidth. SHTTP allows you to just secure what should be secured rather than the entire transmission. In a banking transaction you have thousands of messages (Client Name, Address, Sex, Account Number, Father's name, Account Start Date, Starting Balance, Ending Balance, Credit Card number, etc.etc.)...
Why do I need to secure all this information. Just securing the "Credit card number" is enough. I do not even need to secure my "Bank Account Number". So what if someone knows my "Bank Account Number". SHTTP will make sure that I secure just the "Credit Card Number", whereas HTTPS will secure everything...Too much is wasted securing everything...

That is where SHTTP is handy. Secure what you need, not the entire transmission...

Hope I made my point...

Will give a few real examples in my next post.

Warm Regards,

Kelvin said...

wow thanks for explaining the protocols, finally understand some of it. Clicked ur ads btw:) click mine too if u like my posts.

TAJUL said...

Dear Sujit,
I liked your notes on Cyber Crime. It's an philanthopic idea to share your knowledge with others in the field of Cyber Crime. It would be so kind of you if you make it convenient by throwing some light in the matter of Investigation in Cyber Crime by citing some practical examples. Take care. with best regards. TAJUL.

Blogger said...

Dear Tajul,
Thanks for following this blog and at the same time I am sorry 2 say that I will not post any such comment as you have wanted as that will be clear to cyber criminals how police catch them. So sorry pl keep visiting and if you face any from from cyber world you please post here I will guide you and send mail to your ID. I think you have understood me.

Kamal Dave said...

It is really a well explained thread and deserved applaud. In this thread not only terminology but its functionality is explained and well supplemented by Sitanshu.

Kamal Dave