Hello dear readers,
In this short article I will talk a little bit about the HTTP and HTTPS protocols. HTTP stands for Hypertext Transfer Protocol and basically every web request (typing a site’s URL in a browser such as Internet Explorer) is done using this protocol. HTTP uses the client-server model in which a client requests something from the server and the server responds with the desired request. You can visualize this protocol as a collection of hyperlinks interconnected. You can learn a lot of things about the functionality of the client-server model by reading my networking fundamentals articles. HTTP uses port 80, if you request a a web content on a different port other than 80, your request will not be routed throughout the Internet. Have you ever seen that even if you type for example ittrainingday.com, your request is automatically redirected to http://ittrainingday.com ? (any request by default is an HTTP request). When you specify a HTTPS request, by default, the port used is 443. We will talk in a second about the main differences between these two protocols. The requests that HTTP can fulfill are the following (taken from Wikipedia http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol):
- Requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect. (This is also true of some other HTTP methods.) The W3C has published guidance principles on this distinction, saying, “Web application design should be informed by the above principles, but also by the relevant limitations.” See safe methods below.
- Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
- Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, as examples, an annotation for existing resources; a message for a bulletin board, newsgroup, mailing list, or comment thread; a block of data that is the result of submitting a web form to a data-handling process; or an item to add to a database.
- Requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI.
- Deletes the specified resource.
- Echoes back the received request so that a client can see what (if any) changes or additions have been made by intermediate servers.
- Returns the HTTP methods that the server supports for specified URL. This can be used to check the functionality of a web server by requesting ‘*’ instead of a specific resource.
- Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.
- Is used to apply partial modifications to a resource.
How a browser is requesting a webpage is a different topic, but if you are really interested, you can check out my IIS tutorials in which I’ve described how web servers work (at least Microsoft’s web-hosting service or IIS). If you’ve read my networking articles you already know the TCP/IP and the OSI models and how everything is layered. HTTP is a layer 7 concept (Application layer). This protocol is responsible for displaying information so that it can be interpreted by the user.
HTTPS stands for Hypertext Transfer Protocol Secure, is a concept that uses HTTP and SSL when sending and receiving data. By adding the SSL protocol, HTTPS ensures that information sent between the client and the server is not intercepted. SSL or Secure Sockets Layer is a protocol used to encrypt information sent over the public Internet. I will not talk much about this protocol, you will have to know that it provides three main features: authentication, integrity and confidentiality. Authentication is made using asymmetric cryptography with a public and a private key (these keys are exchanged between the client and the server). Confidentiality is made using symmetric encryption and message integrity is done using message authentication codes. You can browse a little on Google to find out more about these mechanisms.
The main differences between HTTP and HTTPS are:
The first and most important is that HTTPS is secure while HTTP sends information in plain text.
HTTP uses port 80 while HTTPS uses port 443.
HTTP operates at the application layer while HTTPS works at the transport layer.
The URL is different in these two protcols: https:// and http://