Internet portocol

HTTP vs. HTTPS: What You Need to Know

Dhairya Pandya's photo
Dhairya Pandya
·

3 min read

The HTTPS stands for (Hyper Text Transfer Protocol Secure) Its just a naming convention which shows that the data that is being transfered to the site is encrypted before leaving the device, the security concept was introduced in the HTTP2 version where the data was encrypted before sending.

The HTTPS utilizes the Transport Layer Security (TLS) or its predecessor, Secure Socket Layer(SSL).

HTTPS also verifies the identity of the website server. This helps prevent man-in-the-middle attacks where attackers try to interprete and modify data.

The SSL and TLS

They are used for protecting the data that is being transferred to the network, it needs to be encrypted and secured so that the data doesnot get compromised

They do the required cryptography and encryption to provide secure communication over a network. They are essential for protecting sensitvie data transmitted over the internet.

  1. Credit card numbers

  2. Passwords

  3. Personal information

  4. Medical records

  5. Financial transactions

How TLS/SSL works

  1. Handshake: When a client initiates a secure connection with a server, a ‘handshake’ process occurs, This involves the client and server exchanging information such as:

    Cipher suites: The encryption algorithms they both support.

    Random numbers: Used to generate unique encryption keys for the session.

    Digital certificates: Used to authenticate the servers’ identity.

  2. Session key generation: Based on the information exchanged during the handshake, the client and server generates a shared secret key called ‘session key’. This key is used to encrypt and decrypt the data for the rest of the session.

  3. Encrypted communications: Once session key is established the further communication is done in an encrypted manner using this key. This ensures that only the client and server can understand the data being exchanged.

HTTP status codes.

There are several codes which are standardized for the purpose of simplicity and cohortness

1xx - Informational

  • 100 Continue: The client should proceed with the request.

  • 101 Switching Protocols: The server is switching protocols (e.g., from HTTP/1.0 to HTTP/1.1).

2xx - Successful

  • 200 OK: The request was successful.

  • 201 Created: The request succeeded, and a new resource was created.

  • 202 Accepted: The request has been accepted for processing, but processing is not complete.

  • 204 No Content: The server successfully processed the request, but is not returning any content.

3xx - Redirection

  • 301 Moved Permanently: The requested resource has been permanently moved to a new location.

  • 302 Found (Temporarily Moved): The requested resource has been temporarily moved to a new location.

  • 304 Not Modified: The client has a cached copy of the resource, and it has not been modified since the last request.

4xx - Client Error

  • 400 Bad Request: The server could not understand the request due to malformed syntax.

  • 401 Unauthorized: The request requires user authentication.

  • 403 Forbidden: The server understood the request but refuses to fulfill it.

  • 404 Not Found: The requested resource could not be found on the server.

  • 405 Method Not Allowed: The request method (GET, POST, etc.) is not supported by the requested resource.

5xx - Server Error

  • 500 Internal Server Error: The server encountered an unexpected condition that prevented it from fulfilling the request.

  • 502 Bad Gateway: The server received an invalid response from an upstream server.

  • 503 Service Unavailable: The server is temporarily unavailable.

  • 504 Gateway Timeout: The server timed out waiting for a response from an upstream server.

They provide valuable information about the outcome of a web request, helping developers debug issues, improve user experience, and optimize website performance.

webdevcohort