What is https? Why we need https? is https safe from hacker?
We all have this question in our minds. I also have this same question in my mind. Now in this post i will explain this. Http stands for Hypertext transfer protocol which is a language a computer can speak with another computer. And what is Https? This is simply, http over ssl or http secure. The same web language used with data security.
We all use internet connection for browsing, emailing, bank transactions and many more. In these activities, some information we share throught the web is private and some information is public. If a hacker finds a email message you send to your friend may not cause any problem. But consider if you are connecting to a banks website and entering your password. This password is going through the internet and the messag can be hacked intermediately and a hacker can know your password. Just imagine what will happen. Your private data is now public to some hacker in the middle.
Consider the normal http connection to a bank website:
Here is the data security plays a main role. In a https connection, a public key and a private key is used. When a browser requests a web page to the server, it will serve the html content and a public key will also be serverd along with the html content. This public key will be used to encrypt the data entered by the user and this is send through the internet.
See when you are connecting to a banks website through https connection, the server in bank will serve the web page(some html file/content) to your computer's browser and also a public key. Your browser will display the html content in a formatted manner. Probably bank's login page will be displayed. Now you have to login to your internet account to access your bank account. While you enter your password and click submit, the data will be encrypted by your browser using the publick key which is already received and submitted throught the internet to the assossociated server. Then the server will process your request and it will let you to access your account or deny to access your account. In this transaction, if a hacker see the encrypted password he cannot able to decrypt it although he is provided with the public key. Because this public key is used to encrypt and it will not decrypt the data. Private key alone decrypt the data. This private is available in the bank's server. Yae!!!! have you understand?
Okay i think i have cleared your doubts. Now here comes the second question. How to know a website use https connection. You can easily find this by seeing the url in address bar. There will be https instead of http. Some good browsers internet explorer, firefox , safari, google chrome and opera will show who gave this https public key and private key to the website owner. It also checks if these keys belong to this website owner by refering the website name and the key's name. A website owner should buy a https certificate. This certificate consists of a private key and a public key. Each private and public key corresponds to one certificate only. This certificate has a expiry date also.
No comments:
Post a Comment