General discussion


'http':// vs'https':// in an address. Do people still believe this???

By sleepin'dawg ·
I received this, this morning and almost fell off my chair laughing. I wasn't sure whether to pity the sender or take her seriously. No wonder the scams are so successful if this is the only criteria being used to determine a secure connection.

Subject: The difference between http:// and https:// in an address
Hello All :

Don't know how many are aware of this difference, but worth sending to any that do not......

What is the difference between http and https

Maybe you already knew this, but I thought it was important enough to send even if you already know.
I didn't know this.....................


**The main difference between http:// and https://xn--6a/; is It's all about keeping you secure**
HTTP stands for HyperText Transport Protocol,

Which is just a fancy way of saying it's a protocol (a language, in a manner of speaking)
For information to be passed back and forth between web servers and clients.
The important thing is the letter "S" which makes the difference between HTTP and HTTPS.

The S (big surprise) stands for "Secure".
If you v isit a website or webpage, and look at the address in the web browser, it will likely
begin with the following: http://.

This means that the website is talking to your browser using the regular 'unsecure' language.
In other words, it is possible for someone to "eavesdrop" on your computer's conversation
with the website. If you fill out a form on the website, someone might see the information
you send to that site.

This is why you never ever enter your credit card number in an http website!
But if the web address begins with https://, that basically means your computer is talking
to the website in a secure code that no one can eavesdrop on.

You understand why this is so important, right?

If a website ever asks you to enter your credit card information, you should automatically
look to see if the web address begins with https://. If it doesn't, there's no way
you're going to enter sensitive information like a credit card number.

Dawg ]:)

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Hey Sleepin'Dawg

by IC-IT In reply to 'http':// vs'https':// in ...

Please edit your title. I (we?) can't open it from the discussions page due to the http:// Start of the title.

I had to come in through your profile-discussions started.

Collapse -

Ditto. No text.

by CharlieSpencer In reply to Hey Sleepin'Dawg
Collapse -

Vee has a secret communique technique ;-) <NT>

by IC-IT In reply to Ditto. No text.
Collapse -

I thought I was just losing it for a minute

by jdclyde In reply to Hey Sleepin'Dawg

then realized, despite having lost it all long time ago, that this issue was not my fault this time.....

Collapse -

Mea culpa. Fixed it now. You could open it, but not if you pointed at......

by sleepin'dawg In reply to Hey Sleepin'Dawg

the start of the line; the http:// seemed to send it off somewhere into the TR ether.

Dawg ]:)

Collapse -

Funny you should post this now

by jdclyde In reply to 'http':// vs'https':// in ...

Because as I was going down my list of skills that should go on a new resume, and which need to be updated, I wondered what has been done with https these days.

Collapse -

Well, yes and no

by JamesRL In reply to 'http':// vs'https':// in ...

I haven't set up any secure sites lately, but back in the day (14 years ago) when I set my first secure site, getting a the cert to make your site SSL secure (https://) was a pretty big deal. Of course by now I'm sure lots of illegitimate sites have ssl too.

But I do make sure if I am logging onto any of my trusted sites, that they are SSL too.

My bank goes one better, and has a list of personal questions they ask me on a random basis. A keylogger would have to capture a number of sessions to be able to break in to my bank account.

I wouldn't trust a site just because they had SSL. But I wouldn't suggest SSL is totally useless either -it is a barrier to script kiddies etc.


Collapse -

Logon from main page

by mschenkel In reply to 'http':// vs'https':// in ...

I see a ton of sites out there where you can logon directly from the site's main page, which is not https. The main page has a "User Name" and "Password" field and Submit button.

Once logged on, however, the page returns back https. Is this initial transfer of user name and password visible for all to see??

Is there a problem with making your entire site SSL enabled? Or does this degrade performance?

Collapse -

Logon only from https page

by kdust111 In reply to Logon from main page

For the bank and credit card sites I visit, I save the page they take you to after you hit the logoff button. All the ones I use provide a different logon page with an https address as opposed to their main page where you can login on a http, non-secure, level.

Collapse -

performance hit for ssl?

by Jaqui In reply to Logon from main page


simply, using https for the entire site adds the overhead of encryption and decryption to both ends of the connection, it does low ANY site down.

The current "best practice" is to use https for all data that is sensitive. logon, credit card, account billing history...

otherwise, stick with http for the content.

edit to add:

Ipersonally think that everything should be via https, even though it is a performance hit, simply because https also stops cross site scripting, records accurate log info about sql injection exploits, kills pharming sites....
essentially destroying most criminal activities online.

Related Discussions

Related Forums