The English expression Hypertext Transport Protocol Secure , which can be translated as Secure Hypertext Transfer Protocol , gave rise to the acronym HTTPS , frequently used in the field of computing. This is a secure version of HTTP .
To understand what HTTPS is, therefore, it is important to know what the idea of HTTP alludes to. This is the name given to a communication protocol that allows the transmission of information through the World Wide Web (the system formed by documents intertwined over the Internet ).
HTTP , therefore, establishes the rules so that communication can develop on the Web . The communication scheme is based on the requests that a client (the web browser) makes to a server (the computer that hosts the web pages), which delivers responses to said requests. When the session is completed successfully, the user obtains the presentation of the text, images and the rest of the contents of a page in their browser.
What HTTPS does is develop an encrypted channel to protect the information that is sent and received on the Web. This protection means that, if an attacker manages to intercept the data transfer, they will not access the information itself, since it is encrypted (transcribed according to a key ).
Specifically, we can establish that data sent via HTTPS is very secure because it is protected by the Transport Layer Security protocol, which also goes by the name TLS. The latter, exactly, is based on what are three layers of security:
* Data integrity : prevents inconsistency problems between what is sent and what is received from going unnoticed. For example, damage or modifications that occur throughout the process, whether intentional or accidental;
* that of encryption : it means that the data exchanged in a transfer is encrypted with the clear objective that it cannot be seen or interpreted by any user, although hackers sooner or later manage to bypass these security measures;
* authentication : it is the layer that ensures that users come into contact with the desired web space. It is very important because it not only conveys security and trust to users but also because it helps protect them from certain attacks, such as man-in-the -middle attacks .
The latter are also known by the name MitM (from the English man in the middle ) or Janus . In short, whoever executes them obtains the right to read and modify other people's data on a network , after intercepting a message that is not addressed to them. One of the least complex cases involves connecting to a Wi-Fi network that, due to the carelessness of its owner, has not been protected.
More sensitive data, such as passwords and usernames , are typically transferred using HTTPS . You can tell which communication protocol is being used by looking at the URL in the browser 's navigation bar: if it's HTTPS , the address will start with https:// . Otherwise, if HTTP is in use, it will start with https:// (without the S for "Secure" ).
When implementing the HTTPS protocol in question, it is indicated that it is necessary to adopt measures or practices such as ensuring transport security, using security certificates that turn out to be powerful and using what are 301 server redirects. All this without overlooking the fact that errors must be avoided such as having indexing problems, having expired certificates or having incompatibility with the SNI. If there is an inconsistency, the user receives a notification from their browser to evaluate the security of the page before opening it or continuing to browse it.