The term HTTPS is an acronym for hypertext transfer protocol secure. The acronym precedes the URL in a website address. Few people are aware of its meaning. While HTTPS is almost an exact copy of the normal hypertext transfer protocol, this version of it is different because the “S” at the end identifies it as having a secure HTTP connection. A HTTPS connection is used frequently in businesses where sensitive information, such as social security numbers and credit card numbers, are being passed along at point of purchase sites or bill pay sites. The hypertext transfer protocol securegives assurance that hackers are not able to intercept the message containing sensitive data as it heads to the server.
To understand the HTTPS protocol, it is important to understand that HTTPS is not a separate protocol from HTTP. It is simply a secure variation. Sending messages via an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) connection gives users a reasonable amount of protection from eavesdroppers and intermediary attacks that can siphon important information or gain access to particular private servers. The HTTPS URL may specify a TCP port, but if it does not, most HTTPS connections use port 443 while regular HTTP use port 80. To prepare a server for HTTPS commands, the server must have a public key certificate issued for verification of the entity. Organizations may run their own version of certificate authority, to be doubly sure before sending HTTPS commands, especially with very sensitive information. It is then that HTTPS command is sent, so that there is no question as to who is receiving the information.
While HTTPS commands are a good idea for secure transfers, there are also certainly limits to what HTTPS can do. The level of protection that a HTTPS provides is dependent upon correctness of implementation by the web browser, the server software, and the cryptographic algorithms that are supported. HTTPS only provides protection for eavesdropping and man-in-the-middle attacks. When the information reaches the server or computer it is directed to, the information is then only as secure as that particular server or computer. If the implementation by the web browser, server software, and cryptographic algorithms is not correct, it is then possible for the information to be siphoned.
Most casual users of the Internet understand that HTTPS at the beginning of any URL in the address bar means that the connection is secure. This is a practical way for people who are unfamiliar with the dangers of hackers and other problems to be aware that they are using a secure messaging system. It is also frequently recommended, even on web pages, that people who do not see HTTPS at the beginning of the URL in the address bar should not enter any sensitive information, not only to protect the visitor to the website, but to protect the website’s reputation as well.