HTTP与HTTPS的区别 HTTPS请求过程
2012-02-10 22:46
861 查看
This may sound silly to technophiles, but plenty of people don’t understand how secure Web sites work.
People often ask how they can shop on a Web site, giving out personal information, and feel even remotely safe? After all, you’re sending identifying data, without guide or guard, into the vast expanse of cyberspace. Expecting your data to arrive at the right place at all, let alone safely, seems like putting your faith in a miracle. How does it work? The secret lies in a trusted third party and good encryption.
The HyperText Transfer Protocol is an application layer protocol, which means it focuses on how information is presented to the user of the computer but doesn’t care a whit about how data gets from Point A to Point B. It is stateless, which means it doesn’t attempt to remember anything about the previous Web session. This is great because there is less data to send, and that means speed. And HTTP operates on Transmission Control Protocol (TCP) Port 80 by default, meaning your computer must send and receive data through this port to use HTTP. Not just any old port will do.
Secure HyperText Transfer Protocol (HTTPS) is for all practical purposes HTTP. The chief distinction is that it uses TCP Port 443 by default, so HTTP and HTTPS are two separate communications. HTTPS works in conjunction with another protocol, Secure Sockets Layer (SSL), to transport data safely. Remember, HTTP and HTTPS don’t care how the data gets to its destination. In contrast, SSL doesn’t care what the data looks like. People often use the terms HTTPS and SSL interchangeably, but this isn’t accurate. HTTPS is secure because it uses SSL to move data.
With HTTPS, the story is quite the same. But when security is a must, HTTPS differentiates one sender and receiver from another. SSL takes the data, going or coming, and encrypts it. This means that SSL uses a mathematical algorithm to hide the true meaning of the data. The hope is that this algorithm is so complex it is either impossible or prohibitively difficult to crack.
The encryption begins when the owner of the Web site purchases a time-sensitive certificate from a trusted certificate authority such as VeriSign. You can get a certificate anywhere, or even make your own, but is it trusted? Your browser will let you know. This certificate is a security code created specifically for that one user, or even for that one Web site. The code is so complex that no one else on Earth should have a duplicate.
Getting a certificate can be an involved task. All types of information must be recorded so the issuer of the certificate can be a reliable authority on the certificate’s owner. Information that must be provided includes the name of the site and even the name of the server that hosts the site. Complexity makes counterfeiting incredibly difficult.
This makes the issuer a trusted third party. When your browser sees the secure Web site, it uses the information in the certificate to verify that the site is what it claims to be. Browsers commonly indicate security by presenting a picture of a shiny closed lock at the bottom of the screen. This process is not always perfect because of human error. Maybe 53.com is a valid banking site, but53RD.com is not. We call that phishing. Unscrupulous people phish for careless people. So be cautious. After the identity of the Web site is accepted, the encryption is negotiated between the browser and the Web server, and the data is all but locked up tight.
Knowing the difference between HTTP and HTTPS can help users buy with confidence and help businesses get started in electronic commerce.
转自:http://www.biztechmagazine.com/article/2007/07/http-vs-https 作者:Jeremy Dotson
People often ask how they can shop on a Web site, giving out personal information, and feel even remotely safe? After all, you’re sending identifying data, without guide or guard, into the vast expanse of cyberspace. Expecting your data to arrive at the right place at all, let alone safely, seems like putting your faith in a miracle. How does it work? The secret lies in a trusted third party and good encryption.
The HyperText Transfer Protocol is an application layer protocol, which means it focuses on how information is presented to the user of the computer but doesn’t care a whit about how data gets from Point A to Point B. It is stateless, which means it doesn’t attempt to remember anything about the previous Web session. This is great because there is less data to send, and that means speed. And HTTP operates on Transmission Control Protocol (TCP) Port 80 by default, meaning your computer must send and receive data through this port to use HTTP. Not just any old port will do.
Secure HyperText Transfer Protocol (HTTPS) is for all practical purposes HTTP. The chief distinction is that it uses TCP Port 443 by default, so HTTP and HTTPS are two separate communications. HTTPS works in conjunction with another protocol, Secure Sockets Layer (SSL), to transport data safely. Remember, HTTP and HTTPS don’t care how the data gets to its destination. In contrast, SSL doesn’t care what the data looks like. People often use the terms HTTPS and SSL interchangeably, but this isn’t accurate. HTTPS is secure because it uses SSL to move data.
Going Through the Process
With HTTP, you sit at your browser and interact with data. HTTP’s job is to present that data to you, and browsers are the means of doing so. Mozilla’s Firefox browser, for example, understands HTTP instructions and arranges the data as the site’s designer intended. The browser knows what to do when you click. It uses HTTP to do this. But HTTP cannot do much beyond that. How the data travels from Point A to Point B, or even if it travels at all, is none of HTTP’s concern. This is a great compromise if you want speed and elegance and couldn’t care less about security. One does not require security to view BizTech’s latest online articles, for instance.With HTTPS, the story is quite the same. But when security is a must, HTTPS differentiates one sender and receiver from another. SSL takes the data, going or coming, and encrypts it. This means that SSL uses a mathematical algorithm to hide the true meaning of the data. The hope is that this algorithm is so complex it is either impossible or prohibitively difficult to crack.
The encryption begins when the owner of the Web site purchases a time-sensitive certificate from a trusted certificate authority such as VeriSign. You can get a certificate anywhere, or even make your own, but is it trusted? Your browser will let you know. This certificate is a security code created specifically for that one user, or even for that one Web site. The code is so complex that no one else on Earth should have a duplicate.
Getting a certificate can be an involved task. All types of information must be recorded so the issuer of the certificate can be a reliable authority on the certificate’s owner. Information that must be provided includes the name of the site and even the name of the server that hosts the site. Complexity makes counterfeiting incredibly difficult.
This makes the issuer a trusted third party. When your browser sees the secure Web site, it uses the information in the certificate to verify that the site is what it claims to be. Browsers commonly indicate security by presenting a picture of a shiny closed lock at the bottom of the screen. This process is not always perfect because of human error. Maybe 53.com is a valid banking site, but53RD.com is not. We call that phishing. Unscrupulous people phish for careless people. So be cautious. After the identity of the Web site is accepted, the encryption is negotiated between the browser and the Web server, and the data is all but locked up tight.
Knowing the difference between HTTP and HTTPS can help users buy with confidence and help businesses get started in electronic commerce.
转自:http://www.biztechmagazine.com/article/2007/07/http-vs-https 作者:Jeremy Dotson
相关文章推荐
- (春招面试)http和https区别,https在请求时额外的过程,https是如何保证数据安全的
- HTTP请求响应过程以及与HTTPS区别
- HTTP请求响应过程 与HTTPS区别
- HTTP请求响应过程以及与HTTPS区别
- HTTP与HTTPS的区别 HTTPS请求过程
- HTTP请求响应过程 与HTTPS区别
- HTTP请求的过程&HTTP/1.0和HTTP/1.1的区别&HTTP怎么处理长连接
- JAVA发送Https请求(HttpsURLConnection和HttpURLConnection)区别
- HTTP与HTTPS的区别以及代码实现请求
- Android中HttpClient请求https的验证过程
- http请求过程、POST和GET的区别
- 转:HTTP请求的过程&HTTP/1.0和HTTP/1.1的区别&HTTP怎么处理长连接
- http 和 https 的请求区别
- https和http 调用过程中请求头 referrer 获取不到的问题
- iOS开发工具-如何使用网络封包分析工具Charles,通过配置proxy对http、https、tcp、udp 等协议的请求响应过程交互信息进行分析、判断、解决我们移动开发中的遇到的各种实际问题。
- http以及https请求的连接过程
- HTTP请求的过程&HTTP/1.0和HTTP/1.1的区别&HTTP怎么处理长连接
- HTTP与HTTPS不同请求的区别
- IHttpModule与IHttpHandler的区别和http请求处理过程,ihttpmodule,ihttphandler 处理流程
- Http请求过程中,get和post请求方式的区别