Hello guest, if you read this it means you are not registered. Click here to register in a few simple steps, you will enjoy all features of our Forum.
Rules have been updated! Here

Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
to prefer over why https you http have do

Why do you have to prefer HTTPS over HTTP
#1
These two transfer protocols allows communication between different systems. The difference between HTTPS and HTTP is that HTTP isn't encrypted(in the case you want to know more https://www.aiowares.com/showthread.php?tid=1537). 

HTTPS supports SSL a certificate used to encrypt the data that is sent and decrypt the data received, instead HTTP send the data unencrypted, making HTTP more vulnerable to MITM(Man In The Middle) attacks. MITM is an attack where the attacker secretly relays and possibly alters the communications between two systems.

Let's say you're buying something from a e-commerce site and someone is trying to steal your credit card information, in the case you use the HTTP version, the attacker will see all the information in clear, instead using HTTPS the attacker will receive only encrypted data, making the attack more complicated or even impossible.

I'm not saying that HTTPS is flawless, everything has a flaw, it's only a matter of time.
The use of an insecure encryption algorithm can render the protocol useless.


Maybe you'll end with the question: "How can I force the browser to use the HTTPS when available?"
Well, there is a plugin that redirects you to the HTTPS version where available:
Code:
https://www.eff.org/https-everywhere
Portables and Repacks Workbench
DON'T SHARE MY LINKS OUTSIDE AiOWARES
PM ME FOR A RE-UPLOAD
[-] The following 4 users say Thank You to Bl4ckCyb3rEnigm4 for this post:
  • BALTAGY, nsan3, Snuffy1942, TanMan
Reply
#2
Thanks for the short but clear write up on how http and https works. I think this will make the people that didn't know before start enforcing htttps on their sites and servers.
[-] The following 1 user says Thank You to deadmeme for this post:
  • Bl4ckCyb3rEnigm4
Reply
#3
Frankly, if any website loads as http and doesn't force me over to https, then I'm already concerned about their security enough to walk away
[-] The following 1 user says Thank You to Lewis3545 for this post:
  • Snuffy1942
Reply
#4
https is so simple to configure nowadays. If your site uses http instead of https it's just being lazy instead of lacking technical skill
Reply
#5
Let's Encrypt has been a sea change for allowing people to freely HTTPS their websites and services.  Last year it allowed me to switch mine over to HTTPS.  There is a docker image called CADDY that makes it even more convenient than doing it with NGINX etc.
Reply
#6
There's some compression algorithms that only run on most recent versions of SSL/TLS, so even for static websites, it ends up paying off to use HTTPS because it will have faster transfer speeds.
Reply
#7
(03-30-2021, 04:52 AM)iseeyo Wrote: Thank you for sharing 67
use the "Add Thank You" button instead of replying with "Thanks, "Thank you" or any simlilar reply.
I suggest to read the forum rules here: https://www.aiowares.com/showthread.php?tid=2
Also read the topic about member ranks here: https://www.aiowares.com/showthread.php?tid=420

unneccessary reply removed
[Image: XeGouw2s_o.png]
[-] The following 1 user says Thank You to Skunk1966 for this post:
  • iseeyo
Reply
#8
There are a couple of sites that I visit which does not enforce 'https' , what is mean is, imagine if I add the URL like 'http://abcd.com' , it progresses through.
I hate this because the same website does have the 'https' protocol , which is in my imagine way safer than the 'http' one.
Reply
#9
Let's Encrypt has done a big change to the internet, that is for sure. But the biggest problem of Let's Encrypt's certificates is that most normal people see that little green secure lock at the address bar, they tend to think the website is legit and without any problem. Let's Encrypt has issued a lot of certificates, but has done too little explaining https is not risk free.
Reply
#10
Just saying that Firefox already has a "force HTTPS connection everywhere" setting. Works pretty good.
[-] The following 1 user says Thank You to boxesofkittens for this post:
  • misterbull
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)