Definition

HTTPS (HTTP over SSL or HTTP Secure)

HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS was developed by Netscape.

HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. Unless a different port is specified, HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.

Suppose you visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sublayer.

The effectiveness of HTTPS can be limited by poor implementation of browser or server software or a lack of support for some algorithms. Furthermore, although HTTPS secures data as it travels between the server and the client, once the data is decrypted at its destination, it is only as secure as the host computer. According to security expert Gene Spafford, that level of security is analogous to "using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box."

HTTPS is not to be confused with S-HTTP, a security-enhanced version of HTTP developed and proposed as a standard by EIT.

Getting started with HTTPS
To explore how HTTPS is used in the enterprise, here are some additional resources for learning about HTTPS and Web page security:
Enabling HTTPS in J2EE Web components: The HTTPS protocol is a valuable security feature for J2EE Web components. Expert Ramesh Nagappan explains how to implement HTTPS in JSPs and servlets.
Authentication and authorization for Web applications: Web applications need robust authentication and authorization mechanisms, such as HTTPS. Expert Ramesh Nagappan explains what measures are needed before you deploy Web apps.
How to create a secure login page using ASP.NET: A secure ASP.NET login page is easier to create than one might assume. Expert Dan Cornell explains how to use authentication, authorization and HTTPS to ensure your login page is safe.

Contributor(s): Mark Sharpe
This was last updated in August 2008
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSoftwareQuality.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

  • Scaling Agile software development: Challenges and solutions

    Software consultant Nari Kannan describes how agile practices and work can be scaled appropriately for success in large organizations. Using lean thinking, reduction of waste, and appropriately organizing work and people, agile can be successfully adapted, regardless of the size of the organization.

  • Rise in hidden software glitches caused by programmer retirements

    Undiscovered software glitches in complex systems are common, and one of the primary drivers is the loss of mainframe knowledge of a retiring workforce. Software glitches are lurking in many large systems, particularly mainframe systems, and the COBOL programmers that understand the code best are retiring, according to Jeff Papows, author of the new book, "Glitch - The hidden impact of faulty software." Papows describes how faulty software caused a huge charge to debit card holder's account and why such mistakes are on the rise in this interview. Papows notes the three most pressing drivers for software glitches: loss of intellectual knowledge, market consolidation and the ubiquity of technology

  • How important are SQL skills for a tester?

    Karen Johnson explains the situations in which SQL skills are important for a software tester as well as times when the expertise is not required.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: