HTTPS
Home > Software Quality Definitions - HTTPS
SearchSoftwareQuality.com Definitions (Powered by WhatIs.com)
EMAIL THIS
LOOK UP TECH TERMS Powered by: WhatIs.com
Search listings for thousands of IT terms:
Browse tech terms alphabetically:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #

HTTPS


Word of the Day


DEFINITION - HTTPS (HTTP over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well as the pages that are returned by the Web server. The use of HTTPS protects against eavesdropping and man-in-the-middle attacks. HTTPS was developed by Netscape.

HTTPS and SSL support the use of X.509 digital certificates from the server so that, if necessary, a user can authenticate the sender. Unless a different port is specified, HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.

Suppose you visit a Web site to view their online catalog. When you're ready to order, you will be given a Web page order form with a Uniform Resource Locator (URL) that starts with https://. When you click "Send," to send the page back to the catalog retailer, your browser's HTTPS layer will encrypt it. The acknowledgement you receive from the server will also travel in encrypted form, arrive with an https:// URL, and be decrypted for you by your browser's HTTPS sublayer.

The effectiveness of HTTPS can be limited by poor implementation of browser or server software or a lack of support for some algorithms. Furthermore, although HTTPS secures data as it travels between the server and the client, once the data is decrypted at its destination, it is only as secure as the host computer. According to security expert Gene Spafford, that level of security is analagous to "using an armored truck to transport rolls of pennies between someone on a park bench and someone doing business from a cardboard box."

HTTPS is not to be confused with S-HTTP, a security-enhanced version of HTTP developed and proposed as a standard by EIT.

Getting started with HTTPS
To explore how HTTPS is used in the enterprise, here are some additional resources for learning about HTTPS and Web page security:
Enabling HTTPS in J2EE Web components: The HTTPS protocol is a valuable security feature for J2EE Web components. Expert Ramesh Nagappan explains how to implement HTTPS in JSPs and servlets.
Authentication and authorization for Web applications: Web applications need robust authentication and authorization mechanisms, such as HTTPS. Expert Ramesh Nagappan explains what measures are needed before you deploy Web apps.
How to create a secure login page using ASP.NET: A secure ASP.NET login page is easier to create than one might assume. Expert Dan Cornell explains how to use authentication, authorization and HTTPS to ensure your login page is safe.

CONTRIBUTORS: Mark Sharpe
LAST UPDATED: 15 Aug 2008

Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com

More resources from around the web:
- Wikipedia has an entry about HTTPS.





FILE EXTENSION AND FILE FORMAT LIST
File Extension and File Format List:
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z #






Software Quality - HTTPS Articles
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts