- What are the benefits of using HTTPS over HTTP?
HTTPS means you are tunneling the HTTP through TLS/SSL , which encrypts the HTTP payload. Thus, the advantage is that HTTP requests and responses are reliably transmitted over the wire, for example. Your ISP does not know what you are doing.
- How to use HTTPS?
Enable it on the endpoint, in general, the web server in front of your application server. Most web servers (e.g. IIS, Apache) support this configuration. Depending on your privacy requirements, this may not be enough.
- Can we use HTTPS just for login and then onwords on HTTP?
Technically, this is possible, but it introduces some security risks. Example. After logging in securely, you pass in session identifiers that identify the user. If you pass these session identifiers insecurely (without SSL), session hijacking becomes a risk (โperson in the middleโ)
- What settings need to be done to create an HTTPS website?
See No. 2. In public Internet scenarios, you must request (buy) a certificate from a specific certification authority (CA) so that end-user clients can verify that they must trust your certificate.
- Is there any threat in HTTPS?
In the protocol itself, there is a small risk of man-in-the-middle attacks. For example. a proxy server between the client and the server can claim to be the server itself (this requires a successful attack on the network infrastructure, for example, DNS). There are several other โmore obscure" risks that are not relevant to the protocol itself, for example:
- Using outdated encryption key length (e.g. 256 bits)
- loss of secret keys or inappropriate key management procedures (for example, sending via unencrypted email).
- Certificate Authority malfunction (just see press releases in 2011)
- Does the processing time for HTTPS take longer than HTTP?
Yes, key negotiation (acknowledgment) requires a large processor capacity.
home Dec 04 '11 at 12:20 2011-12-04 12:20
source share