You may have noticed websites like Google and Facebook are now using https or SSL, now so are we!
What is HTTPS? by Greg Hyer
HTTPS is the acronym for Hypertext Transfer Protocol Secure. It is a protocol used for secure communications over a computer network, like the internet. Communication over HTTPS are encrypted between the client and the server so eavesdroppers don’t listen in, no one tampers with the data, and your website data isn’t forged.
What is SSL?
SSL is the acronym for Secure Socket Layer and is often used interchangeably with the term TLS – Transport Layer Security. Both are cryptographic protocols that help encrypt communications over a computer network. Typically, if a website wanted to encrypt the transmission of its data between the server and the client, they would purchase an SSL certificate that contains an encryption key that is placed on the server.
Why should you care about HTTPS and SSL?
This gets back to the three reasons why Google is calling for all websites to switch to HTTPS. In order to access most websites, the URL usually begins with “HTTP.” This is the unsecured version of the protocol that transfers data between the web server and the browser on your computer or smartphone. Remember that fear you had of using your credit card online? Well, it’s not just credit cards that are of interest.
Google sees three reasons for securing your website with HTTPS and SSL. They are “Authentication,” “Data Integrity,” and “Encryption.” These three reasons speak to a number of issues that have come up when it comes to communications over the web.
Authentication addresses the issue of verifying the ownership of your website. Believe it or not, there are people out there that make replicas of websites and divert traffic to it in an effort to steal from you. Most people know that they need to check for the Green Lock in their browser before entering personal information into the website. You can go one step further and verify the SSL certificate to make sure it belongs to the website you’re on.
Data Integrity speaks to whether or not the data on the site has been tampered with while it’s in transit. If someone know’s what they are doing and your website is not secure, they can tamper with the data transmitted from your server back to the client. The form submission that the client just sent could go to the hacker and not to you.
Encryption refers to the security of communications between the client and the server so that no one else can read them. This is a key point for commercial websites. While it’s extremely important to encrypt the communications on an ecommerce website, it’s equally important to encrypt the data submitted using forms.