HTTP vs HTTPS

Whether it’s HTTP or HTTPS both are protocol designed to transfer information between computers over WWW (World Wide Web). The main difference comes into play when “S” is attached with the “HTTP.” Simply, HTTP (HyperText Transfer Protocol), does the same thing as HTTPS like transferring information like document, file, image, video between computers over internet, but it is not in an encrypted format, due to this it becomes vulnerable to attacks happens over internet. Apart from this, let see some other differences.

HTTP:

HTTP stands for Hypertext Transfer Protocol. HTTP is a client-server protocol by which two machines communicate using a reliable, connection-oriented transport service such as the TCP. HTTP can be “implemented on top of any other protocol on the Internet, or on other networks“. HTTP only presumes a reliable transport; any protocol that provides such guarantees can be used.” e.g. TCP.

HTTP is stateless. The lifetime of a connection corresponds to a single request-response sequence. The pure HTTP server implementation treats every request as if it was brand-new. HTTP pages are stored on your computer and internet caches. The pages load faster, but they are stored on systems that you potentially don’t have control over e.g.: ISP’s caching proxy. HTTP server, is implemented by Apache HTTP server, Microsoft IIS, Jigsaw, Zope, etc.

Advantage of HTTP:

Its platform independent, which allows straight cross platform porting. No runtime support required to run properly, it can be used over Firewalls! For example Global applications. It’s not connection oriented, there’s no need for network overhead to create and maintain session state and information.

Drawbacks of HTTP:

As I said earlier, it comes with some security concerns, like privacy is not there, anyone can see your content. Integrity is not there, so someone can easily alter with the content. HTTP is insecure as there’s no encryption methods for it. So, it’s subjected towards man in the middle and eavesdropping of sensitive information. There’s no authentication, so you will not have any clear idea with whom you are initiating a communication. Authentication is sent in the clear, anyone who intercepts the request and can know the username and passwords being used.

HTTPS:

HTTPS stands for Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL. In this SSL acts as a sub layer under regular HTTP application layering. HTTPS encrypts an HTTP message prior to transmission and decrypts a message upon arrival. By default, HTTPS uses 443 port, whereas HTTP use port of 80. URL’s beginning with HTTPS indicate that the connection between client and browser is encrypted using SSL.

For example: https://www.abc.com

SSL transactions are negotiated by means of a key based encryption algorithm between the client and the server, this key is usually either 40 or 128 bits in strength, though higher number of bits indicates more secured transaction.

HTTPS or SSL connections are necessary if you have any online store or you do any financial transactions using credit card or online banking or ask for any other sensitive information.

Some of the advantage of HTTPS are like it offers Privacy, Integrity & Authentication which are missing in HTTP based connection. Though it have some drawbacks and they are like, HTTPS server can only provide one “virtual host” behind single socket. HTTPS cannot prevent stealing confidential information from the pages cached on the browser & HTTPS is quite slower compared to HTTP.