As security concerns have become more and more important on the web, there has been a growing movement to make sure that communication between the client and the server is ALWAYS encrypted. There are many reasons for this. For one, encrypted communications are more difficult to spy upon, and more difficult to tamper with in transit. It also means that people feel safer dealing with sensitive data online, including financial transactions, medical information, and private conversations. To varying degrees, secure protocols also help assure the client that they are sending data to the correct recipient as well – after all, there is no such thing as secure communication without verifying the recipient. Encryption on a transport channel is also small, but critical part of the larger security picture – if you can’t trust the data coming in, many other operations on that same data are a bad idea at best.

HTTPS is intended to help protect traffic on the web, both from people spying on it in transit, as well as people who want to tamper with the traffic en route. While this may not sound like a particularly scary problem, it is actually very insidious. If a third party can tamper with data in transit, they can insert false information, or even compromise the client with things like malware. SSL and HTTPS are commonly used on the web to help protect traffic from these threats.

While HTTPS and SSL are not that complicated on a surface level, the implications of them are often not discussed in detail. It’s kind of a shame, really, as they provide a lot of value and are there for good reason. While there is a tremendous amount of depth to these topics, they really aren’t that complex at a surface level, which is where most of us will encounter them. Understanding these basics will help you make sense of a lot of things you encounter while building web-based applications.

Tagged with: , , , , ,