Compared with HTTP, how does one make the network more secure?
Users who frequently use browsers to browse Web pages will notice that the opened IP address is usually headers of HTTP or HTTPS. What is the difference between the two? HTTP, or Hypertext Transfer Protocol, is the most widely used network protocol on the Internet. All WWW files must comply with this standard. HTTP was designed to provide a method for publishing and receiving HTML pages. In 1960, American Ted Nelson conceived a method for processing text information through a computer, called hypertext, which became the foundation of the development of the standard architecture of HTTP hypertext Transfer protocol. Although it is currently the most widely used protocol, the HTTP protocol sends content in plaintext mode without any data encryption, which makes this method particularly insecure. If attackers intercept transmission messages between Web browsers and website servers, they can directly read the information. Therefore, HTTP is not suitable for transmitting sensitive information, such as credit card numbers and passwords. Therefore, the HTTPS protocol is designed to solve this problem. It can be called the secure version of the HTTP protocol. Secure Sockets Layer Hypertext Transfer Protocol HTTPS for data transmission security, added the SSL protocol based on HTTP, SSL relies on certificates to verify the identity of the server, and encrypts the communication between the browser and the server. In contrast, the differences between HTTPS and HTTP mainly include the following four points: 1. the https protocol needs to apply for a certificate from the ca. Generally, the free certificate is very small and you need to pay the fee. 2. http is Hypertext Transfer Protocol, information is transmitted in plaintext, and https is a secure ssl encrypted transmission protocol. 3. http and https use completely different connection methods, with different ports. The former is 80, and the latter is 443. 4. The http connection is simple and stateless. the HTTPS protocol is a network protocol built by the SSL + HTTP protocol for encrypted transmission and identity authentication, which is safer than the http protocol. So is HTTPS absolutely secure and there is no risk? The answer is No. Users often misunderstand that "bank users can fully protect their bank card numbers from being stolen by using https protocol online ." In fact, the encrypted connection with the server can protect the bank card number, only the connection between the user and the server itself. It cannot absolutely ensure that the server itself is safe, which has even been exploited by attackers, such as phishing attacks that mimic bank domain names. There has never been absolute security. For example, the Application Analysis Service Company SourceDNA recently reported that there are a large number of ios apps with Https vulnerability risks. Hackers can exploit these vulnerabilities to attack and then use fake security certificates to impersonate them to obtain or tamper with user information.