Encrypted and Non Encrypted HTTP
HTTP is the most important protocol in this web world. It is a stateless protocol which enables connection on demand. HTTPS ( secure HTTP) is essentially HTTP in which communication between client(a web browser) and server (website) is encrypted. HTTP uses port 80 while HTTPS us 443 by default. Should we use HTTPS over HTTP? Yes!. Better you use it.
HTTPS websites can be self signed or a CA ( certificate authority ) signed one. When you access some web sites it prompts some thing like this. authenticity of the server is not verified, some one else may impersonate the website should I continue etc. These kind of messages can happen when the website is configured with a self signed certificate. Any server configured with CA signed certificate will not generate these kind of messages. We will how both of these types work.
Certificate Authority similar to a taxi aggregator(Uber), a trusted organization. A driver not endorsed by taxi aggregator approach you and claim that he is a genuine driver , it is your risk to travel with him. But if a driver is endorsed by taxi aggregator whom you trust, it is relatively secure to travel with. Self signed certificate, like a independent driver’s case, in which website generate the certificate by itself without involving third party. CA signed certificates are generated by third party and installed/configured in the web site and is considered more secure. Both of the above cases data is encrypted. But for self signed certificate authenticity is missing unlike a CA signed certificate.
Why should you not use a non encrypted HTTP communication. Obvious reason, a HTTP communication involves clear text exchange of password and data. Even a malicious packet sniffing software installed in your mobile phone can intercept your communication if you use the mobile phone as a wi-fi hotspot.
More Readings
