Malicious hijacking of traffic

  • The situation a

When to enter a site address, the back will automatically jump parameters.

  • Scene two

These are the usual lower-right ads (not the normal ads on a website).

  • Scenario 3

When your phone visits the web, the carrier will place ads based on your UA (UserAgent).

Do not know see an officer, whether encounter afore-mentioned problem?

HTTPS is the trend

Google has been the most aggressive in pushing HTTPS technology around the world.

Taobao, HTTPS.

Jd, HTTPS.

Amazon, HTTPS.

.

Valuing HTTPS is an obligation and a responsibility.

Risks of not using HTTPS

  • Eavesdropping: A third party may learn the contents of communications.
  • Tampering risks: Third parties may modify communications.
  • Impersonation risk (pretending) : Third parties can impersonate others to participate in communications.

Differences between HTTP and HTTPS



The HTTP request





HTTPS requests


  • HTTP urls start with http://, while HTTPS urls start with https://.
  • HTTP is not secure and HTTPS is secure.
  • The standard HTTP port is 80, and the standard HTTPS port is 443.
  • HTTP does not require encryption, whereas HTTPS encrypts the transmitted data.
  • HTTP does not require a certificate, whereas HTTPS requires an authentication certificate.

What functions does HTTPS meet?

  • Server-side authentication (where clients know they are talking to a real server, not a fake one).
  • Client authentication (servers know they are talking to a real client, not a fake one).
  • Integrity (server and client data will not be modified).
  • Encryption (client and server conversations are private without fear of eavesdropping).
  • Efficiency (an algorithm that runs fast enough for low-end clients and servers to use).
  • Universality (virtually all clients and servers support subprotocols).
  • Scalability (anyone, anywhere, can instantly communicate securely).
  • Adaptability (ability to support the best known security methods of the day).
  • Feasibility in society (to meet the political and cultural needs of society).

The disadvantage of the HTTPS

  • The cost is a bit high (money cost, technology cost).

  • Because HTTPS is a much more complex access process than HTTP, using HTTPS may adversely affect the loading speed of a website in some scenarios.

To improve web page performance, you are not advised to use a digital certificate with high security in scenarios that do not require high security.

Generally, a 1024 – bit certificate is sufficient. 2048 – bit and 4096 – bit certificates prolong the TIME of SSL handshake.

Free Certificate Platform

  • StartSSL
  • Wosign Wosign
  • NameCheap

Recommendation of related algorithms

  • PHP uses asymmetric encryption algorithm (RSA)
  • Data encryption technology and key security management

Those interested in the details of the HTTP protocol can read the Definitive GUIDE to HTTP.

Chrome will mark all sites that do not have HTTPS enabled as unsafe starting in January 2017.


Thanks ~



IT small circles