Slijede razlike između dviju inačica stranice.
| Starije izmjene na obje strane Starija izmjena Novija izmjena | Starija izmjena | ||
|
racfor_wiki:mrezna_forenzika:sigurnost_https_protokola [2020/01/08 08:05] dsaric [Security issues] |
racfor_wiki:mrezna_forenzika:sigurnost_https_protokola [2024/12/05 12:24] (trenutno) |
||
|---|---|---|---|
| Redak 162: | Redak 162: | ||
| HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). HTTP is one of the most used protocol in the world and is a backbone of the web. HTTPS uses TLS or SSL to encrypt transferred data over computer network. Using encryption over communication channel ensures a private connection. Meaning that no one else with access to this communication channel can't understand data transferred between server and client. A lot of flaws of HTTP are not fixed with HTTPS and they cannot be fixed with improving the protocol further. Rather the protection from exploits is a responsibility the host (web server) in the correct implementation of the protocol. For the implementation of a web server security it is important to know the flaws of HTTPS protocol and keep them in mind while developing. | HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). HTTP is one of the most used protocol in the world and is a backbone of the web. HTTPS uses TLS or SSL to encrypt transferred data over computer network. Using encryption over communication channel ensures a private connection. Meaning that no one else with access to this communication channel can't understand data transferred between server and client. A lot of flaws of HTTP are not fixed with HTTPS and they cannot be fixed with improving the protocol further. Rather the protection from exploits is a responsibility the host (web server) in the correct implementation of the protocol. For the implementation of a web server security it is important to know the flaws of HTTPS protocol and keep them in mind while developing. | ||
| - | HTTPS protocol and its underlying security protocol TLS is continually being improved as more and more attacks are being discovered. A lot of mentioned flaws of HTTPS are patched in newer versions, but they must be considered as the older systems still run on flawed protocols. Furthermore, | + | HTTPS protocol and its underlying security protocol TLS are continually being improved as more and more attacks are being discovered. A lot of mentioned flaws of HTTPS are patched in newer versions, but they must be considered as the older systems still run on flawed protocols. Furthermore, |
| HTTPS protocol is a perfect example that software developers can never say they developed a bug free code, rather a code without any bugs discovered. They should always strive to write a manageable code rather than a bug free one. | HTTPS protocol is a perfect example that software developers can never say they developed a bug free code, rather a code without any bugs discovered. They should always strive to write a manageable code rather than a bug free one. | ||
| + | |||
| ===== Sources ===== | ===== Sources ===== | ||