http vs https

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Please excuse my ignorance here, but what is the difference between http and https?
The reason I am asking is that lately a couple of people have said that they haven't joined the forum because of the connection not being secure.

Is it a security certificate ensuring the site is secure? Is it worth getting or is there a cost involved?

Question for all the IT minded people out there.

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
Pauly5 Members Profile Send Private Message Find Members Posts Add to Buddy List Forum Moderator Joined: 11 Mar 2013 Location: Titahi Bay Status: Offline Posts: 1646	Post Options Post Reply Quote Pauly5 Report Post Thanks(0) Quote Reply Topic: http vs https Posted: 4 hours 16 minutes ago at 7:44am
	Please excuse my ignorance here, but what is the difference between http and https? The reason I am asking is that lately a couple of people have said that they haven't joined the forum because of the connection not being secure. Is it a security certificate ensuring the site is secure? Is it worth getting or is there a cost involved? Question for all the IT minded people out there.

Loud_Whisper Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 29 Sep 2024 Location: Auckland Status: Offline Posts: 17	Post Options Post Reply Quote Loud_Whisper Report Post Thanks(0) Quote Reply Posted: 3 hours 21 minutes ago at 8:39am
	Yeah, the S literally stands for secure. Pretty uncommon to see anything with HTTP still these days. Also FWIW because it's well enough documented online, this is one of the things that chat gpt etc is "less terrible" at answering, if you want a more in depth (and maybe 90~% accurate) answer. Edited by Loud_Whisper - 3 hours 20 minutes ago at 8:40am

nunga Members Profile Send Private Message Find Members Posts Visit Members Homepage Add to Buddy List Admin Joined: 09 Mar 2013 Location: Pukekohe Status: Offline Posts: 1073	Post Options Post Reply Quote nunga Report Post Thanks(0) Quote Reply Posted: 3 hours 10 minutes ago at 8:50am
	https is a secure connection which you would use when using credit cards for buying stuff online. it creates a two way secure connection between the server and the users browser. Since this site doesnt use any of that and i dont have 3rd party ads or anything like that i have never bothered to even look at changing over to https. And for the extra monthly costs involved at my end i do not feel like this site needs it. But i could have another look at it if there were genuine concerns from the current users.
	2nd place HP springer - WFTF World Championships 2014

Pauly5 Members Profile Send Private Message Find Members Posts Add to Buddy List Forum Moderator Joined: 11 Mar 2013 Location: Titahi Bay Status: Offline Posts: 1646	Post Options Post Reply Quote Pauly5 Report Post Thanks(0) Quote Reply Posted: 2 hours 60 minutes ago at 9:00am
	That makes sense. So really only needed if there are additions for money transactions or directing to sites from adverts that lead to transactions. A guy said his laptop won't let him connect due to that, but he uses it for work and his settings are doing that. I know my work pc always comes up with the alert that it's not secure, but I've never worried about it. What does it cost per month?

-Ec Members Profile Send Private Message Find Members Posts Add to Buddy List Groupie Joined: 02 Sep 2025 Location: Matamau Status: Online Posts: 30	Post Options Post Reply Quote -Ec Report Post Thanks(0) Quote Reply Posted: 2 hours 51 minutes ago at 9:09am
	http is standard hypertext protocol and all data is sent across the internet in plain text and https is secure hypertext protocol and all data is sent across the internet encrypted. https does require a certificate for both verifying the site for the initial connection and encrypting all the information sent between the device the user has and the web server hosting the sight. In general, the certificate has to be generated\created by a recognized certificate authority (CA) and usually there are costs involved. While there are a few free public CAs these certificates are only valid for a relatively short period of time - usually less than 3 months before they need to be renewed. In most cases you can set up an automated process to renew the certificate before it expires. However this would require a level of access to the backend system the forum is running on that I suspect you don't have. Most "modern" web browsers warn if the site is not using https which can put people off using the site but I believe you need to look at the big picture. In order to "see" the data going between your device and the web server someone has to be able to get in between your device and the web server. If you are having coffee in a café and using their free wifi it is trivial for someone else to set up a device to capture all the data going across the café wifi. Of course this will include everyone else on the wifi, not just you. If you are at home using your wifi is it not so easy for someone to capture your data. However what are they going to get from this anyway? Other than your initial log on to the site which will include you password (you don't use the same password everywhere do you!) the only stuff they will get is the stuff that is on the site that anyone can already view as a guest user anyway - I don't see a problem with this - do you? For a bit more info on certificates in general and how one of the "free" public CA's work check out How It Works - Let's Encrypt FWIW the UK airgun forum uses Let's Encrypt for their site. Edited by -Ec - 2 hours 46 minutes ago at 9:14am
	Regards -Ec