Bohack

It has become culture to prepend the http:// prefix in front of a URL. In fact if you type the URL in most web browsers and hit ctrl-enter, the browser will prepend the http:// in front of the URL. The HTTP (Hypertext Transfer Protocol) works on port 80 TCP and is defined in RFC 2616. Since HTTP language is clear text over port 80 TCP that means that forms authentication will travel over clear text and can be intercepted. So it is recommended that HTTPS (Hypertext Transfer Protocol over Secure Socket Layer) be used to encrypt the session with SSL. HTTPS or SSL works over port 443 TCP and requires a private certificate be installed from a browser trusted Certificate Authority (out of the scope of this article).

(more…)