Chef
In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protectsagainst Man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging thecontents of the communication.[1] In practice, this provides a reasonable guarantee that one is communicating with precisely the web site that one intended to communicate with (as opposed to an impostor),as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
Because HTTPS piggybacks HTTP entirely on top of TLS, the entirety ofthe underlying HTTP protocol can be encrypted. This includes the request URL (which particular web page was requested), query parameters, headers, and cookies (which often contain identity informationabout the user). However, because host (web site) addresses and port numbers are necessarily part of the underlying TCP/IP protocols, HTTPS cannot protect their disclosure. In practice this means thateven on a correctly configured web server eavesdroppers can still infer the IP address and port number of the web server (sometimes even the domain name e.g. www.example.org, but not the rest of theURL) that one is communicating with as well as the amount (data transferred) and duration (length of session) of the communication, though not the content of the communication.[citation needed]...
Regístrate para leer el documento completo.