HTTPS : does simply making my web page HTTPS encrypt all the data sent between server and client?

Question

0.00/5 (No votes)

See more:

Let's suppose I have a SPA (single page app) which is set up on an IIS web server -- or any really -- which can only be accessed via HTTPS.

Does that simply mean that all data then that is sent between the client and server are now encrypted via HTTPS?

If that's true, can you provide an idea of how that works. So, suppose data is posted from the client then it is automatically encrypted and only sent after that?

Then, in turn, does that mean the data sent back from the web site is also encrypted?

Here's what I'm driving at:
I want to make an application which allows someone to type in a base64 encoded character string, which represents an encrypted string. Then when the server gets the string it will decode it (from base64) then decrypt the value and send it back to the user.

However, at that point the string is decrypted. Is it then encrypted by the web server via HTTPS automatically?

Also, have you ever set up an HTTPS web site or page?
Can you use a self-signed cert or will the user see all that ugliness that it isn't signed, thus possibly making them worry?

Lot's of questions. I appreciate any help you offer.
Thanks

Posted 15-Feb-15 9:03am

newton.saber

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Kornfeld Eliyahu Peter · Accepted Answer · 2015-02-15T09:34:00

If HTTPS used that means that under (before) the HTTP transfer there is a secure layer (SSL or TLS). These methods are using a public/private key pair to make the encryption possible. The method ensures that no-one sitting on the lines can read the transferred data... (HTTPS[^]).
If you are creating a Base64 encoding of a previously encrypted data it still will be encrypted (a second time) by the secure layer included in HTTPS, however you usually do not see that encryption as it is removed by the web server (IIS) before the data sent to you. But! if you unpack and decrypt the data on the server and send back, it will be again encrypted by the HTTPS...
In the company I work for we develop a web site (some portals) that can be used with or without HTTPS - it is up to the client...however we have parts - payment related - where we force the client to use HTTPS (and from that you can understand that HTTPS can be used only for a part of your site and not for all)...
In the internet there is lot of fake and fraud, so you better not to use self signed site - that will not be accepted nicely by a majority of users, but if your customers (users) of the site are people knowing and trusting you, there is nothing wrong to sign your own site...Self-sign sites are also very good for testing and development...