HTTPS stands for HTTP Secure and is a combination of HTTP and SSL/TLS (Secure Sockets Layer/Transport Layer Security) and is used to provide an encrypted connection to a website.
I understand the need for installing SSL certificates and enabling HTTPS on SAAS environments (on-demand) which host public facing websites or enterprise software.
If a customer’s software is hosted on their own server infrastructure (on-premises), obviously behind their own corporate firewall, why would they need to have an encrypted connection to their software?
Answer
Obvious reasons are:
-
most computer fraud is carried out by employees of the organisation, not 3rd parties
-
SSL may be used to authenticate the user
-
SSL authenticates the server and protects against re-routing attacks
-
SSL will also protect against trojans trying to sniff network traffic (obviously won’t provide protection against a trojan which compromises the browser though)
-
it’s cheaper to build in support for SSL when the system is imlpemented rather than add it later when the application is made more widely available
Attribution
Source : Link , Question Author : Animesh , Answer Author : symcbean