Chapter 03 · 07

HTTPS and the padlock

You've seen the little padlock in the address bar. It means the connection is using HTTPS — HTTP wrapped in a layer of encryption called TLS.

Plain HTTP sends everything as readable text. Anyone sitting between you and the server — on shared Wi-Fi, say — could read your password as it goes by, like a postcard anyone in the mail chain can read. HTTPS seals the conversation in an envelope only you and the server can open. The padlock confirms two things:

Privacy — nobody in the middle can read what you send.
Identity — you're really talking to the server you think you are, not an imposter.

The practical rule is short: real apps use HTTPS, always, with no exceptions. Anything handling logins or payments over plain HTTP is broken by design.

Want it offline?

Get the PDF + EPUB + downloadable prompt library + version updates.

$ Get the PDF — $39 →