HTTPS/VPN

[Chavista]

I don't know if this is the proper forum for this topic, but here goes...

I'm new to both HTTPS and VPN's (virtual private networks), but I just read some articles that intrigue me. I associate HTTPS with secure transactions - like online shopping and application forms that require personal data.

But there are apparently efforts to promote HTTPS for general websurfing. There's even a Firefox HTTPS addon.

I'm also experimenting with a VPN. It's very easy to use, even though I still don't fully understand how it works and what it can do. But my perception is that HTTPS and VPN's both increase security, and the two combined should be even better.

So what do web designers think about these technologies? Do you just use them for online transactions, or do you think it would be appropriate to convert ordinary websites to HTTPS? And how do you make a website HTTPS-compatible in the first place?

Tentatively, I'd like to be able to offer my visitors two choices: "Surf this site in HTTP mode or HTTPS mode." If they choose, the latter, then http://www.mysite.com/cool would automatically default to https://www.mysitecom/cool

How can I do this, and is it a good idea?

One problem that occurred to me is that, if my visitors are using VPN's, then my site presumably wouldn't recognize them as return visitors, wouldn't remember their passwords, etc. That's not a huge issue at this point, because I still haven't set up any of my sites with visitor registration or that type of thing.

Any way, I'm shooting in the dark and would appreciate any comments that might help me understand HTTPS, VPN's and their relevance. Thanks!

[Force Flow]

HTTPS and VPNs are completely different technologies.

Hypertext Transfer Protocol Secure (HTTPS) is a widely used communications protocol for secure communication over a computer network [...]

In its popular deployment on the internet, HTTPS provides authentication of the web site and associated web server that one is communicating with, which protects against Man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. [...]

Historically, HTTPS connections were primarily used for payment transactions on the World Wide Web, e-mail and for sensitive transactions in corporate information systems. In the late 2000s and early 2010s, HTTPS began to see widespread use for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.

Source: http://en.wikipedia.org/wiki/HTTP_Secure

A virtual private network (VPN) extends a private network across public networks like the Internet. It enables a host computer to send and receive data across shared or public networks as if they were an integral part of the private network with all the functionality, security and management policies of the private network.

Source: http://en.wikipedia.org/wiki/Vpn

Put simply, HTTPS is used to browse websites securely, so that 3rd-parties can't access the information being sent between the client and the web server.

Put simply, a VPN allows two separate networks to be connected securely, over the public Internet without 3rd-parties being able to gain access to either network or see the data being transferred over the tunnel (aka, the encrypted connection). For example, a business might enable a VPN connection for their employees in order for them to access the company's network files while offsite or at home.

VPNs are not used with Internet-facing websites. If you host a storefront/ecommerce site, you should not implement a VPN--it is unnecessary, complex for general visitors to use, and just isn't the correct tool to use for websites. You should only be using HTTPS.