Web (HTTP/HTTPS) - Medical Engineering

1. Definition

HTTP (HyperText Transfer Protocol) is the language used by web browsers and servers to communicate. HTTPS is the secure version, where communication is encrypted to protect privacy and data integrity.

2. Key Details

HTTP is a request-response protocol: your browser sends a request (e.g., "GET me the homepage"), and the server replies with the page content.
HTTPS adds a layer of encryption (SSL/TLS) so that anyone intercepting the traffic cannot read it.
Common HTTP methods: GET (retrieve), POST (submit form), PUT (update), DELETE (remove).

3. What Happens Under the Hood When You Visit a Website?

Your browser checks its cache for the IP of the domain; if not found, it asks DNS (previous chapter).
It opens a TCP connection to the server (port 80 for HTTP, 443 for HTTPS).
For HTTPS, a TLS handshake occurs to establish a secure channel.
The browser sends an HTTP request (e.g., GET /index.html).
The server processes the request and sends back an HTTP response with a status code (200 OK, 404 Not Found, etc.) and the content.
Your browser renders the page and fetches additional resources (images, CSS, JavaScript) using more requests.

4. Advantages & Disadvantages

HTTP	HTTPS
Faster (no encryption overhead)	Secure – data cannot be eavesdropped or tampered with
No certificate costs	Required for authentication (padlock icon)
Unsuitable for sensitive data	Modern browsers mark HTTP sites as "Not Secure"

5. Use Cases in Medical Engineering

Patient portals: Must use HTTPS to protect login credentials and medical data.
Hospital public website: Even informational pages should use HTTPS to prevent content injection.
APIs for medical devices: When devices send data to cloud servers, HTTPS ensures confidentiality.

6. Special Tips / Recommendations

Always use HTTPS for any site that handles personal data – it's often required by law (e.g., HIPAA, GDPR).
Obtain SSL/TLS certificates from a trusted Certificate Authority (many are free via Let's Encrypt).
Redirect all HTTP traffic to HTTPS automatically.

7. Practical Implementation (Conceptual)

To make your hospital's website secure:

Purchase an SSL certificate or get a free one from Let's Encrypt.
Install the certificate on your web server (the hosting provider often does this).
Configure the server to listen on port 443 (HTTPS) and to redirect port 80 (HTTP) to HTTPS.
Test by visiting https://yourdomain.com and checking for the padlock.