HttpService, http:// vs https:// protocol

The docs mention to use https:// whenever it is possible. What would be the risk of using HttpService’s :GetAsync() or :RequestAsync() with http instead of https?

Https just has an SSL certificate which generally means it’s more secure and safe. Http is still fine, it’s just not as good as Https.

Yes, I understand that, but would it bring any vulnerabilities to a Roblox server?

The HTTP and HTTPS protocols are very close to each other. HTTP stands for Hypertext Transfer Protocol. When you interact with another website, data is transferred between your computer and the server.

With HTTP, this data is transferred as plain text which was fine until more and more sensitive data such as bank card info was being sent across the internet. As a result, people were able to perform attacks to see data going across and capture that information. HTTPS means your website has an SSL certificate and data being transferred between your computer and the server is encrypted. Even if someone else obtains the encrypted data going across, they do not have the necessary key to unlock that encryption and view the data as plain text. Pretty much all websites today have SSL certificates and a variety of providers, such as letsencrypt, offer them for free.

image

1 Like

If the website is a trusted website then it should be fine, but I’d recommend using Https just to be safe!

It doesn’t necessarily need to be the website itself

1 Like

No, it would not. This just means that when Roblox servers make an HTTP request to another website, that data is encrypted so no one else can see it. Whether or not you use the HTTP or HTTPS protocol does not affect Roblox security.

1 Like

Yes, as a personal computer it would be advisable to use https, but in such case that I can only use http for a server script, would it pose any threat or does it depend on the information

Threat? What kind of threat are we talking about? Downloading the game?

So if I were to use PostAsync it’d be advisable to use Https to encrypt my data in case it’s sensitive?

Stealing confidential information, such as making a HTTP database, saving with PostAsync (for example) and not having things encrypted

I would always advise to use HTTPS when possible.

1 Like

Yes. Https is more secure than Http as I mentioned before.

No, from memory this behaviour isn’t possible.

Realistically nobody will intercept the traffic from roblox servers to your site. Nothing will happen to your game if you use http instead of https.

1 Like

In a rare case which a site may be vulnerable to attacks yes

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.