Skip to main content

HTTP AND HTTPS-A Comparison

Uniform Resource Locator(URL)

URL strings consist of three parts
  1. Network protocol
  2. Host name or address
  3. File or resource location
These substrings are separated by special characters as follows:
protocol :// host / location

URL Protocol
The 'protocol' substring defines a network protocol to be used to access a resource. These strings are short names followed by the three characters '://' (a simple naming convention to denote a protocol definition). Typical URL protocols include http://, ftp://, and mailto://.

Now check out the URL of this page (the one that is displayed in the address(navigation) bar).What does that say ?What we are going to discuss is HTTP and HTTPS which have a role to play in our follow up post...

HTTP: HyperText Transfer Protocol
  • Used by browsers for fetching Web data from servers.
  • Because of its universal availability (e.g., firewalls don't interfere) has become widely used as a general-purpose protocol for network communication.
  • Simple request-response protocol, sent using TCP/IP sockets.

Sample request:

GET /index.html HTTP/1.1

Host: www.example.com

User-Agent: Mozilla/5.0

Accept: text/xml,application /xml,application/xhtml+xml,text/html*/*

Accept-Language: en-us

Accept-Charset: ISO-8859-1,utf-8

Connection: keep-alive

BLANK LINE

First line contains method, URL, version number
  • GET method: read information from server. Should have no side effects.
  • POST method:sends data from the browser to the server(typically form data), returns information from the server. Likely to have side effects. Data is in the body of the message, after the blank line.
  • There are several other methods defined besides these two, but they are not commonly used.
Headers: name-value pairs providing various information that may be useful to the server.

A request can also contain data following the headers, but the GET method doesn't have any data (POST does, though).

Sample response:


HTTP/1.1 200 OK

Date: Thu, 11 Aug 2009 17:36:27 GMT

Server: Apache-Coyote/1.1

Content-Type: text/html;charset=UTF-8

Content-Length: 1846

HTML

.......

/HTML

  • First line contains protocol version number, numerical status code, textual explanation.
  • Headers have same general format as for requests
  • Blank line separates headers from response data.

Redirection: rather than returning an HTML page, the server can set the Location header to some other URL and return a status of 307. This causes the browser to immediately fetch the new URL in place of the page initially requested. Useful if information has moved, and for handling POST requests.

For the most part, HTTP is invisible to Web application developers; everything happens automatically for you (occasionally you will need to read or write various headers).

HTTPS

Works identically to HTTP, except that the request and response messages are transmitted using SSL (Secure Sockets Layer) or its successor TLS (Transport Layer Security).

HTTPS is used automatically for any URL beginning with "https:" instead of "http:".

What HTTPS does for you:
  • The request and response messages are transmitted between the browser and server in encrypted form.
  • This prevents snoopers on the network from accessing private information in the messages, such as passwords or credit card numbers.

However, HTTPS does not guarantee that the browser and server can trust each other. You just know that no-one else is listening.

HTTPS requires additional server setup: must create a certificate that identifies the server to the browser.

In designing Web applications you must make sure that HTTPS is used whenever private data has been transmitted, such as when forms are submitted for login or for credit card authorization.

There are numerous security issues related to HTTPS, such as
  • When to use it.
  • How to mix HTTP and HTTPS safely.
Labels:

Comments

Post a Comment

Popular posts from this blog

T Shirt Quotes related to Computers

Last week while searching for some computer related quotes for T Shirt I came across certain quotes that I thought were very good.So I thought why not share these quotes with you.So here are these quotes,pick the one you like or if you have any of your favorites then do share it with us.Here is the list.. "Programmers don't byte, they nibble a bit" "To iterate is human, to recurse divine" " first 90% of the code accounts for the first 90% of the development time. The remaining 10% of the code accounts for the other 90% of the development time" "99% of all girls are beautiful, the rest 1% are in my college "ASC!! a stupid question,get a stupid ANS!" "In cartooned form Atom1 - I have lost an electron. Atom2 - Are you sure? Atom1 - I am positive." "There's no place like 127.0.0.1 (“Home” for the non-geeks)" "YouTube(logo) myspace(logo) and I'll Google(logo) your Yahoo(logo)." " I'm a progr...
2 comments
Read more

Google Facts

The name Google is a spelling error. The founders of the site, Larry page and Sergey Brin , thought they were going for Googol .. Googol is the mathematical term for 1 followed by 100 zeros. Initially, Larry and Sergey Brin called their search engine BackRub , named for its analysis of the of the web's "back links." The reason the google page is so bare is because t he founder didn't know HTML and just wanted a quick interface. The company's first office was in a garage , in Menlo Park, California . Google's first employee was Craig Silverstein, now Google's Director of technology. The basis of Google's search technology is called PageRank that assigns a rank to determine how useful it is. However, that is not why it is called PageRank. It is actually named after Google co-founder Larry Page . It would take 5,707 years for a person to search Google's 3 billion pages . The Google software does it in 0.5 seconds. The logos that appear on ...
3 comments
Read more

Computer Tips Bollywood Style

After a long gap I am writing a post...back in the blogger arena after such a long interval feels good.Here are some tips... As they say "A picture is worth a thousand words". TecH GaraGe (TG) is back with a new flavour in a new attire.Keep checking out this blog.
1 comment
Read more