Skip to main content

HTTP AND HTTPS-A Comparison

Uniform Resource Locator(URL)

URL strings consist of three parts
  1. Network protocol
  2. Host name or address
  3. File or resource location
These substrings are separated by special characters as follows:
protocol :// host / location

URL Protocol
The 'protocol' substring defines a network protocol to be used to access a resource. These strings are short names followed by the three characters '://' (a simple naming convention to denote a protocol definition). Typical URL protocols include http://, ftp://, and mailto://.

Now check out the URL of this page (the one that is displayed in the address(navigation) bar).What does that say ?What we are going to discuss is HTTP and HTTPS which have a role to play in our follow up post...

HTTP: HyperText Transfer Protocol
  • Used by browsers for fetching Web data from servers.
  • Because of its universal availability (e.g., firewalls don't interfere) has become widely used as a general-purpose protocol for network communication.
  • Simple request-response protocol, sent using TCP/IP sockets.

Sample request:

GET /index.html HTTP/1.1

Host: www.example.com

User-Agent: Mozilla/5.0

Accept: text/xml,application /xml,application/xhtml+xml,text/html*/*

Accept-Language: en-us

Accept-Charset: ISO-8859-1,utf-8

Connection: keep-alive

BLANK LINE

First line contains method, URL, version number
  • GET method: read information from server. Should have no side effects.
  • POST method:sends data from the browser to the server(typically form data), returns information from the server. Likely to have side effects. Data is in the body of the message, after the blank line.
  • There are several other methods defined besides these two, but they are not commonly used.
Headers: name-value pairs providing various information that may be useful to the server.

A request can also contain data following the headers, but the GET method doesn't have any data (POST does, though).

Sample response:


HTTP/1.1 200 OK

Date: Thu, 11 Aug 2009 17:36:27 GMT

Server: Apache-Coyote/1.1

Content-Type: text/html;charset=UTF-8

Content-Length: 1846

HTML

.......

/HTML

  • First line contains protocol version number, numerical status code, textual explanation.
  • Headers have same general format as for requests
  • Blank line separates headers from response data.

Redirection: rather than returning an HTML page, the server can set the Location header to some other URL and return a status of 307. This causes the browser to immediately fetch the new URL in place of the page initially requested. Useful if information has moved, and for handling POST requests.

For the most part, HTTP is invisible to Web application developers; everything happens automatically for you (occasionally you will need to read or write various headers).

HTTPS

Works identically to HTTP, except that the request and response messages are transmitted using SSL (Secure Sockets Layer) or its successor TLS (Transport Layer Security).

HTTPS is used automatically for any URL beginning with "https:" instead of "http:".

What HTTPS does for you:
  • The request and response messages are transmitted between the browser and server in encrypted form.
  • This prevents snoopers on the network from accessing private information in the messages, such as passwords or credit card numbers.

However, HTTPS does not guarantee that the browser and server can trust each other. You just know that no-one else is listening.

HTTPS requires additional server setup: must create a certificate that identifies the server to the browser.

In designing Web applications you must make sure that HTTPS is used whenever private data has been transmitted, such as when forms are submitted for login or for credit card authorization.

There are numerous security issues related to HTTPS, such as
  • When to use it.
  • How to mix HTTP and HTTPS safely.
Labels:

Comments

Post a Comment

Popular posts from this blog

Future of AI

  The Future of Artificial Intelligence Artificial intelligence (AI) is one of the most important technologies of our time. It is already having a major impact on our lives, and its influence is only going to grow in the years to come. AI is already being used in a wide variety of applications, including: Natural language processing: AI is used to understand human language, which is essential for applications like speech recognition and machine translation. Image recognition: AI is used to identify objects and patterns in images, which is used in applications like facial recognition and self-driving cars. Machine learning: AI is used to train machines to learn from data, which is used in applications like fraud detection and spam filtering. These are just a few examples of the many ways that AI is being used today. As AI continues to develop, it will be used in even more applications, and its impact on our lives will only grow. So what does the future hold for AI? Here are a few predic
Post a Comment
Read more

Karnataka Elections 2023: The Handslide

  The Congress party won the 2023 Karnataka Legislative Assembly election by a landslide, winning 126 seats and forming the government. The BJP, which was in power for the last five years, was reduced to 39 seats. The Janata Dal (Secular) won 37 seats. There were several reasons for the Congress's victory. One reason was the anti-incumbency factor. The BJP had been in power for five years, and there was a lot of dissatisfaction with the government's performance. The Congress was able to capitalize on this dissatisfaction and win over many voters. Another reason for the Congress's victory was its strong local leadership. The party had a strong organization in Karnataka, and it was able to mobilize its supporters effectively. The BJP, on the other hand, was seen as being out of touch with the people of Karnataka. The Congress also benefited from the fact that it was able to project a more secular image than the BJP. The BJP has been accused of being too close to the Hindutva
Post a Comment
Read more

Are CRED Rewards a Sham?

  CRED is a fintech startup that offers a credit card bill payment app. The app is designed to make it easier for users to pay their credit card bills on time and earn rewards. However, there are some concerns that CRED may not be good for consumers. One concern is that CRED encourages users to spend more money than they can afford. The app uses gamification and social media to create a sense of competition among users. This can lead to users spending more money in order to climb the leaderboard and earn rewards. Another concern is that CRED's rewards program is not as generous as it may seem. In order to earn the most rewards, users need to pay their credit card bills on time and in full. However, many users may not be able to do this, especially if they are struggling to make ends meet. Finally, CRED's privacy policy has been criticized for being too vague. The policy states that CRED may share user data with third-party partners, but it does not specify which partners or wha
Post a Comment
Read more