Uniform Resource Locator(URL)
URL strings consist of three parts
- Network protocol
- Host name or address
- File or resource location
protocol :// host / location
URL Protocol
The 'protocol' substring defines a network protocol to be used to access a resource. These strings are short names followed by the three characters '://' (a simple naming convention to denote a protocol definition). Typical URL protocols include http://, ftp://, and mailto://.
Now check out the URL of this page (the one that is displayed in the address(navigation) bar).What does that say ?What we are going to discuss is HTTP and HTTPS which have a role to play in our follow up post...
HTTP: HyperText Transfer Protocol
- Used by browsers for fetching Web data from servers.
- Because of its universal availability (e.g., firewalls don't interfere) has become widely used as a general-purpose protocol for network communication.
- Simple request-response protocol, sent using TCP/IP sockets.
Sample request:
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0
Accept: text/xml,application /xml,application/xhtml+xml,text/html*/*
Accept-Language: en-us
Accept-Charset: ISO-8859-1,utf-8
Connection: keep-alive
BLANK LINE
GET method: read information from server. Should have no side effects. POST method:sends data from the browser to the server(typically form data), returns information from the server. Likely to have side effects. Data is in the body of the message, after the blank line. - There are several other methods defined besides these two, but they are not commonly used.
A request can also contain data following the headers, but the GET method doesn't have any data (POST does, though).
Sample response:
HTTP/1.1 200 OK
Date: Thu, 11 Aug 2009 17:36:27 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Content-Length: 1846
HTML
.......
/HTML
First line contains protocol version number, numerical status code, textual explanation. Headers have same general format as for requests Blank line separates headers from response data.
Redirection: rather than returning an HTML page, the server can set the Location header to some other URL and return a status of 307. This causes the browser to immediately fetch the new URL in place of the page initially requested. Useful if information has moved, and for handling POST requests.
For the most part, HTTP is invisible to Web application developers; everything happens automatically for you (occasionally you will need to read or write various headers).
Works identically to HTTP, except that the request and response messages are transmitted using SSL (Secure Sockets Layer) or its successor TLS (Transport Layer Security).
HTTPS is used automatically for any URL beginning with "https:" instead of "http:".
What HTTPS does for you:
The request and response messages are transmitted between the browser and server in encrypted form. This prevents snoopers on the network from accessing private information in the messages, such as passwords or credit card numbers.
However, HTTPS does not guarantee that the browser and server can trust each other. You just know that no-one else is listening.
HTTPS requires additional server setup: must create a certificate that identifies the server to the browser.
In designing Web applications you must make sure that HTTPS is used whenever private data has been transmitted, such as when forms are submitted for login or for credit card authorization.
There are numerous security issues related to HTTPS, such as
When to use it. How to mix HTTP and HTTPS safely.
Comments