• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Http and Https

 
Ranch Hand
Posts: 94
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello...
I am developing an application which might involve use of secure connections. But I dont know how different Https is from Http. Also what additional coding do i need to put in my servelts if i am using Https.
 
Ranch Hand
Posts: 476
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
http is a regular http protocol, while https is a secure one. I think your server needs to be set-up so it can process secure (S) transactions.
------------------
Alex
"Java is the answer"
 
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You will need to configure your webserver for HTTPS, but your application server should be fine. Generally, this should not have any impact on your application, although there are a few cases that can cause problems. For example, you should not hardcode any URLs to "http://....", since this will generate browser warnings. In general, it is best to use relative URLs or dynamically generate the URLs based on the protocol anyway.
-Mirko

Originally posted by joshi jayram:
Hello...
I am developing an application which might involve use of secure connections. But I dont know how different Https is from Http. Also what additional coding do i need to put in my servelts if i am using Https.


 
Ranch Hand
Posts: 198
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please excuse if I am asking silly questions.
i) How does one configure webserver for HTTPS (Secure HTTP);
ii) How does one ascertain whether HTTP has to be provided or HTTPS has to be provided in the URL ?
iii) How to dynamically generate URLs ?
Thanks
 
Mirko Froehlich
Ranch Hand
Posts: 114
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't worry, your questions are not silly at all. I'll try to answer them:
i) The details depend on your webserver. In any case, you will have to obtain a certificate (for example from Verisign) in order to use SSL. However, for development you can generate unsigned certificates for free (sorry, don't have a URL handy). You will then need to configure your webserver for this certificate and tell it to accept SSL connections on port 443 (the default port for HTTPS). For example if you are using IIS, it includes a key manager tool that you can use to add certificates.
ii) I am not sure I understand your question. For example on e-commerce websites, you will probably use HTTP until you log in, at which point you switch over to HTTPS. In your HTML login form, just make sure that the action uses HTTPS instead of HTTP. On the login page, you probably also want to make sure that the request came in over HTTPS.
iii) This depends on your exact needs. What I meant was mainly that you should under no circumstances hardcode the full URL including the protocol (HTTP / HTTPS) into your JSP pages or Servlets, since this will cause problems with HTTPS. Also this makes you inflexible if you need to change the hostname later on, so this should never be hardcoded. In many cases, simply using relative URLs will be sufficient (i.e. "/store/product.jsp" instead of "http://myshop.mydomain.com/store/product.jsp"). If for some reason you find it necessary to use a full URL, you should dynamically generate it from the desired protocol (for example you can determine what protocol the request used and use the same), the hostname (which could be stored in a configuration file), and the rest of the URL.
-Mirko

Originally posted by Bharatesh H Kakamari:
Please excuse if I am asking silly questions.
i) How does one configure webserver for HTTPS (Secure HTTP);
ii) How does one ascertain whether HTTP has to be provided or HTTPS has to be provided in the URL ?
iii) How to dynamically generate URLs ?
Thanks


 
Ranch Hand
Posts: 31
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
Can somebody tell me good source, where I can learn how or can to implement HTTPS concept in my application. I'm unaware about this concept.
Thanks
Shikhar
 
Yes, of course, and I accept that blame. In fact, i covet that blame. As does this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
    Bookmark Topic Watch Topic
  • New Topic