Originally posted by joshi jayram:
I am developing an application which might involve use of secure connections. But I dont know how different Https is from Http. Also what additional coding do i need to put in my servelts if i am using Https.
i) The details depend on your webserver. In any case, you will have to obtain a certificate (for example from Verisign) in order to use SSL. However, for development you can generate unsigned certificates for free (sorry, don't have a URL handy). You will then need to configure your webserver for this certificate and tell it to accept SSL connections on port 443 (the default port for HTTPS). For example if you are using IIS, it includes a key manager tool that you can use to add certificates.
ii) I am not sure I understand your question. For example on e-commerce websites, you will probably use HTTP until you log in, at which point you switch over to HTTPS. In your HTML login form, just make sure that the action uses HTTPS instead of HTTP. On the login page, you probably also want to make sure that the request came in over HTTPS.
iii) This depends on your exact needs. What I meant was mainly that you should under no circumstances hardcode the full URL including the protocol (HTTP / HTTPS) into your JSP pages or Servlets, since this will cause problems with HTTPS. Also this makes you inflexible if you need to change the hostname later on, so this should never be hardcoded. In many cases, simply using relative URLs will be sufficient (i.e. "/store/product.jsp" instead of "http://myshop.mydomain.com/store/product.jsp"). If for some reason you find it necessary to use a full URL, you should dynamically generate it from the desired protocol (for example you can determine what protocol the request used and use the same), the hostname (which could be stored in a configuration file), and the rest of the URL.
Originally posted by Bharatesh H Kakamari:
Please excuse if I am asking silly questions.
i) How does one configure webserver for HTTPS (Secure HTTP);
ii) How does one ascertain whether HTTP has to be provided or HTTPS has to be provided in the URL ?
iii) How to dynamically generate URLs ?