Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTPPS

 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is HTPPS?

It is called secured connection (HTTP request). But what exactly is this secured connection? and why not other HTTP request are secured?

Thanks.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.


Thanks Ulf.
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.


But in case of Post request, browser encrypts the *data* but it is a HTTP request not the HTTPS. Why?

Thanks.
 
Darren Edwards
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Darren Edwards:
HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.


Thanks Darren.
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How can I force/let my browser to make request https???

Thanks.
 
Mandar Max
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can't force the browser, it's the server who should support a secure connection..
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Mandar-

On your way in you may have missed that JavaRanch has a policy on display names, and yours does not comply with it; specifically, a first name and a last name are required. Please adjust it accordingly, which you can do right here. Thanks for your prompt attention to this matter.
 
Mandar Max
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Ulf, indeed I had missed the naming policy...
 
ankur rathi
Ranch Hand
Posts: 3830
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Mandar:
You can't force the browser, it's the server who should support a secure connection..


Does it means, HTTPS request doesn't exist, only HTTPS response exist???

And HTTP request and HTTPS response is called secured connection???

Thanks.
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Servers can check to make sure that incoming requests are secure.

If not, they can either throw an exception or (more useful) redirect the user to the same page but with the secure ('https://') scheme.
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletRequest.html#isSecure()

This can be done programmatically from within your code or declaratively from the security-constraint entry in your deployment descriptor.

There is a link to the Servlet Spec in my signature.
Download the PDF and perform a search with the following criteria:
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
to learn more about declarative security in j2ee apps.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does it means, HTTPS request doesn't exist, only HTTPS response exist???

No. HTTPS requests exist as well. If the browser accesses an URL starting with "HTTPS", then the request is encrypted as well.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic