• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

HTPPS

 
Ranch Hand
Posts: 3852
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is HTPPS?

It is called secured connection (HTTP request). But what exactly is this secured connection? and why not other HTTP request are secured?

Thanks.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.
 
ankur rathi
Ranch Hand
Posts: 3852
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.



Thanks Ulf.
 
ankur rathi
Ranch Hand
Posts: 3852
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Ulf Dittmer:
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.



But in case of Post request, browser encrypts the *data* but it is a HTTP request not the HTTPS. Why?

Thanks.
 
Ranch Hand
Posts: 69
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.
 
ankur rathi
Ranch Hand
Posts: 3852
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Darren Edwards:
HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.



Thanks Darren.
 
ankur rathi
Ranch Hand
Posts: 3852
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
How can I force/let my browser to make request https???

Thanks.
 
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can't force the browser, it's the server who should support a secure connection..
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Mandar-

On your way in you may have missed that JavaRanch has a policy on display names, and yours does not comply with it; specifically, a first name and a last name are required. Please adjust it accordingly, which you can do right here. Thanks for your prompt attention to this matter.
 
Mandar Max
Ranch Hand
Posts: 38
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Ulf, indeed I had missed the naming policy...
 
ankur rathi
Ranch Hand
Posts: 3852
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Mandar:
You can't force the browser, it's the server who should support a secure connection..



Does it means, HTTPS request doesn't exist, only HTTPS response exist???

And HTTP request and HTTPS response is called secured connection???

Thanks.
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Servers can check to make sure that incoming requests are secure.

If not, they can either throw an exception or (more useful) redirect the user to the same page but with the secure ('https://') scheme.
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletRequest.html#isSecure()

This can be done programmatically from within your code or declaratively from the security-constraint entry in your deployment descriptor.

There is a link to the Servlet Spec in my signature.
Download the PDF and perform a search with the following criteria:
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
to learn more about declarative security in j2ee apps.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Does it means, HTTPS request doesn't exist, only HTTPS response exist???


No. HTTPS requests exist as well. If the browser accesses an URL starting with "HTTPS", then the request is encrypted as well.
 
a wee bit from the empire
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic