Java Reference
In-Depth Information
C
HAPTER
5: S
ECURE
HTTP R
EQUESTS
• HTTP Security
• Using HTTPS
• Using HTTP Authentication
• Understanding Base-64
The HTTP protocol, as it was originally designed, is completely unencrypted. Everything
transmitted by the HTTP protocol is transmitted in plain text. There is no way for a web
server to be sure who is requesting data. Likewise, there is no way for a web browser to be
sure what web server it is requesting data from. This presents a security risk because a third
party could intercept packets that are being exchanged between your browser and the web
server. If these packets are encrypted then it is less of a problem if they are intercepted.
Several mechanisms were added to HTTP to create security. Many web sites make use of
these secure mechanisms of HTTP. If your bot program is to access data on a site using the
secure mechanisms of HTTP, you will need to know how to support them.
There are two primary mechanisms that provide HTTP with security. These two mecha-
nisms, which will be discussed in this chapter, are listed here:
• HTTPS
• HTTP Authentication
This chapter will show you how to support both secure mechanisms of HTTP in your
Java programs.
Using HTTPS in Java
HTTPS is implemented as a protocol just like HTTP. Whereas an HTTP URL starts with
“http”, an HTTPS protocol starts with “https”. For example, the following URL specifies a
secure page on the HTTP Recipe Site:
https://www.httprecipes.com/1/5/https.php
It is important to understand that a URL that starts with “https” is not just a secure ver-
sion of the same URL beginning with an “http”. Consider the following URL:
http://www.httprecipes.com/1/5/https.php
