Java Reference
In-Depth Information
The two URLs you see in this section are exactly the same, except that one is HTTP and
the other HTTPS. You might think that entering the second URL would simply take you to an
unencrypted version of the
https.php
page. It does not. If you enter the second URL into
a web browser, you will get a page not found, or the 404, error.
This is because the file
https.php
does not exist on the “HTTP Recipes” site's un-
encrypted server. This is the important distinction. There are two web servers running at
www.httprecipes.com
. There is an unencrypted HTTP server running at port
80
.
There is also an encrypted HTTPS server running at port
443
. These two servers do not
share the same set of HTML files. In the case of the HTTP Recipes site, Chapter 5 is hosted
on the HTTPS server, and the rest of the chapters on the HTTP server.
Hypertext Transfer Protocol Secure (HTTPS) uses sockets just like HTTP. However, it
uses a special sort of socket called a secure socket. Secure sockets are implemented using
the Secure Socket Layer (SSL). SSL, which is supported by Java, provides two very important
security mechanisms, which are listed here.
• Encrypted packets
• Server verification
Web servers commonly use both of these mechanisms. These two mechanisms will be
discussed in the next two sections.
Understanding Encrypted Packets
The aspect that most users associate with HTTPS, is data encryption. When you use an
HTTPS site, you normally see a small “lock symbol” near the bottom of your browser. Once
you see the lock, you know that your data is being encrypted, and you are using a secure
site.
Data encryption is very important. When you enter a credit card number into a web site,
you want to be sure that only that web site gains access to your credit card number. Because
TCP/IP traffic can travel through a number of different hosts before it finally reaches your
intended web server, you do not want a malicious user intercepting your credit card number
somewhere between you and the web server.
By encrypting the packets being exchanged between you and the web server, the prob-
lem of your packets getting intercepted is decreased. If someone does intercept your packet,
it will be encrypted.
Understanding Server Verification
Encryption is not the only benefit provided by HTTPS. Server verification is another
important benefit. Consider what happens when you access the following URL:
https://www.httprecipes.com/1/5/https.php
