Java Reference
In-Depth Information
The web browser takes apart the URL and finds the
hostname
. In this case, the host
name is
www.httprecipes.com
. This is a domain name, which the web browser
then looks up in a Domain Name System (DNS) server. As of the writing of this topic, the IP
address for
www.httprecipes.com
is
216.69.170.193
. But how do you know
that the IP address
216.69.170.193
is really the HTTP Recipes site? IP addresses
sometimes change when the web master switches hosting companies, or for other reasons.
Someone could have hijacked the
www.httprecipes.com
DNS entry and pointed it
to a malicious web server running on a different IP address.
HTTPS solves this problem. Part of the SSL protocol, upon which HTTPS is based, veri-
fies that the IP address returned by DNS is the actual address of the site. Every website
that uses HTTPS must be issued a SSL certificate. Usually these certificates are issued by
Verisign (
http://www.verisign.com
). When a web server is granted a certificate, the
company that issues the certificate verifies the IP address that the certificate is issued to
matches the domain name.
When you access
https://www.httprecipes.com
, your web browser looks up the
returned IP address of
216.69.170.193
with the company that issued the HTTP Reci-
pes site our SSL certificate. If these IP addresses do not match, then your browser will warn
you.
Most certificate issuers provide “seals” that web masters can place on their web sites to
show that their identity has been verified. Figure 5.1 shows the seal on the HTTP Recipes
site:
