HTTP (Hypertext Transfer Protocol)
HTTP is the foundational protocol used for transmitting data
on the web. It's a request-response protocol, meaning that a client (such as a
web browser) sends a request to a server, and the server responds with the
requested resource (like a webpage).
Key Features of HTTP:
- Stateless:
HTTP is stateless, meaning each request from a client to a server is
treated as an independent transaction, unrelated to any previous request.
- Plaintext:
Data transmitted over HTTP is not encrypted, so it can be intercepted and
read by anyone with access to the data transmission channel.
- Port:
By default, HTTP operates on port 80.
HTTPS (Hypertext Transfer Protocol Secure)
HTTPS is an extension of HTTP that adds a layer of security
by encrypting the data being transmitted. It uses SSL (Secure Sockets Layer) or
its successor, TLS (Transport Layer Security), to secure communications between
the client and the server.
Key Features of HTTPS:
- Encryption:
Data transmitted over HTTPS is encrypted, making it much harder for
attackers to intercept and read the data.
- Authentication:
HTTPS helps to authenticate the server, ensuring that the client is
communicating with the intended server and not an imposter.
- Data
Integrity: HTTPS ensures that the data has not been altered or
tampered with during transmission.
- Port:
By default, HTTPS operates on port 443.
Differences Between HTTP and HTTPS
|
Feature |
HTTP |
HTTPS |
|
Security |
Not secure; data is transmitted in
plaintext. |
Secure; data is encrypted using
SSL/TLS. |
|
Port |
Default is port 80. |
Default is port 443. |
|
Data Encryption |
No encryption; data can be
intercepted and read. |
Data is encrypted; protects against
interception. |
|
Authentication |
Does not authenticate the server. |
Authenticates the server using
certificates. |
|
Data Integrity |
Data can be altered without
detection. |
Ensures data integrity, preventing
tampering. |
|
Performance |
Slightly faster due to no encryption
overhead. |
Slightly slower due to encryption
overhead. |
|
Use Cases |
Suitable for non-sensitive
information. |
Essential for sensitive data like
login credentials, payment information, etc. |
When to Use HTTPS Over HTTP
- Sensitive
Transactions: Always use HTTPS for sensitive transactions, such as
online banking, shopping, or login pages, where personal or financial
information is exchanged.
- User
Trust: Websites using HTTPS are generally trusted more by users
because of the security and authenticity it provides.
- SEO
Advantage: Search engines like Google prioritize HTTPS sites over HTTP
in search results.
- Compliance:
Many regulatory standards and compliance requirements mandate the use of
HTTPS for secure data transmission.
Summary
- HTTP
is suitable for non-sensitive data transmission but is insecure because it
transmits data in plaintext.
- HTTPS
is a secure version of HTTP that encrypts data, ensuring security,
authentication, and integrity, making it essential for sensitive data and
enhancing user trust.
How to enable Https in web application?
|
First Create
*.keystore and *.truststore file 1>
cmd--> enter--->cd.. --->enter--> go to C:\\ drive -----> cd
Copy "C:\Program Files\Java\jdk1.6.0_31\bin" after then pest
here.---> enter----> after then step 2 2> keytool
-genkey -keystore "kartik.keystore" -alias "give Computer Full
Name here" -keyalg RSA Enter keystore password:kartik choose a password: kartik What is your first and last name? [Unknown]: 172.30.70.53 //if you have any domain name mention
domain name here What is the name of your
organizational unit? [Unknown]: Development What is the name of your
organization? [Unknown]: Tarang What is the name of your City or
Locality? [Unknown]: Bangalore What is the name of your State or
Province? [Unknown]: Karnataka What is the two-letter country code
for this unit? [Unknown]: IN Is CN=172.30.70.53, OU=Development,
O=Tarang, L=Bangalore, ST=Karnataka, C=India? [no]: yes Enter key password for (RETURN if same as keystore
password):kartik choose a password here I give password: kartik 3>After
than creat a kartik.keystore file with in this location like C:\Program
Files\Java\jdk1.6.0_31\bin 4>After
than go to server side and take this "kartik.keystore" and open
this same command promt.(optional bellow 4 i) 4
i>keytool -importkeystore -srckeystore kartik.keystore -destkeystore
kcm.p12 -deststoretype PKCS12 4 ii> for
Jar file sign jarsigner -keystore kartik.keystore
-signedjar sCount.jar Count.jar KARTIK-PC 5> keytool
-export -keystore kartik.keystore -storepass kartik -alias KARTIK-PC -file
kartik.cer 6> keytool
-import -keystore kartik.truststore -storepass kartik -trustcacerts -alias
KARTIK-PC -file kartik.cer for web
application in server.xml file <Connector
connectionTimeout="20000" port="8080"
protocol="HTTP/1.1" redirectPort="8443"/> <!-- A "Connector" using the
shared thread pool--> <!-- <Connector
executor="tomcatThreadPool" port="8080"
protocol="HTTP/1.1"
connectionTimeout="20000" redirectPort="8443"
/> --> <!-- Define a SSL HTTP/1.1 Connector
on port 8443 This connector uses the JSSE
configuration, when using APR, the connector should be using the
OpenSSL style configuration described in the APR documentation
--> <Connector SSLEnabled="true"
clientAuth="false"
keystoreFile="D://Certificate//Certificate//kartik//kartik.keyStore" keystorePass="kartik"
maxThreads="150" port="8443"
protocol="HTTP/1.1" scheme="https"
secure="true" sslProtocol="TLS"/> |
 |
| HTTPS and HTTP |
0 Comments