In this short article I will talk a little bit about the HTTP and HTTPS protocols. HTTP stands for Hypertext Transfer Protocol and
basically every web request (typing a site's URL in a browser such as
Internet Explorer) is done using this protocol. HTTP uses the client-server model
in which a client requests something from the server and the server
responds with the desired request. You can visualize this protocol as a
collection of hyperlinks interconnected. You can learn a lot of things
about the functionality of the client-server model by reading my networking fundamentals articles. HTTP uses port 80,
if you request a a web content on a different port other than 80, your
request will not be routed throughout the Internet. Have you ever seen
that even if you type for example ittrainingday.com, your request is automatically redirected to http://ittrainingday.com ? (any request by default is an HTTP request). When you specify a HTTPS request, by default, the port used is 443.
We will talk in a second about the main differences between these two
protocols. The requests that HTTP can fulfill are the following (taken
from Wikipedia http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol):
- "GET
- Requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect. (This is also true of some other HTTP methods.)[1] The W3C has published guidance principles on this distinction, saying, "Web application design should be informed by the above principles, but also by the relevant limitations." See safe methods below.
- HEAD
- Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
- POST
- Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. The data POSTed might be, as examples, an annotation for existing resources; a message for a bulletin board, newsgroup, mailing list, or comment thread; a block of data that is the result of submitting a web form to a data-handling process; or an item to add to a database.
- PUT
- Requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified; if the URI does not point to an existing resource, then the server can create the resource with that URI.
- DELETE
- Deletes the specified resource.
- TRACE
- Echoes back the received request so that a client can see what (if any) changes or additions have been made by intermediate servers.
- OPTIONS
- Returns the HTTP methods that the server supports for specified URL. This can be used to check the functionality of a web server by requesting '*' instead of a specific resource.
- CONNECT
- Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.
- PATCH
- Is used to apply partial modifications to a resource.
HTTP servers are required to implement at least the GET and HEAD methods and, whenever possible, also the OPTIONS method.
How a browser is requesting a webpage is a different topic, but if you are really interested, you can check out my IIS tutorials in which I've described how web servers work (at least Microsoft's web-hosting service or IIS). If you've read my networking articles you already know the TCP/IP and the OSI models and how everything is layered. HTTP is a layer 7 concept (Application layer). This protocol is responsible for displaying information so that it can be interpreted by the user.
HTTPS stands for Hypertext Transfer Protocol Secure, is a concept that uses HTTP and SSL when sending and receiving data. By adding the SSL protocol, HTTPS ensures that information sent between the client and the server is not intercepted. SSL or Secure Sockets Layer is a protocol used to encrypt information sent over the public Internet. I will not talk much about this protocol, you will have to know that it provides three main features: authentication, integrity and confidentiality. Authentication is made using asymmetric cryptography with a public and a private key (these keys are exchanged between the client and the server). Confidentiality is made using symmetric encryption and message integrity is done using message authentication codes. You can browse a little on Google to find out more about these mechanisms.
The main differences between HTTP and HTTPS are:
The first and most important is that HTTPS is secure while HTTP sends information in plain text.
HTTP uses port 80 while HTTPS uses port 443.
HTTP operates at the application layer while HTTPS works at the transport layer.
The URL is different in these two protcols: https:// and http://
HTTPS stands for Hypertext Transfer Protocol Secure, is a concept that uses HTTP and SSL when sending and receiving data. By adding the SSL protocol, HTTPS ensures that information sent between the client and the server is not intercepted. SSL or Secure Sockets Layer is a protocol used to encrypt information sent over the public Internet. I will not talk much about this protocol, you will have to know that it provides three main features: authentication, integrity and confidentiality. Authentication is made using asymmetric cryptography with a public and a private key (these keys are exchanged between the client and the server). Confidentiality is made using symmetric encryption and message integrity is done using message authentication codes. You can browse a little on Google to find out more about these mechanisms.
The main differences between HTTP and HTTPS are:
The first and most important is that HTTPS is secure while HTTP sends information in plain text.
HTTP uses port 80 while HTTPS uses port 443.
HTTP operates at the application layer while HTTPS works at the transport layer.
The URL is different in these two protcols: https:// and http://
In a simple HTTP communication, the browser will establish a TCP
connection with the server and will send a request for a desired
resource. The server will respond with the requested resource and the
TCP connection will close. If you want to know how a TCP connection is
established or closed, check out my networking fundamentals tutorials.
With HTTPS the client must first authenticate and then it will try to
establish an encrypted connection using SSL. Only after these steps are
complete, the HTTPS transfer can begin. Websites use certificates,
signed by a public Certification Authority, to ensure users that the
site is trusted. Most browsers will notify users when a website with an
untrusted certificate is opened:
That's about it for this post, I hope you've made a general idea of
these two protocols. Leave any comment or question that you have, enjoy
your day and stay tuned for more articles to come.
"Remember Me When You Raise Your Hand For Dua"
Raheel Ahmed Khan
System Engineer
send2raheel@yahoo.com
send2raheel@engineer.com
sirraheel@gmail.com
send2raheel (skype id)
My Blog Spot
http://raheel-mydreamz.blogspot.com/
No comments:
Post a Comment