It is called secured connection (HTTP request). But what exactly is this secured connection? and why not other HTTP request are secured?
Thanks.
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35241
7
posted
0
HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.
Originally posted by Ulf Dittmer: HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.
Thanks Ulf.
ankur rathi
Ranch Hand
Joined: Oct 11, 2004
Posts: 3829
posted
0
Originally posted by Ulf Dittmer: HTTPS connections encrypt the data that is sent over them, while HTTP sends data in clear text. THus HTTP traffic can be read at every host it's passing through.
But in case of Post request, browser encrypts the *data* but it is a HTTP request not the HTTPS. Why?
Thanks.
Darren Edwards
Ranch Hand
Joined: Aug 17, 2005
Posts: 69
posted
0
HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.
ankur rathi
Ranch Hand
Joined: Oct 11, 2004
Posts: 3829
posted
0
Originally posted by Darren Edwards: HTTP post requests are not encrypted, they may be encoded, but it is still plain text that is being passed over the HTTP link.
Thanks Darren.
ankur rathi
Ranch Hand
Joined: Oct 11, 2004
Posts: 3829
posted
0
How can I force/let my browser to make request https???
Thanks.
Mandar Max
Ranch Hand
Joined: Mar 14, 2006
Posts: 38
posted
0
You can't force the browser, it's the server who should support a secure connection..
"The trouble with doing something right the first time is that nobody appreciates how difficult it was!"
Ulf Dittmer
Marshal
Joined: Mar 22, 2005
Posts: 35241
7
posted
0
Hello Mandar-
On your way in you may have missed that JavaRanch has a policy on display names, and yours does not comply with it; specifically, a first name and a last name are required. Please adjust it accordingly, which you can do right here. Thanks for your prompt attention to this matter.
Mandar Max
Ranch Hand
Joined: Mar 14, 2006
Posts: 38
posted
0
Thanks Ulf, indeed I had missed the naming policy...
ankur rathi
Ranch Hand
Joined: Oct 11, 2004
Posts: 3829
posted
0
Originally posted by Mandar: You can't force the browser, it's the server who should support a secure connection..
Does it means, HTTPS request doesn't exist, only HTTPS response exist???
And HTTP request and HTTPS response is called secured connection???
This can be done programmatically from within your code or declaratively from the security-constraint entry in your deployment descriptor.
There is a link to the Servlet Spec in my signature. Download the PDF and perform a search with the following criteria: <transport-guarantee>CONFIDENTIAL</transport-guarantee> to learn more about declarative security in j2ee apps.
0
