[ Team LiB ] Previous Section Next Section

HTTPS: Secure HTTP

You might notice that when you visit a Web site that wants you to enter a credit card, the URL usually begins with https instead of http. The browser recognizes https as a request to use secure sockets to pass the data. The Secure Sockets Layer (SSL) enables you to send encrypted data back and forth between the browser and the server. (Technically, it just provides encrypted traffic between any two endpoints, not specifically between browsers and servers.)

The nice thing about using HTTP over SSL is that the HTTP protocol is still the same—it's just the transport layer that has changed. For example, if you have an SSL library that you can use with the Dumper program, you can connect to the dumper with https and still see the HTTP headers exactly as you see them with an unencrypted connection. Figure 4.7 shows the relationship between the HTTP protocol and the SSL protocol as compared to an unencrypted HTTP connection.

Figure 4.7. The SSL takes the place of a regular TCP/IP socket connection when sending encrypted HTTP traffic.

graphics/04fig07.gif

    [ Team LiB ] Previous Section Next Section