O'Reilly logo

Head First Servlets and JSP, 2nd Edition by Bert Bates, Bryan Basham, Kathy Sierra

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing data in transit: HTTPS to the rescue

When you tell a J2EE Container that you want to implement data confidentiality and/or integrity, the J2EE spec guarantees that the data to be transmitted will travel over a “protected transport layer connection”. In other words, Containers are not required to use any specific protocol to handle secure transmissions, but in practice they nearly all use HTTPS over SSL.

HTTP request—not secured

image with no caption

The Bad Eavesdropper gets a copy of the HTTP request that contains the client’s credit card info. The data isn’t protected, so it comes over in the body of the POST in a nice readable form. The Eavesdropper is happy.

A secured HTTPS over SSL request

image with no caption

The Bad Eavesdropper gets a copy of the HTTP request that contains the client’s credit card info.

But because it was sent with extra-strength HTTPS over SSL, he CANNOT read the information !!

image with no caption

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required