02 March 2010

Internet theft cases, spoofing, fishing are common these days. Most information security agencies like Computer Emergency Response Team (CERT), OWAPS SANS are taking action to stop these frauds. In order to secure the web application agencies have given idea to the bank and other financial corporations to use Secure Socket Layer (SSL) protocol, Transport Layer Security (TLS).
But if this is that much secure then why web applications are still having default protocol HTTP (port no. 80)?
This we can understand by this conversation:
Client: Hello!!
http://www.laksha.net/
Client connects to TCP port 80 and wants this host
Here http tells webserver which host is requested with which configuration and what content shall be presented to the client
Webserver: Hi!! I have
http://www.laksha.net/
Gives respective configuration and presents content at the client.
But in other hand SSH and other secure service like TLS behaves like they are possessed. They don’t even tell webserver which webserver is requested. SSH require any server IP address can have only on website hosted on it. It means when client connect to webserver through port number 443, it needs a signed certificates.
HTTP & HTTPS both are different in their behaviour. One wants to tell every things and other will tell when you will ask with some signed authorization i.e. certificate.

Tagged:

1 comment:

  1. I have similar kind of question that Why websites have still default HTTP? This post have answers of these questions which is very impressive for me. Now i have seen some website don't have WWW and i don't know the answer of this question. However, I want rush my essay and hope next post will contain answer related to WWW.

    ReplyDelete

Note: Only a member of this blog may post a comment.