DEV Community

james
james

Posted on

WEBSITES SECURITY(HTTP AND HTTPS)

Let us begin by understanding what is what the hell is Http,
HTTP(Hyper Text Transfer Protocol )is an application-layer protocol used for communication between clients (typically web browsers) and servers on the World Wide Web. It facilitates the transfer of data in the form of text, images, videos, and other resources over the internet. HTTP follows a client-server model, where clients send requests to servers, and servers respond with the requested content.
Now that we have a clue of what it is, we can now comfortably learn how it operates.
The protocol fundamentally operates into 2 phases ;

1) HTTP Request: When a client (such as a web browser) wants to access a resource (web page, image, etc.) hosted on a server, it sends an HTTP request. The request contains:

i) Method: The HTTP method (e.g., GET, POST, PUT, DELETE) indicating the action the client wants to perform on the resource.

ii)URL: The Uniform Resource Locator, specifying the address of the resource the client wants to access.

iii) Headers: Additional metadata providing information about the request, such as the user agent, cookies, and preferred language.

iV) Body (optional): Data sent by the client, typically used with methods like POST to send data to the server.

2) HTTP Response: The server processes the client's request and sends back an HTTP response. The response includes:

i) Status Line: Indicates the status of the request (e.g., 200 OK, 404 Not Found) and the HTTP version being used.

ii) Headers: Similar to the request headers, these contain metadata about the response, such as content type, cache-control, and server information.
ii) Body: The actual content being sent back to the client, such as HTML for web pages, images, or JSON data.

Notably, HTTP is a stateless protocol, meaning each request-response cycle is independent. The server does not retain information about previous requests from the same client. To maintain state between requests, cookies or session IDs are often used.

By default, HTTP operates on a stateless connection, meaning the connection is closed after each request-response cycle. To improve performance, modern web browsers and servers use techniques like keep-alive to maintain open connections and reduce the overhead of repeatedly establishing connections.

Keep in mind HTTP operates over plain text. This makes the protocol susceptible to eavesdropping and man-in-the-middle attacks. To secure communication, HTTPS (HTTP Secure) uses SSL/TLS encryption to protect data transmission.

See you in the next blog.

Top comments (0)