http vs https

[OhioSteve]

As a user I have noticed that occasionally the address in my browser starts with "https..." instead of "http...". I never attached any importance to this.

Now I am starting to do web-based programming. During a discussion about data caches, a colleague mentioned that cached values persist across "protocols", whereas seesion variables do not persist across them. He identified "http" and "https" as protocols.

Could you explain the signifigance of these protocols? Why would a programmer use one instead of the other? Would you ever use both in one website? Are there others besides "http" and "https"?

 

[ChrisHirst]

The main ones you would come across as a web programmer would be HTTP, HTTPS, SMTP & FTP

HTTP (HyperText Transfer Protocol) is the standard website protocol normally to be found running on port 80.

HTTPS (HyperText Transfer Protocol (Secure)) is the secure (encrypted) protocol (port 443) normally only used where sensitive data is being transmitted. CC details, personal info etc.

FTP (File Transfer Protocol) as it says used for file transfers runs on port 21

SMTP (Simple Mail Transfer Protocol) used to transfer mail messages (as text) between Mail Servers as defined by DNS MX records normally runs on port 25

others are
POP (Post Office Protocol)
NNTP (Network News Transport Protocol)
NTP (Network Time Protocol)

any many many more lots of resources around the Internet strangely enough.


Chris.

Indifference will be the downfall of mankind, but who cares?

http://www.candsdesign.co.uk

A website that proves the cobblers kids adage.

http://www.cram-system.com

Nightclub counting systems

So long, and thanks for all the fish.

 

[OhioSteve]

Thanks for responding! Now I have two follow-up questions:

1)Is my friend correct when he states that session variables cannot cross these protocols, and that data cache keys can cross it?

2) It seems to me that you would not usually WANT to transfer values from http to https. You would want to segregate the secure transactions from the insecure transactions. Perhaps you might have a website where you wanted to transmit values from http to ftp (for example, the address of the files you want). Any thoughts on this?

3) Would the same code work in different protocols? Would I ever encounter syntax that would function in one environment and not the other? I visit alot of asp.net discussions online. I can't recall anyone saying something like "This method doesn't work in https..." or "...that html tag works only with ftp protocol..."

This is an interesting discussion. I look forward to reading more posts on this thread.

 

[mrdenny]

1) Correct. Session variables cannot cross protocols, because when you switch from http to https you are ending one session and starting another one.

2) There is no problem going from http to https. However you want to be carefull that all sensitive data requires that is goes accross the https connection and not the http connection. For example, a form could be downloaded over http that asks a user to log in. That form is them submitted to the https server for processing. Once the user is authenticated, the user is redirected back to the http server so they can browse the web.

3) With http and https, no. Everything that works in http will work in https. FTP isn't a web browsing protocal. It's a file transfer protocal so html doesn't work here at all.

With http and https one thing to keep in mind, is that you want to do as little as possible on your https server. The reason for this is that encrypting the data for the https protocal takes much more CPU power than displaing data over the http connection.

Denny

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com

(My very old site)