HTTP Protocol Problems

• Transport Security

  • As we know, the transport is a straight connection over a TCP/IP channel. This connection has nothing special associated with it, and therefore is unencrypted. For reading basic data, this is fine. For sensitive data, this is a problem, as it may be sniffed off the network.

• Authentication

  • Client to Server
    • The HTTP protocol allows for HTTP-level authentication. This is done using a request header to send an encoded username and password with the request. This is just a simple Base64 encoding.

Previous slide

Next slide

Back to first slide

View graphic version