HTTP Protocol Problems (continued)

• Authentication (continued)

  • Server to Client
    • Also, given the standard TCP/IP connection, there is no real way to verify that the server who answered the request is the real server that the client asked for. For example, if somebody tricks a client into thinking the name www.umbc.edu points to a different address, users may be tricked into releasing private or personal information.

• Stateless

  • Difficult to track requests from point to point. For simply browsing pages, this is not a problem. If the user needs to interact with the system in any manner, this becomes essential. (Shopping Cart, etc..)

Previous slide

Next slide

Back to first slide

View graphic version