Re: [Re: HTTPS available]

[M.A.Bhavish Kumar]

yup rama ......it's fine with me        Bhav ----- Original Message ----- From: Pankaj Acharya To: [EMAIL PROTECTED] Sent: Tuesday, November 09, 1999 3:05 PM Subject: Re: [Re: HTTPS available] Hello Martin, okay.!! I read the comments in the URL Class's contructor. i need both(SSLSocket and protocol handler), now i understand. But since my servlet CAN MAKE "HTTPS:" calls (without throwing a MalformedURLException).. can i assume that Java Web Server's servlet engine does all the Security Related Things Seamlessly..? I mean the compulsory server authentication that you mention in your reply. Or am i wrong in assuming this..? I am assuming the data sent to the "https:" resource by my servlet will be encrypted and so will be the data that i receive without me having to bother. Now tell me whether this assumption is true. I am not concerned what the Server Owner can do to my data. I am just concerened about the transmission of data . whether that is secure or not..? Thank you. Best regards, Pankaj. NOTE: This works only with JWS and the servlet engine that comes with it. ================================================= Martin Kuba <[EMAIL PROTECTED]> wrote: Please, first read the documentation for the constructor public URL(String protocol,String host,int port,String file) of the java.net.URL class at http://java.sun.com/products/jdk/1.2/docs/api/index.html You will see the diferrence there. SSLSocket implements the transportation layer of network connection, the protocol handler the application layer of network connection. So you need them both. SSL secures the connection between client and server. The server authentication is compulsory, the client authentication is optional. The data are secured during transmition, but they are unsecure after storing on the server. Be aware of that, the owner of the server can do anything with your data, SSL cannot prevent him from that. Martin ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1 ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html