The HTTP protocol used by a web server is unencrypted and both headers and files are transfered unprotected. Today servers should move over to HTTPS.
HTTPS uses the SSL/TLS protocol to encrypt communications so that attackers can't steal data. SSL/TLS also confirms that a website server is who it says it is, preventing impersonations.
Here is an example of how we can add encryption to our communication using ServerSocket and a self signed certificate.
https://stackoverflow.com/questions/2308479/simple-java-https-server/56794765#56794765
When using self signed certificates browsers will warn us that the site isn't secure but that can be accepted and communication will then work.
For best protection we should use the latest version of TSL. https://www.globalsign.com/en/blog/ssl-vs-tls-difference
SSLContext.getInstance("TLSv1.3"). If that is a problem we can do with TSLv1.2
A HTTP server runs by default on port 80 while HTTPS uses port 443.
We should still have the ability to use HTTP so maybe we can implement two different Server classes and specify which one to start or both from config file or environment variable?
The HTTP protocol used by a web server is unencrypted and both headers and files are transfered unprotected. Today servers should move over to HTTPS.
HTTPS uses the SSL/TLS protocol to encrypt communications so that attackers can't steal data. SSL/TLS also confirms that a website server is who it says it is, preventing impersonations.
Here is an example of how we can add encryption to our communication using ServerSocket and a self signed certificate.
https://stackoverflow.com/questions/2308479/simple-java-https-server/56794765#56794765
When using self signed certificates browsers will warn us that the site isn't secure but that can be accepted and communication will then work.
For best protection we should use the latest version of TSL. https://www.globalsign.com/en/blog/ssl-vs-tls-difference
SSLContext.getInstance("TLSv1.3"). If that is a problem we can do with TSLv1.2
A HTTP server runs by default on port 80 while HTTPS uses port 443.
We should still have the ability to use HTTP so maybe we can implement two different Server classes and specify which one to start or both from config file or environment variable?