I know that smtp is the default protocol used to send mail. But I have read that http protocol is used by webmail(such as Hotmail, yahoo etc) to send mail from your desktop to mail server which then uses smtp to forward it to destination server. Is it correct?
No. Webmail provides a HTTP interface to the client and they might store the mails written in a database or push them via whatever protocol (http, soap...) to another server - but at the end they have to use SMTP because that's what all other mail servers speak and thus this is the way to deliver mail to recipients outside the Webmails domain.
Related
I understand that HTTP is a protocol that allows information to be transferred between a client and a server. At the moment, this protocol is used everywhere: when we're opening needed web page, downloading music, videos, applications...
MDN
HTTP is a protocol for fetching resources such as HTML documents. It is the foundation of any data exchange on the Web and it is a client-server protocol, which means requests are initiated by the recipient, usually the Web browser. A complete document is reconstructed from the different sub-documents fetched, for instance, text, layout description, images, videos, scripts, and more.
But it's not entirely clear to me what exactly HTTP does during this information transfer. If, as I read, a protocol is essentially a set of rules, then does it mean that HTTP just setting up rules for passing information between server and client? If so, what are these rules and what are they for?
Hypertext Transfer Protocol is a communications protocol. It is used to send and receive webpages and files on the internet. It is now coordinated by the W3C. HTTP version 1.1 is the most common used.
HTTP works by using a user agent to connect to a server. The user agent could be a web browser or spider. The server must be located using a URL or URI. This always contains http:// at the start. It normally connects to port 80 on a computer.
A more secure version of HTTP is called HTTPS (Hypertext Transfer Protocol Secure). This contains https:// at the beginning of the URL. It encrypts all the information that is sent and received. This can stop malicious users such as hackers from stealing the information and is often used on payment websites. HTTPS uses port 443 for communication instead of port 80.
My question is about networking. I'm just looking for a simple answer, yet I couldn't find one after 1 hour research. I know there are techniques such as Wi-Fi Hotspot, man-in-the-middle-attack, local network, echo switch, etc. But I couldn't find an answer to my specific question.
Let's say, client A wants to communicate with server B, and server B says client A must authenticate himself via HTTP basic authentication first. My question is, what happens if client A sends the authentication credentials via HTTP layer (insecure), who can read the HTTP headers that the client A sends to server B over the internet? Would it be easy to do that? Like placing a breakpoint between two arbitrary routers, which help to transfer the packets across the internet, in order to read those headers? How does it work in general?
Thank you!
PS.: I am not trying to learn and do it. I just want to know, how dangerous it would be, if the HTTP basic auth is made via the insecure HTTP layer.
Who can read the HTTP headers that the client A sends to server B over
the internet?
Your Network Provider (e.g Wi-fi hotspot Provider).
Your Domain Name System server (DNS, as 192.168.1.1).
Your Internet Service Provider (ISP).
Your Virtual Private Network if using one (VPN server).
Yourself Or a Virus.
and here comes the HTTPS (HTTP + SSL Encryption)
SSL is about communicating in a language that you and the server only understand.
How dangerous it would be if the HTTP basic auth is made via the insecure HTTP layer?
Well, from above, You can totally get that a simple virus or even a public Wi-fi Hotspot Device can capture and see all of your data if the communication was done in a plain HTTP Socket.
A Simple packet may contain all of your Device information including its basic contents as your passwords, credit cards information, The HTML form for the signup/login that you've just completed with all its data, VoIP Calls and messages being sent to the server + upcoming/received ones.
that's why we need SSL encryption and the server should have a valid SSL certificate too.
By the way, your device may have sent thousands of packets while you read this now!
Capturing the packets that your device sends or even the packets that other devices on your network send can be done through any packet capturing tool or software as Wireshark.
I'm trying to understand how to send encrypted email from an ASP.NET application using an SMTP server set up on IIS. Apologies in advance if I'm not being clear - I'm fundamentally a programmer and my understanding of email is limited.
I know that the SMTP server can be configured to insist on TLS/SSL encryption. What I'm not clear about is how this works with the EnableSsl property of System.Net.Mail.SmtpClient() and the implications when sending to recipients which don't support encryption.
My goal is to ensure that emails sent to certain recipients are always encrypted, but I don't want emails to fail when sent to other recipients whose receiving SMTP servers don't support encrypted messages.
Is it possible therefore to use SSL conditionally in my scenario based on the intended recipient?
Usually mail is delivered to a mail server local to the sender, i.e. your "SMTP server set up on IIS". This mail server then looks up which servers are responsible for the recipients domain and forwards your mail to these servers.
While you can control how the connection is done between your application and your SMTP server (i.e. TLS or not) you have no control how this mail is forwarded from there on. But modern mail servers typically use TLS if the remote mail server offers support for it and fall back if TLS is not supported by the remote server.
As the title explains, I want to see the http requests that are sent by my android app client to my Jersey Web service.
Also, I'm using
https://github.com/kevinsawicki/http-request
class for sending the requests, but I'm not sure if they are SSL encrypted. Can I see if they are encrypted by looking at the http requests that arrive at my Web service?
If you have access to the server on which your web service is running, you can use Wireshark : https://www.wireshark.org/
This will trace and decode the tcp/ip protocol for you, and indeed show you if it's encrypted under SSL.
Assuming you own the server, and have full access, you can also install the Private Key from your server into Wireshark, and it will then show you decoded SSL traffic.
i've read on argosoft.com that it would be possible sending email using the http protocol - where can i find info about it?
i'm looking for a way to send a personalized newsletter off my server withouth putting heavy traffic on my webserver. would this be possible?
thx
You can build such System. Run a Server side Script in PHP/perl/.net or anything that takes inputs like from, to, subject, body from GET/POST arguments and send the mail. and them use curl or do something similer to convey the information to that page and that page will eventually send the mails for You.
However If The SMTP server have an Web Interface then that one can also be used Similar way.
You cant. smtp or imap. At best you can have an http server which accepts mail and then talks smtp/imap with some mail server. Why do you think http would be less overhead?
In fact you don't have to increase the load on your webserver to send mail from your webserver domain. If the newsletter isn't too frequent you could simply have someone send it from any mail client.
If you want to automate. There's a php function too.http://php.net/manual/en/function.mail.php
(also for java and perl)