Securing the transport layer
If you were to create a mission-critical application with just the bare concepts you learned until now, you would be exposed to all sorts of security threats. For example, if you need to design a payment gateway, where the credit card information is transmitted by means of an EJB or servlet, using just the authorization and authentication stack is really not enough, as the sensitive information is still sent across a network and it could be disclosed by a hacker.
In order to prevent disclosure of critical information to unauthorized individuals or systems, you have to use a protocol that provides encryption of the information. Encryption is the conversion of data into a form that cannot be understood by unauthorized people. Conversely, decryption is the process of converting encrypted data back into its original form so that it can be understood.
The protocols used to secure the communication are SSL and TLS, the latter being considered a replacement for the older...
