The basic user server interaction over the internet
Concern about the security comes into picture when there is presence of a 3rd person in between the communication of user and server, without any information present to both user and server
This is known as MITM ( Man in the middle attack), in which the hacker can steal the information shared between the user and server.
Standard defintion:
A man in the middle (MITM) attack is a general term for when a perpetrator positions himself in a conversation between a user and an application—either to eavesdrop or to impersonate one of the parties, making it appear as if a normal exchange of information is underway.
The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers. Targets are typically the users of financial applications, SaaS businesses, e-commerce sites and other websites where logging in is required.
Example:
Therefore, our target is to make the connection secure.
For that we will have to make encrypt the data from the sender side, and decrypt it on the receiver side.
So we can have a key, which can encrypt and decrypt the data. This is known as Symetric Encryption as same key is present with both sender and receiver.
So the data from client/user (rectangle box in yellow color) will be sent to server, and this is encrypted by a secret key.
Server still cannot open the data as it doesn’t have the secret key.
