Main content
Course: Internet safety > Unit 1
Lesson 11: Secure internet protocolsHTTP and HTML
Tumblr founder David Karp and Xbox program manager Jasmine Lawrence give a detailed description of how files and webpages are sent and received using HTTP and HTML.
Want to join the conversation?
Why is it called a cookie?(112 votes)
Derives from the term magic cookie, which is a packet of data passed between programs, acting like an identification token.(79 votes)
Where does the webpage get a certificate. Who issues the certificate? Does the Government like how the Government issues passports and official documents?(30 votes)
A certificate authority issues the certificate, which is just an organization that people trust to issue these certificates. The most commonly used certificate authorities are: Symantec (which owns Verisign), Comodo, and GoDaddy. (These are just private companies)
It would be difficult to convince many people that local or foreign governments could be trusted with the responsibility of issuing certificates. (Many governments attempt to monitor local and/or foreign communications)(57 votes)
DNS....did I miss something?? Can a CA owned or faked by the CIA, FBI, others?(8 votes)- DNS (Domain Name System: It's a system that converts a web address like http://www.khanacademy.org into an IP address)
Here's some bad things that can happen to certificates issued by a CA:
- A certificate, that belongs to someone else, can be mistakenly issued by a CA to an attacker, so everyone will think the attacker with the signed certificate is someone who can be trusted (this happened to Microsoft once)
- The certificate's private key is discovered by an attacker allowing them to forge the signature of who the certificate belongs to.
- Some powerful entity (such as a government) could tell the CA (which is just a company) to issue them forged certificates, or to revoke legitimate certificates of others. However, if this was made public, people may stop trusting certificates issued by that CA.
To handle these things CAs do the following:
-they add expiry dates to the certificate, so that attackers don't have enough time to find the private key, and even if they do, the certificate will only be compromised until it expires
-they revoke certificates when they are suspect to be compromised
Hope this makes sense(20 votes)
at4:03, does the cookie id # always stay the same or does it change every time you login(8 votes)- It depends.
Each cookie (there may be several associated with each site you visit) has a name field, a value field, and possibly some attributes.
If you put the following in the address bar of Chrome, you can see the cookies it is currently storing: "chrome://settings/cookies"
So for example, if you go to "http://www.echoecho.com/samplecookie1.htm" it will put a cookie named "username" with a value of the name you give it.
If a cookie is given an expiry date it will last until that date (these are persistent cookies), but if no date is provided the cookie will only last until you shut down your browser (these are session cookies).
Typically, if the cookie is being used to authenticate a person, a session cookie will be used with a random value. The value is random and changes each session so that it would be too hard for someone to guess the right value. If someone could just guess the right value then they could create the cookie themselves with that value on their computer and bypass the login of the website, because the website would look at the cookie and see the right number in the cookie indicating that the user had already logged in.
Hope this makes sense(14 votes)
At4:10, thay say that a cookie is the only way for a website to remember who you are. Isn't there also localStorage?(5 votes)- localStorage is a new technology
Both cookies and localStorage are ways to record state, but they are different:
- cookies get sent to the website's server
- localStorage is read by scripts running on your web browser (this data doesn't normally get sent to the website's server)
So cookies are nice for the server side (the web site server) to remember state, and local storage is nice for the client side (your browser) to remember state. So for things like how the user wants the web page to appear, it might be reasonable to keep those in local storage, but for things like, whether the user is logged in or not you would use a cookie (a session cookie).(6 votes)
Where can i create A Html Porgram In Khan Acedemy?(5 votes)
You can create a new HTML webpage on Khan Academy here: https://www.khanacademy.org/computer-programming/new/webpage(4 votes)
- Do we always get assigned to the same cookie by a specific website like tumblr? Like sometimes I clear cookies on my browser, does that mean all customized information is lost? Or is the customized information linked to the cookie ID and stored in the server and next time my computer talks to the server and server will assign the same cookie and my browser would retrieve the customized info from the server? If my IP addresses are constantly changing as I move from home to work and cafes, do I still have the same cookie every time? Thanks in advance!(3 votes)
- The cookie is just a file, associated with the website, that sits on your computer. What information is stored in the cookie varies for each website. If you delete the cookie, whatever is stored in it is lost.
A cookie doesn't have to identify you as a user. It could contain something simple like the last time you visited the website. When you visit the website, it could read the cookie with that time and tell you the last time you visited the website. If you deleted that cookie it wouldn't be able to tell you when you last visited. A new cookie would be placed on your computer with the default settings.
A cookie could contain an id number. The next time you visit the website, it could look up information on its files that it has associated with that id number. So for example, you go to a website, and it tracks which articles you have read. The next time you visit that website, it shows you advertisements that it thinks you would like based on the articles you have read. If you deleted the cookie, they wouldn't know who you are and they wouldn't be able to target advertisements towards you. A new cookie would be place on your computer with a different id number.
The cookie is just a file on your computer that your browser manages, so it doesn't matter if your IP address changes. If you use different browsers, you will have different cookies for each browser.
Hope this makes sense(7 votes)
- At4:26, if your computer remembers with the cookie data. Then why, when I login to khan academy, do I have to type my username and password every time. Why does it not just log me in automatically?(4 votes)
If your KA account is set not to "remember" you (depend on cookies to authenticate you), you'll have to manually authenticate each time. Alternatively, if your browser is set to delete cookies when it is closed, and you close your browser at the end of each session, you'll have to log in again at KA because the cookie they set was deleted. It may also be required if you IP address changes, if the cookie depends on you having the same IP address to work.(4 votes)
Does internet use satellite communication..? what I mean is, for example if the main server is present in another country how will it manage to send me data..? Through satellites or any other method..?(4 votes)
Hello Majji,
Nope - it would take too long.
1) A geostationary satellite is located about 26,000 mi above the surface of the earth
2) The earth has a circumference of about 25,000 mi
3) radio signals travel at the speed of light
With these fact we could say that time ∝ distance.
To use a satellite we must travel to and from the satellite. In this amount of time the signal could travel twice around the earth.
And so we use fiber optic whenever possible.
Please take a look at:
https://www.youtube.com/watch?v=YOgClt5bwew
https://en.wikipedia.org/wiki/Submarine_communications_cable
Regards,
APD(4 votes)
So, does the browser need to send different requests for CSS and JavaScript??(2 votes)- Yes, usually. Generally, the browser will issue many requests: it issues separate requests for the HTML, the CSS, the JavaScript, and for every image on the page.
However, the browser remembers the CSS and JavaScript. The browser can ask the web server, "Has this CSS file changed since last Thursday?", and if it hasn't changed, then it will reuse the version it remembered. This is your browser cache, and it applies to everything the browser uses: the images, the JavaScript, the CSS, the HTML, everything. Some sites can also send the browser a promise that a file won't change for a while. That way, the browser doesn't have to send a request for the CSS or JavaScript if it's been to the site before.(6 votes)
4:03Video transcript
- I'm Jasmine Lawrence and I'm a Program Manager on the Xbox One engineering team. One of our biggest features
is called Xbox Live. It's an online service
that connects gamers from all around the world, and we rely on the internet
to make that happen. This is no easy task and there are a lot of things happening behind the scenes. The internet is totally changing how people interact and connect. But how does it work? How do the computers all across the world actually communicate with each other? Let's look at web browsing. First, you open a web browser. It's the app you use to
access the web pages. Next, you type in the web address, or URL, which stands for Uniform Resource Locator, of a website you want to
visit like Tumblr.com. (upbeat electronic music) - Hi, I'm David Karp,
the founder of Tumblr, and we're here today to talk about how those web browsers we use every day actually work. So you've probably wondered what actually happens when you type an address into your web browser and then hit enter, and it really is about as
crazy as you can imagine. So in that moment, your computer starts
talking to another computer called a server that's usually thousands of miles away, and in milliseconds your computer asks that server for a website, and that server starts to talk back to your computer in a
language called HTTP. HTTP stands for Hypertext
Transfer Protocol. You can kind of think of it as the language that one computer uses to ask another computer for a document. It's actually really
pretty straightforward. If you were to intercept the conversation between your computer and a web server on the internet, it's mainly made up of something called "GET" requests. And those are really very
simply the word "GET" and then the name of the document that you're requesting. So if you're trying to log into Tumblr and load our login page, all you're doing is sending a GET request to Tumblr's server that says "GET /login" and that tells Tumblr's server that you want all of the HTML code for the Tumblr login page. HTML stands for HyperText Markup Language and you can think of that
as the language you use to tell a web browser
how to make a page look. So if you think about
something like Wikipedia, which is really just
a big simple document, and HTML is the language that you use to make that title big and bold, to make the font the right font, to link certain text
to certain other pages, to make some text bold, to make some text italic, to put an image in the middle of the page, to align the image to the right, to align the image to the left. - The text of a web page is included directly in the HTML, but other parts, images or videos, are separate files with their own URLs that need to be requested. The browser sends separate HTTP requests for each of these and
displays them as they arrive. If a web page has a lot
of different images, each of them causes a
separate HTTP request and the page loads slower. Now sometimes when you browse the web, you're not just requesting pages with GET requests. Sometimes you send information, like when you fill out a
form or type a search query. Your browser sends this information in plain text to the web server using an HTTP post request. - So let's say you log in to Tumblr. The first thing you do
is make a "POST" request That is, a "POST" to Tumblr's login page that has some data attached to it. It has your email address,
it has your password. That goes to Tumblr's server. Tumblr's server figures out
that, okay, you're David. It sends a web page back to your browser that says, "Success! Logged in as David." But along with that web page, it also attaches a little
bit of invisible cookie data that your browser sees and knows to save, and that's really important because it's really the only way that a website can remember who you are. All that cookie data really is is an ID card for Tumblr. It's a number that
identifies you as David. Your web browser holds onto that number, and then the next time you refresh Tumblr, the next time you go to Tumblr.com, your web browser knows to automatically attach that ID number with the request that it sends over to Tumblr's server, so now Tumblr's server sees the request coming from your browser,
sees the ID number, and knows, okay, this
is a request from David. - Now, the internet is completely open, all of its connections are shared, and information is sent in plain text. This makes it possible for hackers to snoop on any personal information that you send over the internet, but safe websites prevent this by asking your web browser to communicate on a secure channel using something called
Secure Sockets Layer and its successor
Transport Layer Security. You can think of SSL and
TLS as a layer of security wrapped around your communications to protect them from
snooping or tampering. SSL and TLS are active when
you see the little lock that appears in your browser address bar next to the HTTPS. The HTTPS protocols ensure that your HTTP requests are secure and protected. When a website asks your browser to engage in a secure connection, it first provides a digital certificate, which is like an official ID card proving that it's the
website it claims to be. Digital certificates are published by certificate authorities, which are trusted entities
that verify the identities of websites and issue
certificates for them, just like a government can
issue IDs or passports. Now, if a website tries to
start a secure connection without a properly issued
digital certificate, your browser will warn you. That's the basics of web browsing, the part of the internet
we see day to day. To summarize, HTTP and DNS manage the sending and receiving of HTML, media files, or anything on the web. What makes this possible under the hood are TCP/IP and router networks that break down and transport information in small packets. Those packets themselves
are made up of binary, sequences of ones and zeros that are physically sent
through electric wires, fiber optic cables, and wireless networks. Fortunately, once you've
learned how one layer of the internet works, you can rely on it without remembering all the details. We can trust that all those
layers will work together to successfully deliver information at scale and with reliability.