ENTENDENDO O PROTOCOLO HTTP e HTTPS

Today, our class is about HTTP protocol and HTTPS protocol. So, let's talk here today about these communication protocols that are so important for computer networks and internet browsing. Let's go then, with our class today.

Firstly, I would like to tell you that every time you browse the internet, every time you access a website, you use this type of protocol. So, in your web browser, all communication made between internet pages and your computer uses either the HTTP protocol or the HTTPS protocol. But what would these protocols be, right?

What would this HTTP and HTTPS protocol be? So, come on, what is HTTP? HTTP is an abbreviation for Hypertext Transfer Protocol.

So, HTTP is a hypertext transfer protocol. And what would this hypertext be? Hypertext is the essence of internet browsing, it is all text that, when you click on text or image, when you click, you give an order to open other content, open another page.

So, these are the famous links that connect HTML files. Let's go, the idea of ​​HTTP, this protocol, what is a communication protocol? These are rules, right?

So, HTTP has a set of rules to be able to deliver website transfers, okay? So, it will define how messages are formatted and transmitted between the server and browsers. Here, we have an architecture called client-server.

The entire client-server architecture concerns a computer that uses a resource, which is the client, when we are browsing, we are accessing a resource that is stored on a server. So, all internet pages, when we access this content, we are requesting a web server, that's the name given to this resource, for it to deliver a page. So, the HTTP architecture is based on client-server, okay?

This architecture, this HTTP feature, it was developed by Tim Berners-Lee at CERN, right? CERN is a European nuclear research organization, at the end of the 80s . So, let's put the 90s as a milestone for this language.

So, he wanted to facilitate the exchange of files between researchers. So, he created this idea of ​​the hyperlink to organize the research content they were doing within this organization, and it was so satisfying, so incredible, because at that time command prompts were used a lot, it was very difficult to access files. So he created this simple way for you to access documents.

And this language was so well structured that it made website development easier. It started with texts, we know that old internet pages are based only on text, and new resources were incorporated, which today we know that there are different web resources, we watch videos, we send all types of content via Web site. So, it appears in the 90s, let's put it like that, in 91, it starts its first version to run on computers in browsers.

Very good. So, guys, the characteristic, right? What is the characteristic of this protocol, right?

So, the characteristic is how it works, which communication port it operates. We, in computer networks, each network service, each resource that you use in your computer network, has a communication port. So, these communication ports are where the protocols operate.

This is very important to know because in many selection tests and competitions they like to ask this through the gateway. Let's go. So, it's text-based.

So, it is a message based on texts that go across the network. So, it is very simple to interpret the commands and such, it is in plain text. So HTTP, it sends these text messages to a server.

Then, this request is interpreted by the server, and the server does not maintain any information about this previous request. In other words, the server operates in a very simple way, responding promptly to what is requested. He doesn't have and doesn't need to remember the entire idea from the previous request.

So, it hasn't been. It is not a programming language, HTTP. It is not made to interpret programming languages.

Who will carry out this control of the states. HTTP is just a request. When you click, it triggers an order, it's one.

And this request is granted. So, controlling all the complexity of states, this is done by web programming languages. HTML, for example, is not a programming language, it is a markup language that only represents content on the screen.

And the programming languages, we have PHP, we have Java, we have ASP. NET. There are several languages ​​there.

Beauty. Come on, the methods, right? HTTP is how these requests will happen.

So, we have GET method, POST method, DELETE. So, these are like commands given to the HTTP server when I 'm sending files, a form, for example. You are there filling out the quote contact form and you click send, you are doing the POST method because you are sending data to the server to store somewhere or forward by email to that person.

So, this is an example of a method. So, method is what you want to happen, the server is like commands for the server. So this goes along with HTTP, and the default port for HTTP is port 80.

What do you mean? If you have it on your computer network, you want to block all use of HTTP on your network, just block port 80, no internet browser can browse HTTP. So, the communications ports, right?

They are used so you can filter your network. You can block WhatsApp, you can block various tools that operate on a computer network through communication ports, once they are closed, nothing operates on that port. So, this is very important for information security rules.

Let's go then. How it works, guys, how does this request work, right? So, you will use the web browser, which we call the browser, which is the client.

It is the client program that will ask a server what it wants to access. For example, you put a website there. And what is this website you put up like?

The ISO that we place is called a URL. So, we put www. youtube.

com. br, for example. It will request for this URL, for this resource location, and it will send metadata.

So, there will be metadata and the body of the message. So, the content sent, it has metadata. So, it's interesting to think when you develop, there is a lot of metadata that are configurations that you make on your website.

For example, when I develop a web page, I enter which language I want it to represent, whether it is Share 7 or UTF-8, for example, the language with accent in Portuguese, whether it is a website in English, it has the language, keywords, so I can configure that description that appears in searches. All of that is metadata, and it is based on this metadata that search engines find your website, right? And the videos here on YouTube too, which is known as tags, like other ways we use videos and web content, on the website as well.

So, when you request it, it looks at the metadata of that page that you requested and will deliver it to you, in addition to the metadata, which is information about the title of the page, the language in which it is to be interpreted and everything else, it will also include the content, the body of the message. The body of the message is what you see on the screen. In HTML we call it body, it would be the body of the message, and we call it head, which would be the configuration, the head part of the website, where the metadata is.

This in HTML. And HTML is the type of document you will see on your screen. So this is an HTML document, but it's done like you receive this document through HTTP or HTTPS request.

So, the response, then, you request through a link, there, from an address, which we call a URL, www. youtube. com.

br, we receive the content, the server processes this request and returns an HTTP response. This response includes a status code, which is whether it was successful or incorrect. So, many times, you are browsing the internet and try to access the link and this 404 Not Found code appears.

I mean, page not found. When this 404 Not Found appears, it means that the web developer did not handle the error on the server, because I can say "We have a problem, page is currently unavailable". I can make a nice custom screen to appear on.

But, When I don't handle the error, the default page will show 404 Not Found, which means it's an error that the page was not found. Here will come the headers and the body containing the requested resource, which is the HTML page. So, when you request it from the client, which is the browser, the browser, you receive an HTML page.

Ok, but what are the limitations of HTTP? One of the problems with HTTP is that HTTP does not work with encryption. So, it is unencrypted.

What does this mean? The text is clear, it goes without any modifications. For example, if you are browsing the internet, everything that is sent via HTTP is in plain text.

So, if you send a login, password, the login and password will be the same as you wrote, without any modifications. What do you mean without any modifications? It is not transformed into other code.

Any hacker who gets this information along the way can read your username and password as they are real. So, there is no security at all, the text is clear and any interception could result in data being stolen, you see everything that travels over the network with HTTP and there are programs for that. So, that's the problem with HTTP, it doesn't send encryption, it doesn't transform the data you send from your server, such as credit card numbers, for example, it won't transform these codes into another code that is encryption, it's a transformation of the plain text you type into the browser, but when you click submit it gets scrambled.

If someone steals, he won't understand what it means. Therefore, it can be easily intercepted and read by anyone who can access this information. So, the vulnerability, the attacks, right?

So, this interception, which would mean having a person in the middle of the path stealing the data. So, this is a risk, right? For espionage.

So, HTTP, one of its characteristics is that HTTP does not promote security when sending data, it is a type of transaction that does not promote any security, any type of security. HTTP is not secure. So, any website you access that is HTTP, that asks for login, password, credit card, any sensitive data, do not provide it.

Do not provide it, because it is dangerous, it is not safe, you have no guarantee of safety. Ok, and now, on the other hand, how is this problem solved, how was this problem solved with HTTPS? What is HTTPS?

It is a web communication protocol, just like HTTP, but it receives a layer of security with SSL and TLS encryption. These codes here, SSL and TLS, are cryptographic algorithms, they are encryption programs. TLS is the most current, SSL is one of the first to be used so they are used to protect data transmission between the client and the server.

So, when you use a website that has encryption, it means that it has an agent, a program, which we call an algorithm, it's a program, right, a code that when you click, it will scramble and the other side There will be a force, it will encrypt, right, it will encrypt and the other side will decrypt, the server will decrypt. And how are these ciphers created with these SSL and TLS algorithms and who dominates this, how do I know if this cryptographic certificate, this algorithm, is valid or not, that's the question, right? So, when you have a website like this you want to guarantee what, confidentiality, that the data is transmitted encrypted and ensure that only the people involved can have this information, right?

So, you guarantee all this, authenticity, and there is one more cool thing about HTTPS, search engines , Google and so on, they will give preference to sites that use HTTPS, so every internet page that uses HTTPS, it will be prioritized in search engine rankings, of course, it will want to place more secure pages for you before less secure ones. So, this process of acquiring this certificate, so we have certification authorities , for you to understand this, look for it, watch it here on the channel, there is a video about digital certificate , digital signature. So, I hire these companies, I acquire the certificate, I put it on my website, when I put it on my website, a little padlock appears next to the link that you are accessing the address.

So, you can take any internet page, for example, Google, where you will navigate and double click on that padlock, there will be the validity of the digital certificate, certification authority which is the company that provided this certificate and what algorithm of Cryptography is being used to encrypt the contents there. So, if the certificate is valid and the certificate is issued by a valid certification authority, you are guaranteed the security of this data transaction. So, never buy from websites or enter your details on websites that do not have this valid padlock.

You have to be very careful with this so that you don't suffer any type of scam or damage to your data. So, that's it, a big hug, leave a like, enjoy, share, subscribe and until the next class, a hug.