Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Stephanie McCartney
1,369 Pointshttp vs https for facebook and twitter links
I was wondering why we type http:// instead of https:// for the facebook and twitter links. I went to Facebook to look up my link and noticed it was https://.
1 Answer
Codin - Codesmite
8,600 PointsHTTP = Hypertext Transfer Protocol
HTTPS = Hypertext Transfer Protocol Secure
HTTP is the network transfer protocol used to send and recieve information between your browser/network to the network/web server of the website you are accessing.
Your browser will request an HTTP header from the webserver of the website you are attempting to browse. The server will then send the header to your modem/router telling it what the page should contain. Your modem/router will then bounce back and fourth with the webserver checking it matches the content of the page on the webserver, once this is finished the page is delivered to your browser (If it fails at this point you will be sent an error code such as an 404 error for example).
This is fine for normal pages but lets say for example a login form to Facebook contains sensitive information such as passwords. This information is being bounced back and fourth between the webserver and your router/modem. It is very easy for a hacker to intercept this information by sniffing out your network traffic or the webservers network traffic.
HTTPS encrypts the information sent and recieved, it uses SSL (Secure Socket Layer) or also known as TLS (Transport Security Layer) in networking.
How this works for example in the case of a Facebook Login Form; When your browser lands on the HTTPS login form for Facebook it requests an SSL Certificate from Facebook's Login Servers, they send you an SSL Certificate which contains a "Public Key". The data you send is encrypted using the "Public Key" and recieved on Facebook's Login Servers Encrypted. The server then uses a "Private Key" that is never shared to decrypt the information.
So if a hacker was to sniff the network traffic between a HTTPS transfer they would just get encrypted data that they can not decrypt without knowing the private key of the Facebook's Login Server.
This procedure in networking is reffered to as Public Key Infrastructrue (PKI).
Hope this has helped you understand how it all works and wasn't to complicated.
(I was a CISCO Network Engineer in the past).
Edit Forgot to add, there is also a system called Certificate Authority (CA), this is a system that checks the Certificate Sent is from the trusted source and not being injected by a hacker pretending to be for example Facebook's Login Server.
This is why sometimes when you go to a website you may recieve a warning from your browser telling you that the Certificates are untrustworthy or un-signed. Meaning that the CA could not confirm that the certificates were sent from a legit source.
Zuhayr Elahi
2,582 PointsZuhayr Elahi
2,582 PointsSo the difference between the two is that https means we are sending information using SSL. SSL is a way to send encrypted information between the client and server. Now when you login onto Facebook or Twitter, we want to go through SSL to ensure that our data is encrypted. When we transmit data through HTTP, the data is not encrypted and we are vulnerable to people who are sniffing a network to look for this type of information. =)
Now most sites have switched to https. Meaning when you type in http, it will automatically redirect you to the https site. Anyways I hope this help. =)