The internet has transformed how we communicate, work, and live. But have you ever wondered how clicking a link instantly loads a webpage from a server thousands of kilometers away? Or how your online banking stays secure while transmitting sensitive information?
This lesson explores the fundamental concepts of web programmingโspecifically, how data travels across the internet, the protocols that govern communication between computers, and the security measures that protect our information.
Lesson Objectives:
Understand how data is transmitted across the internet (packets, IP addresses, DNS)
Learn the key web protocols (HTTP, HTTPS, TCP/IP, FTP, SMTP, etc.) and their purposes
Explore encryption and security mechanisms that protect web communication
Examine the impact of big data on modern web architectures
Recognize different web programming applications and their requirements
๐ฑ Web Programming Applications
Web programming powers a wide variety of applications, each with unique requirements and architectures. Understanding these applications helps us design appropriate solutions.
1. Interactive Websites & Webpages
Modern websites are far more than static pages displaying text and images. They respond to user input, update content dynamically, and provide personalized experiences.
๐ Examples of Interactive Web Features
Social Media Feeds: Real-time updates without page refresh (Facebook, Twitter/X)
Online Forms: Instant validation as you type (email format checking, password strength)
Interactive Maps: Zoom, pan, and search locations (Google Maps)
Live Chat: Real-time messaging with support representatives
Video Streaming: Play, pause, seek, and adjust quality (YouTube, Netflix)
Critical Requirement: PCI DSS compliance for handling credit card data
3. Progressive Web Apps (PWAs)
PWAs combine the best features of websites and native mobile apps, offering offline functionality, push notifications, and installation to the home screenโall without app store distribution.
Advantages of PWAs:
Work Offline: Service workers cache content for offline access
Fast Loading: Pre-caching critical resources reduces load times
Installable: Add to home screen like a native app (no app store)
Push Notifications: Re-engage users with timely updates
Cross-Platform: One codebase works on iOS, Android, desktop
Always Up-to-Date: No manual updates required by users
๐ Real-World PWA Examples
Twitter Lite: Reduced data usage by 70%, increased engagement
Starbucks: Order ahead even without internet, syncs when online
Pinterest: 60% increase in engagement after PWA launch
Flipkart (India): 3x more time spent on site, 40% higher re-engagement
Technologies: Service Workers, Web App Manifest, HTTPS (required)
๐ฆ How Data is Transferred on the Internet
When you request a webpage, watch a video, or send an email, data travels through a complex network infrastructure. Understanding this process is fundamental to web programming.
1. Data Packets: Breaking Information into Chunks
Instead of sending data as one continuous stream, the internet breaks information into small units called packets. Each packet contains:
Header: Metadata including source IP, destination IP, packet number, protocol
Payload: The actual data being transmitted (typically 500-1500 bytes)
Footer/Trailer: Error-checking information to verify data integrity
๐ Why Use Packets?
Scenario: You're downloading a 5 MB image from a website.
Without Packets: The entire 5 MB would need to travel as one piece. If the connection drops at 90%, you'd have to restart the entire download.
With Packets: The image is split into ~3,500 packets (assuming 1,500 bytes each). Benefits:
Reliability: If packet #1,234 is lost, only that packet needs to be resent
Routing Flexibility: Packets can take different routes to avoid congestion
Error Detection: Corrupted packets are identified and retransmitted
Multiplexing: Multiple data streams can share the same connection
Packet Journey Example:
When you request www.google.com, packets might travel: Your Device โ Home Router โ ISP Router โ Regional Network โ Backbone Network โ Google's Data Center
Each "hop" examines the packet header to determine the next destination. The entire journey typically takes 20-100 milliseconds!
2. IP Addresses: The Internet's Postal System
Every device connected to the internet has an IP addressโa unique numerical identifier that allows packets to find their destination.
IPv4 Addresses
IPv4 (Internet Protocol version 4) is the most common addressing system, using 32-bit addresses written in dotted-decimal notation.
IPv4 Address Format
# Format: X.X.X.X (where each X is 0-255)
192.168.1.1 # Common home router address
8.8.8.8 # Google's public DNS server
172.217.14.206 # Google.com server
127.0.0.1 # Localhost (your own computer)
# Each number represents 8 bits (1 byte)
# Total: 32 bits = 4.3 billion unique addresses
IPv4 Address Exhaustion:
With only 4.3 billion addresses and billions of internet-connected devices (smartphones, tablets, IoT devices), IPv4 addresses have been exhausted.
Solution:IPv6 uses 128-bit addresses (e.g., 2001:0db8:85a3:0000:0000:8a2e:0370:7334), providing 340 undecillion addressesโenough for every atom on Earth to have multiple addresses!
IP Address Range
Purpose
Example
10.0.0.0 โ 10.255.255.255
Private networks (large organizations)
Corporate LANs
172.16.0.0 โ 172.31.255.255
Private networks (medium networks)
University networks
192.168.0.0 โ 192.168.255.255
Private networks (home/small office)
Home routers
127.0.0.0 โ 127.255.255.255
Loopback (localhost)
Testing on your own computer
3. Domain Name System (DNS): The Internet's Phonebook
Humans prefer memorable names (www.google.com) over numerical IP addresses (172.217.14.206). The DNS translates domain names into IP addresses.
๐ How DNS Works: Step-by-Step
You type: www.example.com into your browser
Browser Cache Check: Have I visited this site recently? (If yes, use cached IP)
Operating System Cache Check: Does my computer know this IP?
Router Cache Check: Does my router have this IP cached?
ISP DNS Resolver Query: Browser asks ISP's DNS server (e.g., 8.8.8.8 for Google DNS)
Root DNS Server: "I don't know example.com, but ask the .com server"
TLD (Top-Level Domain) Server: "I don't know example.com, but ask example.com's authoritative server"
Authoritative DNS Server: "example.com is at 93.184.216.34"
Browser connects to 93.184.216.34 and loads the website
Time taken: Typically 20-120 milliseconds (cached lookups: <1 ms)
DNS is Critical Infrastructure:
Without DNS, you'd need to memorize IP addresses for every website. DNS is so important that attacks on DNS servers can make entire regions of the internet inaccessible.
Example: In 2016, a DDoS attack on DNS provider Dyn made Twitter, Netflix, Reddit, and GitHub inaccessible for hours.
DNS Lookup Example (Command Line)
# Use nslookup to query DNS records
nslookup google.com
# Output:
# Server: 192.168.1.1
# Address: 192.168.1.1#53
#
# Non-authoritative answer:
# Name: google.com
# Addresses: 142.250.204.46
# 2404:6800:4006:80f::200e
๐ Web Protocols & Their Ports
Protocols are standardized rules that govern how data is transmitted and received. Think of them as the "languages" computers use to communicate.
1. HTTP vs HTTPS: The Foundation of the Web
HTTP (Hypertext Transfer Protocol) - Port 80
HTTP is the protocol browsers use to request webpages from servers. It operates on Port 80 by default.
HTTP Request Example
GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Accept: text/html,application/xhtml+xml
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
HTTP Security Problem:
HTTP transmits data in plain textโanyone intercepting the traffic (e.g., on public Wi-Fi) can read passwords, credit card numbers, and personal messages.
Analogy: Sending a postcard (anyone handling it can read the message) vs. sending a sealed letter.
HTTPS (HTTP Secure) - Port 443
HTTPS = HTTP + SSL/TLS. It encrypts all communication between your browser and the server using SSL/TLS protocols, operating on Port 443.
๐ฏ Interactive Demo: Secure HTTPS Connection
Watch how HTTPS establishes a secure, encrypted connection with SSL/TLS:
๐
Browser
๐ SSL Certificate
๐
๐ข
Web Server
HTTPS Benefits:
Confidentiality: Data is encrypted; eavesdroppers see gibberish
Integrity: Data cannot be modified during transmission without detection
Authentication: Confirms you're connected to the real website (not an imposter)
SEO Boost: Google ranks HTTPS sites higher than HTTP sites
Feature
HTTP
HTTPS
Encryption
โ None (plain text)
โ SSL/TLS encryption
Port
80
443
Security
โ Vulnerable to eavesdropping
โ Secure against MITM attacks
Certificate Required
โ No
โ Yes (SSL certificate)
Browser Indicator
"Not Secure" warning
Padlock icon ๐
Use Case
Never for sensitive data
All modern websites
2. TCP/IP: Reliable Data Transmission
TCP/IP (Transmission Control Protocol / Internet Protocol) is the fundamental protocol suite of the internet. It ensures reliable, ordered delivery of data packets.
๐ฏ Interactive Demo: TCP Three-Way Handshake
Watch how TCP establishes a reliable connection before any data is sent:
๐ป
Client
SYN
SYN-ACK
ACK
๐ฅ๏ธ
Server
What Just Happened?
SYN (Synchronize): Client โ Server: "I want to connect (sequence number: 1000)"
SYN-ACK (Synchronize-Acknowledge): Server โ Client: "OK, I'm ready (sequence: 5000, acknowledging your 1000)"
Result: Connection established! Data transfer begins with both sides synchronized.
TCP vs UDP:
TCP (Transmission Control Protocol): Reliable, ordered, error-checked. Used for web browsing, email, file transfers. Slower but guarantees delivery.
UDP (User Datagram Protocol): Fast, connectionless, no guarantees. Used for video streaming, online gaming, DNS lookups. Prioritizes speed over reliability.
3. FTP & SFTP: File Transfer Protocols
FTP (File Transfer Protocol) - Ports 20 & 21
FTP is used to transfer files between computers over a network. Port 21 is for commands, Port 20 for data transfer.
FTP Security Issue:
Like HTTP, FTP transmits usernames, passwords, and data in plain text. It's vulnerable to packet sniffing and man-in-the-middle attacks.
SFTP (Secure File Transfer Protocol) - Port 22
SFTP encrypts both commands and data using SSH (Secure Shell). It's the secure alternative to FTP.
Protocol
Port(s)
Security
Use Case
FTP
20, 21
โ No encryption
Legacy systems only
SFTP
22
โ SSH encryption
Secure file transfers
FTPS
990 (implicit), 21 (explicit)
โ SSL/TLS encryption
Alternative secure option
4. SSL/TLS: Encryption Protocols
SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are cryptographic protocols that provide secure communication over networks. They are the foundation of HTTPS security.
What is TLS?
TLS (Transport Layer Security) is a security protocol that encrypts data transmitted between web browsers and servers. It sits between the application layer (HTTP) and the transport layer (TCP), creating a secure "tunnel" for data.
Analogy: Think of TLS as a secure armored truck that protects valuable cargo (your data) while it travels on the internet highway.
๐ The TLS Handshake Process
When you visit an HTTPS website, TLS establishes a secure connection through these steps:
Client Hello: Your browser sends supported TLS versions, cipher suites (encryption methods), and a random number
Server Hello: Server responds with chosen TLS version, cipher suite, and its SSL certificate
Certificate Verification: Browser checks if the certificate is:
Issued by a trusted Certificate Authority (CA)
Not expired
Matches the domain you're visiting
Not revoked
Key Exchange: Client and server use asymmetric encryption (RSA/ECDHE) to securely exchange a session key
Session Established: Both sides now use the session key for fast symmetric encryption (AES) of all data
Secure Communication: All HTTP requests and responses are now encrypted!
Time taken: 100-300 milliseconds for the entire handshake
Why TLS Uses Both Asymmetric and Symmetric Encryption:
Asymmetric (RSA/ECDHE): Used only during the handshake to securely exchange the session key. Slow but solves the key distribution problem.
Symmetric (AES): Used for all actual data transmission. Fast and efficient for large amounts of data.
Best of Both Worlds: Security of asymmetric + speed of symmetric encryption
TLS Feature
Purpose
How It Works
Encryption
Confidentiality
AES-256 encrypts data so eavesdroppers see gibberish
Each session uses unique keysโcompromising one doesn't affect others
Important Clarification:
SSL is outdated and insecure (last version SSL 3.0 released in 1996). Modern systems use TLS, but the term "SSL certificate" persists due to historical usage.
Current Standard: TLS 1.2 (minimum) or TLS 1.3 (recommended)
SMTP (Simple Mail Transfer Protocol) - Port 25 / 587
SMTP is used to send emails from your email client to the mail server, and between mail servers.
POP3 (Post Office Protocol 3) - Port 110
POP3 downloads emails from the server to your device and typically deletes them from the server. Good for single-device usage.
IMAP (Internet Message Access Protocol) - Port 143
IMAP keeps emails on the server and syncs across multiple devices. Modern email services (Gmail, Outlook) use IMAP.
Protocol
Purpose
Port
Example Use
SMTP
Send emails
25, 587 (secure)
Sending an email from Gmail
POP3
Receive emails (download & delete)
110, 995 (secure)
Downloading to one computer
IMAP
Receive emails (sync across devices)
143, 993 (secure)
Accessing Gmail on phone & laptop
๐ Email Journey Example
Sending an email from alice@gmail.com to bob@outlook.com:
Alice composes email in Gmail app
SMTP: Gmail app sends to Google's SMTP server (smtp.gmail.com:587)
SMTP: Google's server sends to Outlook's server (DNS lookup for outlook.com's MX record)
Email stored on Outlook's server
IMAP: Bob's email app retrieves from Outlook server (imap.outlook.com:993)
Bob reads email on his phone (email remains on server)
Bob opens laptopโemail is already there (IMAP sync)
๐ Securing the Web
Security is paramount in web programming. Let's explore the cryptographic mechanisms that protect our data online.
1. SSL Certificates
An SSL certificate is a digital certificate that authenticates a website's identity and enables encrypted connections. It binds a cryptographic key to an organization's details.
๐ What's in an SSL Certificate?
Domain Name: www.example.com
Organization Details: Company name, address
Public Key: Used for encryption
Issuer: Certificate Authority (CA) like Let's Encrypt, DigiCert
Validity Period: Start date and expiration date
Digital Signature: CA's signature verifying authenticity
Browser Check: Click the padlock icon ๐ in your browser's address bar to view a site's certificate details.
Certificate Authorities (CAs):
CAs are trusted third parties that verify domain ownership and issue certificates. Your browser trusts ~100 root CAs by default.
Free Option: Let's Encrypt provides free SSL certificates with automated renewalโmaking HTTPS accessible to everyone.
2. Encryption Algorithms
Encryption transforms readable data (plaintext) into unreadable data (ciphertext) using mathematical algorithms and keys.
Symmetric Encryption
Uses the same key for both encryption and decryption. Fast and efficient for large amounts of data.
Symmetric Encryption Example (AES)
from cryptography.fernet import Fernet
# Generate a key (both sender and receiver need this SAME key)
key = Fernet.generate_key()
cipher = Fernet(key)
# Encrypt
plaintext = b"Meet me at 3 PM"
ciphertext = cipher.encrypt(plaintext)
print(ciphertext)
# Output: b'gAAAAABhK3...(gibberish)...Q2M='
# Decrypt (using the SAME key)
decrypted = cipher.decrypt(ciphertext)
print(decrypted)
# Output: b'Meet me at 3 PM'
Symmetric Encryption Problem:
How do you securely share the key? If an attacker intercepts the key during transmission, they can decrypt all messages.
Solution: Asymmetric encryption for key exchange!
Asymmetric Encryption
Uses a key pair: a public key (shared openly) and a private key (kept secret). Data encrypted with the public key can only be decrypted with the private key.
๐ How Asymmetric Encryption Works
Scenario: Bob wants to send Alice a secret message.
Alice generates a key pair: Public Key (PubA) + Private Key (PrivA)
Alice shares PubA publicly (even on her website)
Bob encrypts message with PubA: "Hi Alice" โ Encrypted_Message
Bob sends Encrypted_Message (anyone can interceptโdoesn't matter!)
Alice decrypts with PrivA: Encrypted_Message โ "Hi Alice"
Key Insight: Even if the encrypted message is intercepted, only Alice's private key can decrypt it.
Asymmetric Encryption Example (RSA)
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes
# Generate key pair
private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
public_key = private_key.public_key()
# Encrypt with public key
message = b"Secret message"
ciphertext = public_key.encrypt(
message,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(), label=None)
)
# Decrypt with private key (only the private key holder can do this!)
plaintext = private_key.decrypt(
ciphertext,
padding.OAEP(mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(), label=None)
)
print(plaintext) # Output: b'Secret message'
Feature
Symmetric Encryption
Asymmetric Encryption
Keys
One shared key
Public key + Private key pair
Speed
โก Fast (1000x faster)
๐ข Slower
Key Distribution
โ Difficult (how to share securely?)
โ Easy (public key can be shared openly)
Use Case
Encrypting large data (files, databases)
Key exchange, digital signatures
Examples
AES, ChaCha20
RSA, ECC
HTTPS Combines Both:
When you visit an HTTPS website:
Asymmetric encryption (RSA/ECC) is used to securely exchange a symmetric key (SSL/TLS handshake)
Symmetric encryption (AES) is then used for the actual data transfer (faster)
This hybrid approach provides both security (asymmetric) and speed (symmetric).
3. Encryption Keys, Plaintext & Ciphertext
Plaintext: The original, readable message (e.g., "Hello World")
Ciphertext: The encrypted, unreadable message (e.g., "X8a#mP9$qL2")
Encryption Key: The secret value used to encrypt plaintext into ciphertext
Decryption Key: The secret value used to decrypt ciphertext back to plaintext (same as encryption key in symmetric, different in asymmetric)
Note: Modern encryption (AES, RSA) is vastly more complex and secure than Caesar cipher!
4. Hash Values & Digital Signatures
Hash Functions
A hash function takes input data of any size and produces a fixed-size output (hash value). It's a one-way functionโyou cannot reverse it to get the original data.
Hash Function Example (SHA-256)
import hashlib
# Hash a password
password = "MySecurePassword123"
hash_value = hashlib.sha256(password.encode()).hexdigest()
print(hash_value)
# Output: 8a8de823a3b58f5c3e5d8f9a0e7c3d2b1f9e8d7c6b5a4f3e2d1c0b9a8e7f6d5c
# Even a tiny change produces a completely different hash
password2 = "MySecurePassword124" # Changed last digit
hash_value2 = hashlib.sha256(password2.encode()).hexdigest()
print(hash_value2)
# Output: f3b2a1c9d8e7f6a5b4c3d2e1f0a9b8c7d6e5f4a3b2c1d0e9f8a7b6c5d4e3f2a1
Hash Function Properties:
Deterministic: Same input always produces same hash
Fixed Size: Output is always the same length (SHA-256 = 256 bits = 64 hex characters)
One-Way: Cannot reverse hash to get original input
Collision Resistant: Nearly impossible to find two inputs with the same hash
Avalanche Effect: Tiny input change = completely different hash
๐ Real-World Hash Uses
Password Storage: Store hash of password, not the password itself (even if database is breached, attacker can't get actual passwords)
File Integrity: Download a file and verify its hash matches the official hash (ensures file wasn't tampered with)
Blockchain: Each block contains a hash of the previous block (tampering breaks the chain)
Digital Signatures: Hash the document, then encrypt the hash with private key
Digital Signatures
A digital signature proves that a message came from a specific sender and hasn't been altered. It combines hashing and asymmetric encryption.
๐ How Digital Signatures Work
Alice signs a document:
Hash the document: Document โ Hash (e.g., SHA-256)
Encrypt the hash with private key: Hash + PrivateKey โ Signature
Send document + signature to Bob
Bob verifies the signature:
Decrypt signature with Alice's public key: Signature + PublicKey โ Hash_Original
Hash the received document: Document โ Hash_Received
Compare hashes: If Hash_Original == Hash_Received, signature is valid!
Guarantees:
Authenticity: Only Alice (with the private key) could have created this signature
Integrity: If document was modified, hashes won't match
Non-Repudiation: Alice can't deny signing (her private key was used)
5. Authentication & Authorization
Authentication: Verifying who you are (identity verification)
Authorization: Determining what you're allowed to do (permission management)
Concept
Question
Example
Authentication
"Who are you?"
Login with username + password, fingerprint, 2FA code
Authorization
"What can you do?"
User can view files, Admin can delete files
๐ Authentication vs Authorization Example
Airport Security:
Authentication: Showing your passport and ticket ("I am John Smith")
Authorization: Your ticket allows you into the Business Class lounge (permission)
Website:
Authentication: Login with email + password ("I am user@example.com")
Authorization: Your role (user/admin) determines if you can access the admin panel
Common Authentication Methods:
Password-based: Username + password (most common, but weakest alone)
Multi-Factor Authentication (MFA/2FA): Password + code from phone/app (much stronger)
Biometric: Fingerprint, Face ID, retina scan
Token-based: JWT (JSON Web Tokens), OAuth tokens
Certificate-based: SSL client certificates
๐ Big Data Impact on Web Architecture
The explosion of data generated by billions of internet users has fundamentally changed how web applications are designed and operated.
1. What is Big Data?
Big Data refers to datasets so large or complex that traditional data processing tools cannot handle them effectively. It's characterized by the 5 Vs:
Volume: Massive amounts of data (petabytes, exabytes)
Velocity: Data generated and processed at high speed (real-time streams)
Variety: Different formats (text, images, videos, sensor data, logs)
Veracity: Data quality and trustworthiness (dealing with noise and inconsistencies)
Value: Extracting meaningful insights from raw data
๐ Big Data Scale Examples
YouTube: 500 hours of video uploaded every minute (72,000 hours/day)
Facebook: 4 petabytes of data generated daily
Google: Processes 20+ petabytes of data per day
Netflix: 250+ million subscribers streaming, generating terabytes of viewing data hourly
Twitter/X: 500 million tweets sent per day
2. Data Mining
Data mining is the process of discovering patterns, correlations, and insights from large datasets using machine learning, statistics, and database systems.
๐ Data Mining Applications
E-Commerce Recommendations: Amazon analyzes your browsing and purchase history to suggest products ("Customers who bought this also bought...")
Fraud Detection: Banks analyze transaction patterns to identify suspicious activity (e.g., credit card used in two countries within an hour)
Social Media Trends: Twitter analyzes millions of tweets to identify trending topics
Healthcare: Analyzing patient data to predict disease outbreaks or identify treatment patterns
Marketing: Segmenting customers based on behavior to target ads effectively
Simple Data Mining Example (Association Rules)
# Market Basket Analysis: Finding product associations
# Example: "Customers who buy bread also buy butter"
from mlxtend.frequent_patterns import apriori, association_rules
import pandas as pd
# Transaction data
transactions = [
['bread', 'butter', 'milk'],
['bread', 'butter'],
['bread', 'milk'],
['butter', 'milk', 'eggs'],
['bread', 'butter', 'eggs']
]
# Convert to binary matrix (1 = purchased, 0 = not purchased)
# ... (processing code) ...
# Find frequent itemsets
# Result: {bread, butter} appears in 60% of transactions
# Association rule: If customer buys bread โ 80% chance they buy butter
# Web application can use this to recommend butter when bread is in cart!
3. Metadata: Data About Data
Metadata is information that describes other data. It provides context, structure, and additional details about the primary data.
Data Management: Easier to organize, search, and retrieve information
Privacy Concerns: Photos shared online may expose location data if metadata isn't stripped
4. Streaming Service Management
Streaming services like Netflix, Spotify, and YouTube face unique challenges in managing massive amounts of data and delivering content to millions of simultaneous users.
๐ Netflix Big Data Architecture
Challenges:
250+ million subscribers globally
Billions of viewing hours per month
Content delivery to varying internet speeds and devices
Personalized recommendations for each user
Solutions:
Content Delivery Networks (CDNs): Cache content in servers close to users (reduces latency)
Adaptive Bitrate Streaming: Automatically adjust video quality based on internet speed
Data Analytics: Track every interaction (pause, rewind, search) to improve recommendations
Distributed Databases: Cassandra for storing user data across multiple data centers
Machine Learning: Analyze viewing patterns to predict what you'll want to watch next
Scalability is Critical:
Traditional web architectures can't handle big data workloads. Modern approaches include:
Horizontal Scaling: Add more servers (not bigger servers)
Microservices: Break application into small, independent services
NoSQL Databases: MongoDB, Cassandra for flexible, scalable data storage
Cloud Computing: AWS, Google Cloud, Azure for elastic infrastructure
Data Streaming: Apache Kafka for real-time data processing
๐ Summary & Key Takeaways
Essential Web Concepts to Remember:
Data Transmission: Internet data travels in packets, routed via IP addresses, with DNS translating human-readable names
HTTPS = HTTP + SSL/TLS: Always use HTTPS for securityโencrypts data in transit
Encryption: Symmetric (fast, shared key) for data; Asymmetric (slow, key pair) for key exchange
Authentication โ Authorization: Who you are vs. what you can do
Big Data: Drives modern web architecture decisions (CDNs, NoSQL, microservices)
Protocol Summary Table
Protocol
Port
Purpose
Security
HTTP
80
Web page requests
โ No encryption
HTTPS
443
Secure web requests
โ SSL/TLS encryption
FTP
20, 21
File transfer
โ No encryption
SFTP
22
Secure file transfer
โ SSH encryption
SMTP
25, 587
Send emails
โ ๏ธ Optional (TLS available)
POP3
110, 995
Receive emails (download)
โ ๏ธ Optional (SSL available)
IMAP
143, 993
Receive emails (sync)
โ ๏ธ Optional (SSL available)
DNS
53
Domain name resolution
โ ๏ธ Optional (DNSSEC available)
Exam Preparation Tips
Know the difference between HTTP (port 80, insecure) and HTTPS (port 443, secure with SSL/TLS)