As we previously discussed, all webpages opened in your browser are in HTML codes which can be viewed by everyone who has access to those webpages. But the question is that how can they be secure enough? Before I answer this question I should I first show you briefly what is actually happening every time you visit a webpage, consider the following scenario:
- You enter a link in your browsers URL field. Once you do this, your browser sends a request (known as HTTP request) to a server in some part of the world that holds the data of that website. Basically all this means is that your browser asks the server to send it a file (could be and HTML file, image file, or any other file format)
- The server looks through a database of files to find the file you requested. The server returns back a status code along with the file (if found) to your browser. Now, several situations may happen based on the status code the server returns back to your browser. A few of them are the following:
404: File was not found on the domain.
for example: you entered: www.sfu.ca/images, but in the domain sfu.ca there is no such directory
403: Permission Denied
File exists on the domain, but the permissions deny your access to the file (for example when the files can be accessed only locally and not through the web)
This means that the file was found. In this case the server sends back the requested file to your browser.
In later posts I will talk about security and different server-sided languages