Full Stack for Front-Ends Part 2

Full Stack for Front-Ends Part 2 Why HTTPS

Topics:
Jem Young
Jem Young
Netflix

This course has been updated! We now recommend you take the Full Stack for Front-End Engineers, v3 course.

Check out a free preview of the full Full Stack for Front-Ends Part 2 course:
The "Why HTTPS" Lesson is part of the full, Full Stack for Front-Ends Part 2 course featured in this preview video. Here's what you'd learn in this lesson:

Reinforcing good security practices, Jem leads a discussion on what HTTPS is, and why it matters.

Get Unlimited Access Now

Transcript from the "Why HTTPS" Lesson

[00:00:00]
>> Jem Young: So next let's talk a little bit about HTTPS. What is it? Why do we care? Well for the what is it, let's check out sweet jemyoung.com. Wow, amazing, should be a designer. Look at that, it doesn't even scale properly. But we do have this nice certificate here, it's HTTPS.

[00:00:23] That just means I'm running a severe connection, no one can man in the middle attack me, or they can't man in the middle and change the data outs. What does man in the middle mean, anybody? Surely you've heard this term at some point in your careers.
>> Speaker 2: Not actually going all the way to the server you think you are, instead somebody's intercepting your traffic and sending something back.

[00:00:47]
>> Jem Young: Yeah, that's half, yes, but that's correct. So man in the middle is just somebody sitting in between you and the server. Generally in a man in the middle attack, you read all their data, but you don't send it back cuz if you do that, you'll know something's wrong.

[00:01:02] The best man in the middle attacks just let traffic pass through and they just make a copy of it all. That's what you can do with regular HTTP. And it's kind of silly that the Internet used to be like that, we used to let credit cards and things be sent over clear text.

[00:01:16] When we use HTTPS, that's all encrypted. So it's saying I go to jemyoung.com, I have a certificate and it's signed. So think of a giant SSHD, that's not correct, but think of it that way, that giant block of code. I'm encrypting all my traffic with that block of code.

[00:01:32] I send back a key to the client, and the client saves that. So everything then it just handshakes and says, all right, you are who you say you are and I can decrypt all this traffic. And if you try to man in the middle attack on a HTTPS connection, it's just gonna be gibberish cuz it's all encrypted.

[00:01:48] That's why we want HTTPS, but that's the long and short of it. The better way why you want HTTPS is because you have to. [LAUGH] All the good technology, Web Bluetooth, service workers, things like that. Browsers all got together and said, people need to be HTTPS. How can we make them do it?

[00:02:05] We're just gonna put the good stuff behind HTTPS. So you can't run a service work on your site without being secure. You can't use Web Bluetooth without being secure. Most of the modern technologies that are coming out now and in the future, you have to use HTTPS, so that's kind of why.

[00:02:19] Second benefit is you get HTTP/2, which we're gonna talk about in the end, and we're gonna set that up as well. But too long didn't read, didn't listen, you want HTTPS. And now, it used to be much, much harder, like months of work. Now we can do it in not too long, a few minutes.

[00:02:36] It's awesome, we've come a long from the old way.