A Matter of Protocol : Explaining FTP, HTTP, SMTP …

One of the jokes you’ll hear about us computer geeks is that we like to speak in TLAs, or “three letter acronyms”.  Get it?  We *have* a three letter acronym for the expression, three-letter acronym.  These days of course they’re usually 4 letters since we ran out of 3 letter combinations a long time ago, but now I just sound old.

Anyway, if you’re going to play on the web you’re going to hear the term HTTP a lot.  Some people think that it’s useless at this point, that web browsers should not even include it anymore because it’s just assumed.

I disagree, strongly.  HTTP is a very specific thing, something that you will be paying for if you’re running a web site, so something that you should understand so you know what you’re getting.  You should also know what else can go in that spot besides HTTP, and what the difference is.

It’s important to begin with a very simple concept, and build from there.  Just about all the communication between networked computers takes the form of “request / response”.  That is, your computer makes a request of another computer, and that computer responds.  Now, both the request and the response (and everything else a computer does) reduces all the way down to a stream of 1’s and 0’s, so there has to be some sort of structure to those 1’s and 0’s that allows the receiving computer to know “Oh, ok, this is a request for a web page.”

See that P at the end of all the acronyms?  That stands for Protocol. A protocol is an agreed upon set of rules for how communication between two parties will take place.  Consider the transaction of going to a fast food restaurant.  The person behind the register will ask for your order, you will recite some items from the menu.  The person behind the register will tell you the total price, you will pay, then you will get your food.  That’s a protocol.  Remember that both parties have to understand the protocol for it to work.  If you tried to apply the McDonald’s protocol at, say, the post office?  It wouldn’t work so well.

The T next to the P stands for Transfer, and is really kind of redundant.  Just about every request between two computers is a request to transfer some information from one to the other.  We just put the T there to make it clear.

The rest of the letters describe what kind of transaction is going on.  The most common are:

FTP : File Transfer Protocol.  FTP is used for moving files between computers.  Nothing is done with the files – you do not open email or videos, or display web pages. This is the Internet’s way of copying files directly between computers.

Do you need FTP?  Probably not, since it can be simulated on an HTTP server.  The most common usage for an FTP server these days is if you’re not currently in the business of moving very large files between computers, and then all of a sudden you have need to do so.  Rather than expose a section of your web site for this purpose, you might instead opt to put the file you need to move on an FTP server somewhere, and let the people who need that file know how to get at it.

HTTP :HyperText Transfer Protocol.  Much of what you know as the Web is actually a whole bunch of “hypertext” pages.  This is what HTML stands for as well – HyperText Markup Language.  You request an HTML page and your browser displays it.  How you browse the web is by clicking on links in the web page, which signal to the browser to go get another page.  This clicking on links?  That’s the hypertext bit.  It may sound obvious now?  But really, this is the whole deal of the web, this linking thing.  Before about 1991 or so, we just didn’t have that.  Every time you needed a file you went and made another FTP request to get it, and then opened it up in an editor or something on your own.  It was the brainstorm of the web founders to say “Hey, what if we made one single program that got the files, displayed them, and made a way to tie them all together so you could just follow links between them?”

Do you need HTTP?  Well yes, of course you do.  This is what the web is.

HTTPS : HyperText Transfer Protocol, Secure.  The existence of HTTPS is a good reason why you should understand what HTTP is.   What does it mean for a connection to be secure, or not?  It’s hard to explain in short time, but consider two points.  First, when that stream of 1’s and 0’s moves back and forth between your computer and the other guy’s?  Yeah, bad guys can listen in on that.  There’s lots of different ways, and it’s far too complicated to get into here.  Second, how do you really know that the site you’ve connected to is who it says it is?  You think you connected to your bank and typed in your password, but how do you know that you didn’t just click through to a site that looks exactly like your bank, but is really a fake site that has been set up to trick you into typing in your password?  This is actually a technique known as “phishing”, and you may have seen it in the wild.  Ever gotten an unexpected email that looks like it’s from your bank, saying “We have to verify your identify, please click here and enter in your personal information?”  Yeah, that’s the bad guys.

There are a number of steps that you’ll need to perform if you want to support HTTPS, which mostly entail proving to the right people that you are who you say you are and paying for something called a “server certificate.”  Once you have this, people who connect to your servers will have proof that you are who you claim to be, and the connection will become encrypted so no one can snoop on the conversation.

Do you need HTTPS?  If you plan on doing anything related to ecommerce, any tracking of customer’s personal or financial data, then you absolutely want to set up HTTPS.  No customer should ever be expected to enter personal information into a web site that is not secure.

For more information on setting up HTTPS, be sure to ask your hosting provider.  They will no doubt have the appropriate step-by-step documentation.

SMTP : SendMail Transfer Protocol.  Do you want to send email from your domain?  On your business cards would you like to write “bob@bobspizza.org”?  If so, you’re going to be running an SMTP server.  When somebody tries to email bob@bobspizza.org, your machines will be listening for requests that conform to the SMTP protocol, and respond accordingly.

Do you need SMTP?  It’s always a good idea to have email from your domain.  Putting a Yahoo or Hotmail address on your business cards doesn’t look very professional.  The good news is that your hosting option almost certainly has some sort of e-mail capabilities that came along with it, even if you have to pay extra for them.  In other words, you don’t have to do any extra work to get this, you just have to fill in the right forms.  Highly recommended.

VoIP : Voice Over Internet Protocol.  I’m throwing this one in just for completeness, because it almost certainly won’t be of interest to you unless you’re going in to this business.  I just wanted to show that they are not all variations on the Transfer protocol.  VoIP refers to the ability to make a telephone call over the Internet.  The concept is the same – an originating computer has to make a request of a certain format to the receiving computer, only instead of a one-time transfer of file, the connection remains open for streaming the conversation.

So that’s your lesson in Transfer Protocols, hope it made sense.  At a minimum you’re buying the ability for people to make an HTTP connection to you, and probably an SMTP connection as well.  If you need it you’ll also get the secure HTTPS as well.  You probably won’t bother with FTP, because you likely won’t need it.