Hopefully, given that you probably use passwords on the internet, you already know how to work out what the domain is. But for a lot of us (myself included), this wasn't part of the curriculum at school, so if you're unsure then here are the instructions. You might want to skip straight to the test and just come back to this afterwards if you don't score 100%.
For this test we'll pretend that you've got an account on the site wobble.com. For each of these URLs you must decide whether or not you are on the domain wobble.com. Do you merrily type away and enter your password, or run away?
And here are the answers:
So how did you do? Well actually, the test was a trick. The answer is that you shouldn't have typed your password in on any of those URLs, because none of them have https:// at the beginning, meaning that your connection to the server is not secure and the password you type could be read by eavesdroppers when you submit the form. In fact, without https you don't actually know that you're looking at the right domain, as someone could be intercepting the traffic and serving you totally different pages to the real ones.
1. After the initial http://, find the first slash and discard everything after it.
2. Find the last dot before the .com (or .co.uk, .net, .org.uk or whatever the ending is) and discard everything before it.
3. What's left is the domain.
The Test... Type Away, Or Run Away?
For this test we'll pretend that you've got an account on the site wobble.com. For each of these URLs you must decide whether or not you are on the domain wobble.com. Do you merrily type away and enter your password, or run away?
- http://www.wobble.com/login.html
- http://wobble.com/login.html
- http://www2.wobble.com/please-login.html
- http://www-wobble.com/login.html
- http-www.wobble.com/login.html
- http://www.wobble.com.com
- http://www.wobble.com.wobble.www.com
- http://http-www.wobble.com.museum/http://www.wobble.com/login.html
- http://www.www-wobble.com.wobble.com
- http://www.wobble.com.login.html
- http://www.wobble.com/www.login.php
- http://wobb1e.com/new-login-page.html
- http://www.wobble.co.uk/login-page.html
And here are the answers:
- Yep, that's a subdomain of www on the domain wobble.com. Type away.
- Again that's fine. This is the "naked" domain without the www subdomain. Type away.
- Yep, that's a subdomain www2, still on wobble.com. Type away.
- Nope, that's www-wobble.com, not to be confused with www.wobble.com. Run away.
- Yep, that's a subdomain of http-www on wobble.com. An odd URL, but it still belongs to wobble.com
- Nope, that domain is com.com, with a subdomain of www.wobble. Run away.
- Nope, that domain is www.com, with a subdomain of www.wobble.com.wobble. Weird. Run away.
- Nope, that domain is com.museum with a subdomain of http-www.wobble. And com.museum is not necessarily anything to do with wobble.com. Run away. More about strange top-level domains below.
- Yep, that's wobble.com, with a 2-level subdomain of www.www-wobble.com. Add odd choice for a subdomain, so I would definitely raise an eyebrow, but technically it does belong to wobble.com.
- Nope, that's a domain of login.html, with a 3-level subdomain of www.wobble.com. Again more about odd top-level domains below.
- Yep, that's fine. You can ignore everything after the /, so the www.login.php is part of the URL path, not part of the domain.
- Nope, that's wobb1e.com, very different to wobble.com. Note the difference between the digit 1 and the letter l. Be careful. I admit that I've deliberately put the URLs in a font which makes these 2 characters hard to distinguish, but I wanted to ram home the point that you should read what's in your browser's address bar very carefully.
- Nope, that's wobble.co.uk. Not necessarily anything to do with wobble.com.
So how did you do? Well actually, the test was a trick. The answer is that you shouldn't have typed your password in on any of those URLs, because none of them have https:// at the beginning, meaning that your connection to the server is not secure and the password you type could be read by eavesdroppers when you submit the form. In fact, without https you don't actually know that you're looking at the right domain, as someone could be intercepting the traffic and serving you totally different pages to the real ones.
The Bottom Line
- The right domain.
- HTTPS.
If in doubt then open a new tab and type the address yourself.
Subdomains
A domain name consists of a global top-level domain (gTLD) and then one or more child subdomains with the dot character (period/full stop) being what separates each subdomain. The gTLD is the end part of the domain, most commonly .com, .net, .biz or .org. Each country also has its own gTLD, e.g. .fr, .de, or .uk. In some countries, such as the UK, this domain is itself divided into a few subdomains such as .co.uk, .org.uk, .gov.uk and .ac.uk. Domains under .co.uk or .org.uk are then available for sale to the public, whereas .gov.uk and .ac.uk are reserved for the government and educational establishments respectively.
When a member of the public buys a .co.uk or .org.uk domain name they buy the level underneath .co.uk, e.g., cheesecake.co.uk. They then control this domain, which means that if they want to add further subdomains they can, so they could add www.cheesecake.co.uk, tasty.cheesecake.co.uk or even several levels of subdomain like i.would.really.like.a.cheesecake.co.uk. All of these subdomains are controlled by the owner of cheesecake.co.uk, so you know that any domain under cheesecake.co.uk is in their control.
In general, if you trust a domain, then you are safe to trust any subdomains underneath it. For example, if you have an account with google.com, then it's safe to type your password on accounts.google.com.
In some situations the owner of a domain will give control of subdomains to its users, a good example of which is this blog. I don't own blogspot.co.uk, but when I created my blog on Blogger I was given the ability to create pages on whirledwiseweb.blogspot.co.uk. In most of these situations though, you will find that there is never a log in page on the parent domain. E.g. there is no log in page on blogspot.com; when you log into Blogger you log in on blogger.com. For this reason it's worth being aware of the domain which you create your account on, and making sure that you only ever type your password in on that domain in the future.
This is why I included a couple of strange-looking gTLDs in my list of domains. Just to make you aware of the fact that domain names won't necessarily end in familiar-looking .com or .org anymore.
When a member of the public buys a .co.uk or .org.uk domain name they buy the level underneath .co.uk, e.g., cheesecake.co.uk. They then control this domain, which means that if they want to add further subdomains they can, so they could add www.cheesecake.co.uk, tasty.cheesecake.co.uk or even several levels of subdomain like i.would.really.like.a.cheesecake.co.uk. All of these subdomains are controlled by the owner of cheesecake.co.uk, so you know that any domain under cheesecake.co.uk is in their control.
In general, if you trust a domain, then you are safe to trust any subdomains underneath it. For example, if you have an account with google.com, then it's safe to type your password on accounts.google.com.
In some situations the owner of a domain will give control of subdomains to its users, a good example of which is this blog. I don't own blogspot.co.uk, but when I created my blog on Blogger I was given the ability to create pages on whirledwiseweb.blogspot.co.uk. In most of these situations though, you will find that there is never a log in page on the parent domain. E.g. there is no log in page on blogspot.com; when you log into Blogger you log in on blogger.com. For this reason it's worth being aware of the domain which you create your account on, and making sure that you only ever type your password in on that domain in the future.
New Global Top-Level Domains
Until recently there was a fairly limited set of global top-level domains, which consisted mostly of .com, .org, .net, .biz, one for each country, and a few others. But this list is now being expanded, with private individuals being allowed to purchase their own global top level domain, such as .pepsi. So instead of www.pepsi.com, they can now have www.pepsi.This is why I included a couple of strange-looking gTLDs in my list of domains. Just to make you aware of the fact that domain names won't necessarily end in familiar-looking .com or .org anymore.
Why WWW?
Traditionally, most websites serve their web traffic on a subdomain of www.. Bear in mind that most web servers will also be dealing with email traffic and potentially other things, so people like you visiting with your web browser are just part of what the site is handling. For this reason it's customary to serve "normal" web traffic on www., and to deal with other things on other subdomains such as mail. or ftp.. Some sites, such as Twitter, serve their web traffic on the naked domain of twitter.com and don't use a www subdomain. There's nothing special about www though, zzz would work just as well.
More fun and games soon...
This comment has been removed by a blog administrator.
ReplyDelete