Moon Goose Flying High, Jiwang Knows All-22 Selected Jiwang Interview Questions

Computer network knowledge

1. HTTP protocol version

• http 0.9
  • There is only one GET command, and the server can only respond to strings in HTML format
• http 1.0
  • Introduced POST and http data headers
  • Each TCP request can only send one request, after sending the data, the connection is closed
  • The header information is ASCII code, and the following data can be in any form. When the server responds, it will tell the client what format the data is, that is, the role of the Content-Type field.
• http 1.1
  • New methods PUT, PATCH, OPTIONS, DELETE
  • Introduced persistent connection, that is, TCP connection is not closed by default and can be reused by multiple requests.
  • In the same TCP connection, all data communications are carried out in sequence, which is likely to cause blockage at the head of the line
• http 2.0
  • The header information and data body are both binary, called header information frame and data frame
  • Multiplexing TCP connections. In the same connection, both the client and the browser can send multiple requests or responses at the same time, and there is no need to follow the sequence one-to-one correspondence, avoiding the "head of line jam". At this time, two-way real-time communication is called multiple work
  • The header information compression mechanism is introduced; the client and the server maintain a header information table at the same time, all fields will be stored in this table to generate an index number, and the same field is not sent, only the index number is sent, which improves the speed.
  • Allow the server to actively send resources to the client without request, that is, server push

The difference between http1.0 and http1.1

• Long connection: http1.1 supports long connection and request pipeline processing
• Cache processing: http1.1 introduces more cache control strategies
• Bandwidth optimization and network connection usage
• Management of error notifications
• Host header processing

2. Uses of several HTTP request methods

• GET: Send a request to get some resources on the server
• POST: Submit data or append new data to the resource specified by the URL, without specifying the location of the resource on the server
• PUT: You can submit data to the server and specify the location of the resource on the server
• HEAD: the header of the request page
• DELETE: delete a Xiyuan on the server
• OPTIONS: Used to get the methods supported by the current URL. After the request is successful, the Allow header will contain information like GET, POST, etc.
• TARCE: used to stimulate a remote application layer request message loop
• CONNECT: Transfer the requested connection to the TCP/TP channel

The difference between GET and POST

• GET is used for information acquisition, using URL to pass parameters, and the amount of information sent is limited
• POST is used to modify resources on the server

Main features of HTTP protocol

• Simple and fast
• Flexible and expandable
• no connection
• Reliable transmission

HTTP disadvantages

• no status
• Clear text transmission
• Head of line blocking

2.1 HTTPS

​ The HTTP protocol is carried on the TCP protocol. A security protocol is added between HTTP and TCP, SSL or TSL, which is HTTPS

2.2 The components of the HTTP message

2.2.1 Request message

• Request line
  • Request method
  • Request URL
  • HTTP protocol and version
• Request header
  • A bunch of key-value pairs
• Blank line
  • Indicates that the following content is the request body
• Request body
  • Request data

2.2.2 Response message

• Status line
  • HTTP protocol and version
  • status code
  • status description
• Response header
• Blank line
• Response body

2.3 Comparison of Https and Http

• transfer method

  • HTTP transmission method: plaintext transmission, data interaction between the website or related services and the user is not encrypted, which is easy to be monitored and tampered
  • https transmission mode: SSL layer is added to HTTP, user data transmission is encrypted

• Authentication

  • http: No identity authentication, users cannot identify the real identity of the website through http
  • https: After CA multi-certification, including domain name management authority certification, etc.

• cost

  • http: Without any usage cost, all websites are in http mode by default
  • https: cost is required, and SSL integer needs to be applied to realize https

• Connection port

  • http：80
  • https：443

3. Steps to enter URL from browser to display page

• The browser looks up the IP address of the domain name:
  • Find browser cache: DNS records
  • Find system cache: hosts file
  • Find router cache: DNS cache
  • Recursive query
  • Iterative query
• The browser establishes a TCP connection with the target server
  • Find the IP address through DNS resolution to establish a TCP connection
  • Three handshake
• The browser sends the request through the http protocol
  • The browser sends an HTTP-GET method message request to the host.
• Some servers will make permanent redirect response
  • The role of redirection: In order to load balance or import traffic, improve SEO rankings, use a front-end server to accept requests, and then load them to different hosts, which can greatly improve the concurrent processing capacity of the site's business; redirection can also transfer multiple domain names Visit, centralized to one site;
• Browser tracking redirect address
• Server processing request
• The server sends an HTML response
• Release TCP connection
• Browser display page
• Browser sends to get other content embedded in HTML

4. Three handshake and four waves

Third handshake: SYN, ACK

• When establishing a connection, the client sends a SYN packet to the server, and enters the SYN_SENT state, waiting for the server to confirm, where SYN is the synchronization sequence number

• When the server receives the SYN packet, it must confirm the client's SYN packet, and at the same time send a SYN packet, that is, the SYN+ACK packet, and the server enters the SYN_RECV state.

• The client receives the SYN+ACK packet from the server, and sends an acknowledgment packet ACK to the server. After the packet is sent, the client and server enter the ESTABLISHED state and complete the three-way handshake

  The third handshake: to prevent invalid connection request segments from being received by the server, resulting in errors

Wave four times

• The party that actively closes sends a FIN transmission data to tell the other party that it will not send you data actively. At this time, the party who actively shut down can still accept data
• Passively close and put the FIN packet, send ACK to the other party, confirm the serial number
• Passively closed send a FIN to the closing party, saying that no more data will be sent to you
• The active closing party receives FIN and sends it to ACK to confirm the sequence number

5. Web performance optimization technology

​ Reduce client forgetting to delay and optimize page rendering performance to improve web performance

• DNS query optimization
• Client cache
• Optimize TCP connection
• Avoid redirection
• Caching at the edge of the network
• Conditional cache
• Compression and code extremely simplified
• Picture optimization

6. Website performance optimization

• In terms of content: reduce HTTP requests (merged files, CSS wizards), reduce DNS queries (DNS cache, distribute resources to an appropriate number of hostnames), reduce the number of DOM elements
• For cookies, reduce their size
• For css, put the style sheet at the top of the page; do not use css expressions; compress css, css is imported from outside
• Optimize code and pictures

7. Http status code and meaning

• 1XX is the information status code
  • 100 means continue, which means confirmation, and the specific parameter information is returned successfully
• 2XX success
  • 200 Normal return information
  • 201 indicates that the request was successful and the server created a new resource
  • 202 indicates that the server has received the request but has not yet processed it
• 3XX redirect
  • 301 permanent redirect
  • 302 Temporary redirect
  • 303 Temporary redirection, and always use GET to request a new URL
  • 304 The requested page has not been modified since the last request
• 4XX client error
  • 404 not found
  • 401 Request unauthorized
  • 403 Forbidden
• 5XX server error
  • 500 common server errors
  • 503 The server is temporarily unable to process the request, it may be overloaded or maintained

8. The difference between cookies, sessionStorage and localStorage

• Cookies are data stored on the user's local terminal for the website to identify the user's province
• The cookie data is always carried in the same-origin http request, even if it is not needed, so it will be passed back and forth between the browser and the server
• sessionStorage and localStorage will not automatically send data to the server, only save it locally
• Storage size
  • The size of cookie data cannot exceed 4K, sessionStorage and localStorage can reach 5M or more
• Limited time
  • localStorage stores persistent data, the data will not be lost after the browser is closed, unless deleted actively
  • sessionStorage data is automatically deleted after the current browser window is closed
  • It is valid until the cookie expiration time is set, even if the window is closed or the browser is closed

9. The benefits of storing network resources with multiple domain names

• CDN caching is more convenient
• Break through browser concurrency limits
• Save cookie bandwidth
• Save the number of connections to the main domain name and optimize page response speed
• Prevent unnecessary safety issues

10. The browser generates an http request message

11. OSI model

• Physical layer: What is considered is how to transmit the data bit stream on the transmission medium, as far as possible to shield the difference of transmission media and communication means. (Repeater.)
• Data link layer: transfer and identify data frames between interconnected devices (bridge)
• Network layer: address management and routing (router)
• Transport layer: manage data transmission between two nodes (TCP, UDP)
• Session layer: communication management, responsible for rewards and disconnection of communication connections
• Presentation layer: conversion of device's inherent data format and network standard data format
• Application layer: protocols for specific applications (HTTP, FTP)

12. TCP/IP model

• Application layer: Determines the communication activities (HTTP, FTP) when users want to provide application services
• Transport layer: corresponding to the upper application layer, providing data transmission (TCP, UDP) between two computers in a network connection
• Network layer: used to process data packets flowing on the network (Internet Protocol IP)
• Link layer: used to process the hardware part of the connection network (Ethernet, WI-FI)

13、UDP

• UDP is a message-oriented protocol that does not perform any split or splicing operations on the message, and the header is only 8 bytes
• Connectionless, unreliable, no congestion control, packet loss

14、TCP

• It is based on the connection protocol, the header is 20 bytes
• Full duplex, two-way transmission
• j Based on byte stream, unlimited data size, packed into message segments to ensure orderly reception and automatic discard of duplicate messages
• Congestion control is used to deal with the mismatch between the processing capabilities of both parties
• Have reliable transmission service, guarantee reachability, and achieve reliability through retransmission mechanism when packet is lost
• Sequence number The sequence number ensures that the packets transmitted by TCP are in order
• Window Size represents the size of the window, how many bytes of data can still be accepted
• Acknowledgement Number represents the data of the previous serial number and received, what is the next byte number that the receiving end hopes to accept

14.1 Identifier

• ACK=1 means the confirmation number field is valid
• SYN=1 ACK=0 means that the current segment is a connection request message
• SYN=1 ACK=1 means that the current segment is a response message to establish a unified connection
• FIN=1 means this segment is a request message to release the connection
• URG emergency value is valid
• RST reset connection
• The PSH receiver should deliver this message to the application layer as soon as possible

14.2 TCP congestion control

Congestion window

Slow start threshold

15. Security issues CSRF and XSS

15.1 CSRF: Cross-site request forgery

• CSRF attack: The attacker has stolen your identity and sent malicious requests with your details

• Principle of CSRF: Log in to trusted website A, generate cookies locally, and visit dangerous website B without logging out of A

• CSRF defense method

  • Token verification (most used)
    • The server sends a token to the client
    • This token is included in the form submitted by the client
    • If the token is illegal, the server will reject the request
  • Hidden token
    • Hide the token in the http head
  • Referer verification
    • Referer refers to the source of the page request, only accept the request from this site, the server will respond, if not, intercept

15.2 XSS: Cross-domain scripting attack

​ xss is a vulnerability that occurs in the web front end. The malicious attacker inserts malicious script code into the web page and runs the scrip code in the browser. To achieve the purpose of malicious attacks on users.

• Xss attack: Need to inject malicious code into the web page, which is successfully executed by the browser
• xss attack method
  • Reflective type: When sending a request, the xss code appears in the url and is submitted to the server as input. After the server parses, the XSS code is passed to the browser along with the corresponding, and finally the XSS code is parsed and executed in the browser.
  • Storage type: The submitted code will be stored on the server side (database, memory, file system), the next time you request the target page, you do not need to submit the xss code

15.3 The difference between the two

• CSRF needs to log in first, get cookies, and then use the vulnerability of the website to request the website’s api
• XSS does not require login, directly injects JS code into the website, tampering with the content of the website

16、cookie

​ Cookie is the data (usually encrypted) stored in the user's local terminal for the purpose of identifying the user's identity and performing session tracking. The information is temporarily or permanently stored by the user's client computer.

• Data stored on the user's local terminal

• Used to identify users

• Save in the user's local terminal

  The role of cookie is to solve how to record the user information of the client

16.1 Cookie Principle

​ The browser requests the server for the first time, and the server responds with a cookie to the browser, and subsequent browsers carry the cookie to the server. The server judges the user based on the cookie and can also modify the content of the cookie

16.2 Cookie properties

​ Name、Value、Domain、Path、Expires/Max-Age、Size、HttpOnly、Secure、SameSite

• HttpOnly

  When this property is set to true, the cookie value cannot be obtained through the js script, which can effectively prevent xss attacks

• Secure

  The cookie marked as Secure can only be sent to the server by the request encrypted by the https protocol. Single cannot guarantee its safety

• SameSite

  Cookie operation server requires that a certain cookie will not be sent in cross-site request, which can prevent extended request forgery attacks (CSRF)

  • None: The browser continues to send cookies under the same site request or cross-site request, not case-sensitive (all three-party requests will carry cookies)
  • Strict: The browser only sends cookies when visiting the same site (all third-party connections will not carry cookies)
  • Lax: Same-site cookies will be reserved for some cross-site requests, such as image loading or frames calls, and will only be sent when the user navigates to the URL from an external site (only synchronous and get requests can carry cookies)

17、token

​ Token is a token of the client, which is obtained when the first login, and there is no need to frequently access the database and query the user password in the future.

• solved problem:
  • Token is completely managed by the application, so it can avoid the same-origin policy
  • Token can avoid CSRF attacks
  • Token can be stateless and can be contributed among multiple servers
• a bit of tocken
  • Stateless and scalable
  • safety
  • Multi-platform and cross-domain
  • Based on standards

18、cookie，session，token

• Cookie: Stored on the client, used to save the client session information, security cannot be guaranteed
• session: on the server side, save the authentication user information
• token: It is an authentication method (it means "token", mainly used for identity verification)

19, URI

​ URL Uniform Resource Locator, URI, Uniform Resource Identifier. URI is used to distinguish different resources on the network

​ URI contains URN and URL

20. Three exchange methods:

• Telephone exchange: establish a dedicated physical link, always occupied; simple and crude, low resource utilization,
• Message exchange: It is to send the entire message to the link completely, and then send it to the next node after it is stored in a node.
• Packet switching: Divide a long message into several shorter packets, and then send these packets (carrying source, destination address and number information) one by one.

21. Delay

Delay = transmission delay + propagation delay + processing delay + queuing delay.

• Transmission delay (transmission delay): the total time required from the start of sending the data frame to the completion of the data frame.
• Propagation delay: the total time required for the sender to start sending data until the receiver receives the data. (The time of electromagnetic waves in communication)

22. WEB page request process:

• Send a DNS query message to the DNS server to resolve the domain name.
• To start an HTTP session, you need to establish a TCP connection.
• In the transmission process of the transport layer, HTTP messages are encapsulated into TCP. The HTTP request message uses port number 80 because the server listens on port 80. After the connection is established, the server will randomly assign a port number to a specific client, and all subsequent TCO transmissions will use this port number.
• In the transmission process of the network layer, TCP segments are encapsulated into IP packets, and the IP packets are routed to the final destination.
• At the link layer, IP packets are encapsulated into MAC frames, and ARP is required to resolve IP addresses into MAC addresses.
• The client sends an HTTP request message to request a page.
• The server sends the corresponding HTTP message, and the client obtains the page.
• After the browser obtains the content of the page, it parses and renders, and displays the page to the user.

At last

• If you feel that you are rewarded after reading, I hope to give me a thumbs up. This will be my biggest motivation for updating. Thank you for your support.
• Welcome everyone to pay attention to my official account [java Toka Fox], focus on the basic knowledge of java and computer, and ensure that you will get something after reading it. If you don’t believe me, hit me
• If you have different opinions or suggestions after reading, welcome to comment and share. Thank you for your support and love.