Basic knowledge of web security (1)

Others 2021-02-28 23:19:49 views: null

Basic knowledge of web security

One, TCP's three-way handshake

Insert picture description here

Second, the four waves of TCP

Insert picture description here

Three, the request process of the web application

1. User input url: **.cn (URL connection to be accessed)
2. DNS domain name resolution
3. Establish TCP connection (three-way handshake of TCP)
4. Send HTTP Request
5, web server response
6, application server response
7, Close the TCP connection (four waves of TCP)
8. The user browser renders the page

Fourth, the characteristics of HTTP hypertext transmission

1. Built on the basis of TCP protocol;
2. Stateless

5. URL given URI

URL: Uniform Resource Locator
URI: Uniform Resource Identifier

Six, the analysis of each part of the URL

Example: http://www.exampe.com:80/dir/index.html?uid=1#ch1
http://——protocol
www.exampe.com——server address 80 ——
port number
/dir/index .html——file path
?uid——query string
#ch1——fragment identifier

Seven, HTTP method

GET: Get resources-get the specified message of the requested page; request parameters are in the request header; request length is limited
POST: transfer entity subject-get the specified message of the requested page, request parameters are in the request body
HEAD: return the message header
OPTIONS : Ask for supported methods
PUT: Transfer files
DELETE delete files

Eight, HTTP status code

200: The client request was successful (the most common content)
204: The request was processed successfully, but no resources were returned
206: The client made a scope request
301: Permanent redirection, indicating that the resource has been assigned a new URL, and the resource should be used in the future The URL now referred to
302: Temporary redirect, indicating that the resource has been assigned a new URL, and it is hoped that the user can use the new URL this time.
304: The server resource has not changed, and the unexpired cache can be used directly.
400: There is a request syntax Message error, need to be modified and sent again.
401: This status code means that HTTP authentication is required.
403: The resource requesting access is rejected.
404: The resource is not found on the server.
500: Server internal error
503: The server cannot currently process the client's request.

Nine, the first part of HTTP (heavy and difficult points)

1. What is it? The HTTP protocol request and response must contain the HTTP header; the HTTP header provides the required information for the client and the service segment to process the request and response respectively.
2. HTTP request message composition: request line, request header, request body
3. HTTP response message composition: corresponding line, response header, response body
4. HTTP header field content: general header field, request header field, response Header field, entity header field
5, the general header field in the HTTP header field contains content:
cache-control-control cache;
connection-connection management
; date-date and time of creation of the message
6, HTTP header field request field contains The content of:
Host——The host and number of the requested resource;
User-Agent——The client operating system, browser and other information
Referer——The previous page that visited the current page
Cookie——The identity authentication of the requester
Accept——The client Which MIMF type messages the client wants to accept
Accept-Charst——Specify the character set
7 received by the client , the content of the corresponding field in the HTTP header field:
Server——The name of the web service used by the server
Set-Cookie——To the client Set the cookie
Last-Modified-tell the browser the last time to change
Content-Length-body length
Location-guide the user to a resource that is different from the requested URI
8. The content contained in the entity header field in the HTTP header field:
Allow——notify the HTTP method that the client can support
Content-Encoding——notify the character encoding used by the service for the entity body
Content-Language——notify the language used by the client part
Content-Length——indicating the size of the entity body
Content-Location-give the actual URI corresponding to the body of the message
Content-Type-indicate the media type of the object in the body of the entity

Guess you like

Origin blog.csdn.net/zqzqzqzqwuwuwu/article/details/110165493
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com