Reference: http: //blog.csdn.net/m0_38099607/article/details/72864684
The difference between HTTP and HTTPS
Hypertext Transfer Protocol (HTTP) protocol is used between the Web browser and the web server to transmit information, HTTP protocol to send the content in plain text, data encryption does not provide any way, if an attacker intercepts a Web browser and a web server between transmission packets, it can directly read the information in it, therefore, HTTP transmission protocol is not suitable for sensitive information, such as: credit card numbers, passwords and other payment information.
To address this shortcoming HTTP protocol, you need to use another protocol: Secure Sockets Layer Hypertext Transfer Protocol HTTPS, for secure data transmission, HTTPS added SSL protocol based on HTTP, SSL relies on certificates to authenticate the server identity and encryption for communication between browsers and servers.
First, the basic concepts of HTTP and HTTPS
HTTP: is the Internet's most widely used network protocol, a client and a server-side request and response standard (TCP), hypertext transfer protocol for transmission from the WWW server to the local browser, it can make browsing It is more efficient, so that network traffic is reduced.
HTTPS: HTTP is safe for the target channel, simply, is a safe version of HTTP, HTTP added SSL layer, HTTPS security infrastructure is SSL, encryption and therefore the details will need to SSL.
The main role of the HTTPS protocol can be divided into two types: one is to establish a channel of information security, to ensure the security of data transmission; the other is to confirm the authenticity of the site.
Two, HTTP and HTTPS What is the difference?
HTTP data transmission protocol is unencrypted, plain text is therefore transmitted using the HTTP protocol is insecure private information, in order to ensure the privacy of data transmission can be encrypted, so designed Netscape SSL (Secure Sockets Layer) protocol with HTTP protocol for data transmission is encrypted, thus was born HTTPS. In simple terms, HTTPS protocol is constructed from SSL + HTTP protocol can be encrypted transmission, network authentication protocol than http protocol security.
The main difference between HTTPS and HTTP as follows:
1, https protocol ca need to apply for a certificate, generally less free certificates, thus requiring a fee.
2, http is the hypertext transfer protocol, information is transmitted in the clear, https is encrypted with a security ssl transfer protocol.
3, http and https use is completely different connections, with the port are not the same, the former is 80, which is 443.
4, http connection is very simple, is stateless; is constructed by the HTTPS protocol SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security.
Three, HTTPS works
We all know that HTTPS can encrypt information, so as not to acquire sensitive information by third parties, so a lot of banking sites or e-mail, and so a higher level of security services will adopt HTTPS protocol.
The client has the following steps when using HTTPS to communicate with the server Web, as illustrated in FIG.
(1) customers to use https URL to access the Web server requires an SSL connection to the Web server.
After (2) Web server receives a client request, the certificate information will be the site (the certificate contains the public key) transmit a copy to the client.
(3) the client browser and the Web server security level began to negotiate SSL connection, which is encrypted information level.
(4) the client browser, depending on the security level agreed to establish a session key, and then use the site's public key to encrypt the session key and send it to the site.
(5) Web server using their own private key to decrypt the session key.
(6) Web server using the communication between the client and the encrypted session key.
Four, HTTPS advantages
Although HTTPS is not absolutely safe, master authority root certificate to master organizational encryption algorithm can also be an intermediary form of attack, but HTTPS is still under the existing framework of the safest solutions, mainly in the following benefits:
(1) using the HTTPS protocol may authenticate the user and the server, transmits the data to ensure that the correct client and server;
(2) HTTPS protocol is constructed by SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security, to prevent data from being stolen during transmission, changes to ensure data integrity.
(3) HTTPS under the existing framework is the most secure solution, though not absolute security, but it greatly increases the cost of the middleman attack.
(4) Google search engine algorithm was adjusted in August 2014, saying "Compared to the same HTTP sites using HTTPS encrypted site's ranking in search results will be higher."
Five, HTTPS shortcomings
Although HTTPS has a great advantage, but relatively speaking, still shortcomings at:
(1) HTTPS protocol handshake time consuming, can cause pages to load prolonged nearly 50%, 10% to 20% of the power consumption;
(2) HTTPS connection cache as good as HTTP efficient, increases data overhead and power consumption, even existing security measures will also be affected;
(3) SSL certificates need the money, the more powerful the higher cost certificates, personal sites, small sites generally do not use is not necessary.
(4) SSL certificate is usually required to bind IP, can not bind multiple domain names on the same IP, IPv4 resources are unlikely to support this consumption.
Get request Post request and the difference between
(1) using the Get request is displayed in the URL parameters, and using the Post request is not displayed;
the amount of data (2) Post transmission can be achieved 2M, and since the Get method is limited by the length of the URL, only about 1024 bytes transferred.
(. 3) should be noted that the Get request cache problem, Post request need not worry about it;
(. 4) Post request must set Content-Type is application / x-form -www-urlencoded;
(5) transmission request, Get request as a parameter in url, the transmission parameters so the send function is null, and when the send request Post method, has given its required parameters;
(. 6) the GET manner requested data is cached browser up so other people can read it from the browser history of these data, such as account numbers and passwords. In some cases, GET will give rise to serious safety concerns. The POST method, relatively speaking, avoid these problems.
The following code is used to explain the difference :
GET Request
function getMethod(){ var xhr = new createXHR(); var userName = document.getElementById("userName").value; var age = document.getElementById("age").value; //添加参数,以求每次访问不同的url,以避免缓存问题 xhr.open( "get", "example.php?userName=" + encodeURTComponent( userName ) + "&age=" + encodeURTComponent( age ) + "&random=" + Math.random(), true ); xhr.onreadystatechange = function(){ if( xhr.readyState == 4 && xhr.status == 200 ){ document.getElementById("result").innerHTML = xhr.responseText; } } //发送请求,参数为null xhr.send( null ); }GET request
function postMethod(){ var xhr = new createXHR(); var userName = document.getElementById("userName").value; var age = document.getElementById("age").value; var data = "userName=" + encodeURTComponent( userName ) + "&age=" + encodeURTComponent( age ); //不用担心缓存问题 xhr.open( "post", "example.php", true ); //必须设置,否则服务器端收不到参数 xhr.setRequestHeader( "Content-Type", "application/x-www-form-urlencoded" ); xhr.onreadystatechange = function(){ if( xhr.readyState = 4 && xhr.status == 200 ){ document.getElementById("result").innerHTML = xhr.responseText; } } //发送请求,要data数据 xhr.send( data ); }Reference: http: //blog.csdn.net/m0_38099607/article/details/72864684
The difference between HTTP and HTTPS
Hypertext Transfer Protocol (HTTP) protocol is used between the Web browser and the web server to transmit information, HTTP protocol to send the content in plain text, data encryption does not provide any way, if an attacker intercepts a Web browser and a web server between transmission packets, it can directly read the information in it, therefore, HTTP transmission protocol is not suitable for sensitive information, such as: credit card numbers, passwords and other payment information.
To address this shortcoming HTTP protocol, you need to use another protocol: Secure Sockets Layer Hypertext Transfer Protocol HTTPS, for secure data transmission, HTTPS added SSL protocol based on HTTP, SSL relies on certificates to authenticate the server identity and encryption for communication between browsers and servers.
First, the basic concepts of HTTP and HTTPS
HTTP: is the Internet's most widely used network protocol, a client and a server-side request and response standard (TCP), hypertext transfer protocol for transmission from the WWW server to the local browser, it can make browsing It is more efficient, so that network traffic is reduced.
HTTPS: HTTP is safe for the target channel, simply, is a safe version of HTTP, HTTP added SSL layer, HTTPS security infrastructure is SSL, encryption and therefore the details will need to SSL.
The main role of the HTTPS protocol can be divided into two types: one is to establish a channel of information security, to ensure the security of data transmission; the other is to confirm the authenticity of the site.
Two, HTTP and HTTPS What is the difference?
HTTP data transmission protocol is unencrypted, plain text is therefore transmitted using the HTTP protocol is insecure private information, in order to ensure the privacy of data transmission can be encrypted, so designed Netscape SSL (Secure Sockets Layer) protocol with HTTP protocol for data transmission is encrypted, thus was born HTTPS. In simple terms, HTTPS protocol is constructed from SSL + HTTP protocol can be encrypted transmission, network authentication protocol than http protocol security.
The main difference between HTTPS and HTTP as follows:
1, https protocol ca need to apply for a certificate, generally less free certificates, thus requiring a fee.
2, http is the hypertext transfer protocol, information is transmitted in the clear, https is encrypted with a security ssl transfer protocol.
3, http and https use is completely different connections, with the port are not the same, the former is 80, which is 443.
4, http connection is very simple, is stateless; is constructed by the HTTPS protocol SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security.
Three, HTTPS works
We all know that HTTPS can encrypt information, so as not to acquire sensitive information by third parties, so a lot of banking sites or e-mail, and so a higher level of security services will adopt HTTPS protocol.
The client has the following steps when using HTTPS to communicate with the server Web, as illustrated in FIG.
(1) customers to use https URL to access the Web server requires an SSL connection to the Web server.
After (2) Web server receives a client request, the certificate information will be the site (the certificate contains the public key) transmit a copy to the client.
(3) the client browser and the Web server security level began to negotiate SSL connection, which is encrypted information level.
(4) the client browser, depending on the security level agreed to establish a session key, and then use the site's public key to encrypt the session key and send it to the site.
(5) Web server using their own private key to decrypt the session key.
(6) Web server using the communication between the client and the encrypted session key.
Four, HTTPS advantages
Although HTTPS is not absolutely safe, master authority root certificate to master organizational encryption algorithm can also be an intermediary form of attack, but HTTPS is still under the existing framework of the safest solutions, mainly in the following benefits:
(1) using the HTTPS protocol may authenticate the user and the server, transmits the data to ensure that the correct client and server;
(2) HTTPS protocol is constructed by SSL + HTTP encrypted transmission protocol, a network authentication protocol, the http protocol than security, to prevent data from being stolen during transmission, changes to ensure data integrity.
(3) HTTPS under the existing framework is the most secure solution, though not absolute security, but it greatly increases the cost of the middleman attack.
(4) Google search engine algorithm was adjusted in August 2014, saying "Compared to the same HTTP sites using HTTPS encrypted site's ranking in search results will be higher."
Five, HTTPS shortcomings
Although HTTPS has a great advantage, but relatively speaking, still shortcomings at:
(1) HTTPS protocol handshake time consuming, can cause pages to load prolonged nearly 50%, 10% to 20% of the power consumption;
(2) HTTPS connection cache as good as HTTP efficient, increases data overhead and power consumption, even existing security measures will also be affected;
(3) SSL certificates need the money, the more powerful the higher cost certificates, personal sites, small sites generally do not use is not necessary.
(4) SSL certificate is usually required to bind IP, can not bind multiple domain names on the same IP, IPv4 resources are unlikely to support this consumption.
Get request Post request and the difference between
(1) using the Get request is displayed in the URL parameters, and using the Post request is not displayed;
the amount of data (2) Post transmission can be achieved 2M, and since the Get method is limited by the length of the URL, only about 1024 bytes transferred.
(. 3) should be noted that the Get request cache problem, Post request need not worry about it;
(. 4) Post request must set Content-Type is application / x-form -www-urlencoded;
(5) transmission request, Get request as a parameter in url, the transmission parameters so the send function is null, and when the send request Post method, has given its required parameters;
(. 6) the GET manner requested data is cached browser up so other people can read it from the browser history of these data, such as account numbers and passwords. In some cases, GET will give rise to serious safety concerns. The POST method, relatively speaking, avoid these problems.
The following code is used to explain the difference :
GET Request
function getMethod(){ var xhr = new createXHR(); var userName = document.getElementById("userName").value; var age = document.getElementById("age").value; //添加参数,以求每次访问不同的url,以避免缓存问题 xhr.open( "get", "example.php?userName=" + encodeURTComponent( userName ) + "&age=" + encodeURTComponent( age ) + "&random=" + Math.random(), true ); xhr.onreadystatechange = function(){ if( xhr.readyState == 4 && xhr.status == 200 ){ document.getElementById("result").innerHTML = xhr.responseText; } } //发送请求,参数为null xhr.send( null ); }GET request
function postMethod(){ var xhr = new createXHR(); var userName = document.getElementById("userName").value; var age = document.getElementById("age").value; var data = "userName=" + encodeURTComponent( userName ) + "&age=" + encodeURTComponent( age ); //不用担心缓存问题 xhr.open( "post", "example.php", true ); //必须设置,否则服务器端收不到参数 xhr.setRequestHeader( "Content-Type", "application/x-www-form-urlencoded" ); xhr.onreadystatechange = function(){ if( xhr.readyState = 4 && xhr.status == 200 ){ document.getElementById("result").innerHTML = xhr.responseText; } } //发送请求,要data数据 xhr.send( data ); }