A .HTTP agreement
1. Official concept:
HTTP protocol is the Hyper Text Transfer abbreviation Protocol (Hypertext Transfer Protocol) is used from the World Wide Web (WWW: World Wide Web) server to transfer hypertext transfer protocol local browser. (Although the concept of children's shoes to put this all look bad, but there is no way, after all, this is the authority of the official interpretation of the concept of HTTP, in order to completely understand, please objective eye moved down side ......)
2. vernacular concept:
It is a form of the HTTP protocol for data interaction (mutual transmission of data) between the server (Server) and a client (Client). We can be Server and Client anthropomorphic, then an interactive communication between the Server and Client protocol is specified by the two brothers. We have seen in Zirong said between taking Tiger Mountain and bandits black word for it:
- Bandits: mushrooms, you which way? How much? (Who? Where?)
- Zirong: Ha! Too serious to what, to want to nurse her mother, who wanted her parents, the child his uncle came. (Find peer)
- Zirong: Meet San Ye!
- Bandits: King cover ground tiger! (Hello big guts! Dare to air your ancestors?)
- Zirong: pagoda town river demon! (If so, that I fell to his death from the hill, out of the river and drowned.)
Bandits: pheasant, focusing instead on the drill, how can the king of the mountains! (You are not genuine.)- Zirong: plenty of ground rice, feed it, there is bedrock! (It was genuine, veteran.)
Bandits: Meet grandmother had it? (Whom I worship your childhood?)- Zirong: no tile on his house, no non non, non No No! (Less than hall can not say.)
Bandits: Well Well ha ha? (Formerly alone why?)- Zirong: Positive noon to speak, who have no home? (Xu Malaysian Bar Hill)
Bandits: A pair of good da! (Experts, is the veteran)- Zirong: the world is big droop! (Not bragging, past the brigade head.)
Zuoshan Diao: What blush?- Zirong: refreshed!
Zuo Shandiao: how to yellow?- Zirong: anti-cold, coated with wax!
Zuo Shandiao: sun drying da da. (Who leads you?)- Zirong: an exquisite tower, facing the Village Green backed by sand! (A Taoist.)
- Zirong: anti-cold, coated with wax!
- Zirong: refreshed!
- Zirong: the world is big droop! (Not bragging, past the brigade head.)
- Zirong: Positive noon to speak, who have no home? (Xu Malaysian Bar Hill)
- Zirong: no tile on his house, no non non, non No No! (Less than hall can not say.)
- Zirong: plenty of ground rice, feed it, there is bedrock! (It was genuine, veteran.)
Is not seen here, something to children's shoes finally know the legendary 'King cover ground tiger' is the true meaning of it. Mode (protocol) is actually interact and communicate between Zirong this bandit argot.
3.HTTP works:
HTTP protocol works on the client - server architecture on. Browser as an HTTP client URL that is WEB server sends all requests to the server via HTTP. Web server according to the received request, transmits the response information to the client.
4.HTTP four points Note:
- HTTP allows transmission of any type of data object. It is the type of transmission being marked by Content-Type.
- HTTP is a connectionless: Meaning No limitation is attached only one request per connection. After the server processes client requests and receives the customer's response, i.e., disconnected. In this way it can save transmission time.
- HTTP is an independent media: This means that, as long as the client and the server knows how to handle the data content of any type of data can be sent via HTTP. The client and server specify the appropriate MIME-type content type.
- HTTP is stateless: HTTP protocol is stateless protocol. No state is no protocol for transaction processing and memory. If the lack of state means that the subsequent processing required in front of the information, it must be retransmitted, which may result in the amount of data transmitted for each connection is increased. On the other hand, when it does not require previous information in response to a faster server.
5.HTTP's URL:
HTTP uses uniform resource identifier (Uniform Resource Identifiers, URI) to transmit data and establish a connection. URL is a special type of URI, it contains enough information for finding a resource
URL, stands for UniformResourceLocator, Chinese called a Uniform Resource Locator, is the address used to identify a resource on the Internet at. At the following URL as an example, each part of the composition of the next ordinary URL: * http://www.aspxfans.com:8080/news/index.asp?boardID=5&ID=24618&page=1#name ** from the above URL As can be seen, a complete URL includes the following sections: *
- Protocol: Protocol as part of the URL "http:", which represents the web page using the HTTP protocol. More may be used in the Internet protocols, such as HTTP, FTP and the like used in this example is the HTTP protocol. In the "HTTP" behind "//" is a delimiter
- domain name parts: the domain portion of the URL is "www.aspxfans.com". A URL, or you can use the IP address as the domain name
- port sections: following the domain name is to use between the ports, the domain name and port ":" as the delimiter. Port is not a mandatory part of the URL, if you omit part of the port, the default port
- Virtual directory section: from the first domain name after "/" beginning to the last "/" so far, is the virtual directory section. Virtual directory is not a necessary part of the URL. In this example the virtual directory is "/ news /"
- File name parts: from the last after the domain name "/" beginning to date, is the filename part, if not, it is from the last after the domain name "/" beginning to "#" So far, "?" "?" is part of the file, if there is no "?" and "#", then the domain name from the last "/" start to finish, it is part of the file name. In this case the file name is "index.asp". Part of the file name is not a necessary part of the URL, if you omit this part, the default file name
- anchor parts: from the "#" beginning to end, it is part of the anchor. Anchor of this embodiment is "name". Anchor part of the URL is not a necessary part
- Parameters section: "?" Between from start to "#" as the parameter section until the section, also known as part of the search query part. Parameters of this embodiment is "boardID = 5 & ID = 24618 & page = 1". Parameter to allow a plurality of parameters, with the parameters between the parameter and the "&" as the delimiter.
6.HTTP之Request:
The client sends a request to the server HTTP request message includes the following components:
Header: often called the request headers, request header is stored in some of the major explanation for the request (self-introduction). Accordingly server to obtain client information.
Common request headers:
accept: browser tells the server through the head, it supports data types
Accept-Charset: browser tells the server through the head, what kind of character set that supports Accept-Encoding: browser tells the server through this, support the compression format Accept-Language: browser tells the server through the head, it's locale host: browser tells the server through the head, wanted to visit which host If-Modified-Since: browser tells the server through the head, time cached data Referer: browser tells the server through the head, the client which page to the anti-hotlinking Connection: browser tells the server through the head, after the request is broken links or how to maintain links X-requested-With: XMLHttpRequest behalf accessed by way of ajax
User-Agent: the identity of the requesting vehicle identification
Message body: request body is often called, is stored in the request body to be transmitted / data transmitted to the information server.
7.HTTP之Response:
The server returns a HTTP response to the client the response message includes the following components:
Status Code: to "clear" language tells the client processing the results of this request.
HTTP response status code is composed of five segments:
-
-
-
- 1xx message, usually tell the client request has been received and is being processed, do not worry ...
- 2xx 处理成功,一般表示:请求收悉、我明白你要的、请求已受理、已经处理完成等信息.
- 3xx 重定向到其它地方。它让客户端再发起一个请求以完成整个处理。
- 4xx 处理发生错误,责任在客户端,如客户端的请求一个不存在的资源,客户端未被授权,禁止访问等。
- 5xx 处理发生错误,责任在服务端,如服务端抛出异常,路由出错,HTTP版本不支持等。
-
-
相应头:响应的详情展示
常见的相应头信息:
Location: 服务器通过这个头,来告诉浏览器跳到哪里
Server:服务器通过这个头,告诉浏览器服务器的型号
Content-Encoding:服务器通过这个头,告诉浏览器,数据的压缩格式
Content-Length: 服务器通过这个头,告诉浏览器回送数据的长度
Content-Language: 服务器通过这个头,告诉浏览器语言环境
Content-Type:服务器通过这个头,告诉浏览器回送数据的类型
Refresh:服务器通过这个头,告诉浏览器定时刷新
Content-Disposition: 服务器通过这个头,告诉浏览器以下载方式打数据
Transfer-Encoding:服务器通过这个头,告诉浏览器数据是以分块方式回送的
Expires: -1 控制浏览器不要缓存
Cache-Control: no-cache
Pragma: no-cache
相应体:根据客户端指定的请求信息,发送给客户端的指定数据
二.HTTPS协议
1.官方概念:
HTTPS (Secure Hypertext Transfer Protocol)安全超文本传输协议,HTTPS是在HTTP上建立SSL加密层,并对传输数据进行加密,是HTTP协议的安全版。
2.白话概念:
加密安全版的HTTP协议。
3.HTTPS采用的加密技术
3.1 SSL加密技术
SSL采用的加密技术叫做“共享密钥加密”,也叫作“对称密钥加密”,这种加密方法是这样的,比如客户端向服务器发送一条信息,首先客户端会采用已知的算法对信息进行加密,比如MD5或者Base64加密,接收端对加密的信息进行解密的时候需要用到密钥,中间会传递密钥,(加密和解密的密钥是同一个),密钥在传输中间是被加密的。这种方式看起来安全,但是仍有潜在的危险,一旦被窃听,或者信息被挟持,就有可能破解密钥,而破解其中的信息。因此“共享密钥加密”这种方式存在安全隐患:
3.2 非对称秘钥加密技术
“非对称加密”使用的时候有两把锁,一把叫做“私有密钥”,一把是“公开密钥”,使用非对象加密的加密方式的时候,服务器首先告诉客户端按照自己给定的公开密钥进行加密处理,客户端按照公开密钥加密以后,服务器接受到信息再通过自己的私有密钥进行解密,这样做的好处就是解密的钥匙根本就不会进行传输,因此也就避免了被挟持的风险。就算公开密钥被窃听者拿到了,它也很难进行解密,因为解密过程是对离散对数求值,这可不是轻而易举就能做到的事。以下是非对称加密的原理图:
但是非对称秘钥加密技术也存在如下缺点:
第一个是:如何保证接收端向发送端发出公开秘钥的时候,发送端确保收到的是预先要发送的,而不会被挟持。只要是发送密钥,就有可能有被挟持的风险。
第二个是:非对称加密的方式效率比较低,它处理起来更为复杂,通信过程中使用就有一定的效率问题而影响通信速度
4.https的证书机制
在上面我们讲了非对称加密的缺点,其中第一个就是公钥很可能存在被挟持的情况,无法保证客户端收到的公开密钥就是服务器发行的公开密钥。此时就引出了公开密钥证书机制。数字证书认证机构是客户端与服务器都可信赖的第三方机构。证书的具体传播过程如下:
1: Server developers to carry public key, the public key to apply to the certificate authority, certificate authority to recognize the identity of the applicant, after approval, the public key of the application developer will do digital signing, and then assign the public key has been signed certificate and key on the inside, bound together
2: The server sends this digital certificate to the client, because the client also recognized certificate authority, a client can verify the authenticity of the public key of the digital certificate digital signature to ensure that the server's public key is passed over real of. Under normal circumstances, the certificate of digital signature is difficult to forge, depending on the credibility of the certification body. Once confirmation is correct, the client will be encrypted by the public key to send the message, the server receives later with his private key to decrypt it.