Reptile --http protocol and the https protocol

http protocol

HTTP protocol is the Hyper Text Transfer abbreviation Protocol (Hypertext Transfer Protocol) is used from the World Wide Web (WWW: World Wide Web) server to transfer hypertext transfer protocol local browser.

These are the official for an explanation http protocol, may be relatively obscure some agreement is actually http: as a form of exchange of data between the server and the client server client

It works 1.http agreement

HTTP protocol works on the client - server architecture on. Browser as an HTTP client URL that is WEB server sends all requests to the server via HTTP. Web server according to the received request, transmits the response information to the client.

2.http four-point Notes

• HTTP allows the transmission of any type of data object. It is the type of transmission being marked by Content-Type.

• HTTP is a connectionless: Meaning No limitation is attached only one request per connection. After the server processes client requests and receives the customer's response, i.e., disconnected. In this way it can save transmission time. *

• HTTP is an independent media: This means that, as long as the client and the server knows how to handle the data content of any type of data can be sent via HTTP. The client and server specify the appropriate MIME-type content type.

• HTTP is a stateless: HTTP protocol is stateless protocol. No state is no protocol for transaction processing and memory. If the lack of state means that the subsequent processing required in front of the information, it must be retransmitted, which may result in the amount of data transmitted for each connection is increased. On the other hand, when the server does not require previous information in its response to fast

3.http the url

• Protocol: Protocol as part of the URL "http:", which represents the web page using the HTTP protocol. More may be used in the Internet protocols, such as HTTP, FTP and the like used in this example is the HTTP protocol. In the "HTTP" behind "//" is a delimiter

• Domain name parts: the part of the URL of the domain name " www.aspxfans.com ." A URL, or you can use the IP address as the domain name

• Port sections: following the domain name is to use between the ports, the domain name and port ":" as the delimiter. Port is not a mandatory part of the URL, if you omit part of the port, the default port

• Virtual directory section: from the first domain name after "/" beginning to the last "/" so far, is the virtual directory section. Virtual directory is not a necessary part of the URL. In this example the virtual directory is "/ news /"

• File name part: "?" From last after the domain name "/" beginning to date, is the filename part, if not, it is from the last after the domain name "/" beginning to "#" So far, the "?" files section, if there is no "?" and "#", then the domain name from the last "/" start to finish, are part of the file name. In this case the file name is "index.asp". Part of the file name is not a necessary part of the URL, if you omit this part, the default file name

• Anchor parts: from the "#" beginning to end, are part of the anchor. Anchor of this embodiment is "name". Anchor part of the URL is not a necessary part

• Parameters section: from the beginning to the part of the argument between the part until the "#", also known as part of the search query part "?." Parameters of this embodiment is "boardID = 5 & ID = 24618 & page = 1". Parameter to allow a plurality of parameters, with the parameters between the parameter and the "&" as the delimiter.

4.http of Request

Common request headers:

• accept: browser tells the server through the head, it supports data types

• Accept-Charset: browser tells the server through the head, which supports what character set

• Accept-Encoding: browser tells the server through this, support the compression format

• Accept-Language: browser tells the server through the head, it's locale

• Host: browser tells the server through the head, which hosts want to visit

• If-Modified-Since: browser tells the server through the head, the time of cache data

• Referer: browser tells the server through the head, which is a client page to the anti-hotlinking

• Connection: browser tells the server through the head, after the request is broken links or what support link

• X-Requested-With: XMLHttpRequest representative embodiment accessed via ajax

• User-Agent: the identity of the requesting vehicle identification

The 5.http Response

Common response headers:

• Location: server through this head, to tell the browser where to jump

• Server: server through the head, telling the browser server model

• Content-Encoding: server through the head, telling the browser, the compression format data

• Content-Length: server through the head, telling the browser to send data back length

• Content-Language: server through the head, telling the browser locale

• Content-Type: server through the head, tells the browser the type of data sent back

• Refresh: server through the head, telling the browser regularly updated

• Content-Disposition: server through the head, telling the browser to download the data the way to play

• Transfer-Encoding: server through the head, tells the browser to block the way data is sent back

• Expires: -1 do not control the browser cache

• Cache-Control: no-cache

• Pragma: no-cache

https protocol

HTTPS (Secure Hypertext Transfer Protocol) secure hypertext transfer protocol, HTTPS SSL encryption layer is built on HTTP, and encrypt data is secure version of the HTTP protocol.

It means encrypted version of the HTTP protocol.

1. Certificate

Certificates are used in the encryption operation in https, change the certificate by a certificate authority is enacted, which contains the public key

2.https encryption technology used:

• Symmetric Key Encryption:

  • Process: The client sends a message to the server, the client first information is encrypted using a known algorithm, such as MD5 or Base64 encryption, when receiving end information of the encrypted decrypting key need to use intermediate ciphertext passed key, (encryption and decryption keys are the same), the transmission intermediate key is encrypted.

  • Disadvantages: This approach seems safe, but there are still potentially dangerous, once tapped, or information being held hostage, it is possible to crack the key, and break the information. Therefore, there are security risks, "Shared Key Encryption" in this way

  • 

• Asymmetric key encryption

  • Process: the server tells the client to encrypt the information in accordance with their given public key, then the server receives the encrypted message, and then decrypt according to its own key.

  • Cons: First, there may be someone imitating the server sends the public key to the client, two asymmetric encryption method is relatively inefficient

    

• Key encryption certificate

  • Process: an application server to carry the public key to the public key certificate authority, certificate authority after a clear understanding of the identity of the applicant, the public key of the application server will make a digital signature, and then the open secret key put into the certificate, bound together.

  • The server sends the certificate to the client, because the client also recognized certificate authority, a client certificate through digital signature to verify the authenticity of the public key, to ensure that the server's public key is passed over real

    

These are the relevant knowledge of the http protocol and https protocols.