http in the end is what?
http is a simple request - response protocol, which typically runs on top of TCP. It specifies the client may send a message to the server, and what kind of response obtained. Request and response message header given in the form of ASCII codes; and the message content having a MIME format similar. This simple model is the early success of Web meritorious, because it makes the development and deployment is so straightforward.
A complete http requests typically include what things
Request header, the request body, request method
Common http request methods are there?
GET access to resources,
the HEAD get a similar message header, and the GET method, but does not return a message entity body part, for confirming the validity and resources url updated date and time, etc.
POST mainly used to acquire resources
PUT mainly used upload files, anyone can upload files, so there are security issues, generally does not apply this method
PATCH modify the resource, but only completely replace the original resource, allowing some modification PATCH
dELETE to delete the file, and PUT contrary, without inspection mechanism
method OPTIONS query support query methods specified URL that can be supported, it will return to Allow: GET, POST, HEAD, such content OPTIONS.
CONNECT requires the establishment of a tunnel at the time of communication proxy server
TRACE trace the path, the server communication path will be returned to the client
Common http status codes
| status code | category | meaning |
|---|---|---|
| 10X | Informational status code | The received request is being processed |
| 20X | Success status code | Normal requests processed |
| 30X | Redirect status | Require additional operations to complete |
| 40X | Client Error status code | The server can not process the request |
| 50X | Server Error status code | Server processing error |
1xx success
100 continue show so far are normal, the client can continue to send the request or ignore
2xx Success
Successful 200
204 request succeeded, but the corresponding return packet does not include the entity body, generally only send information from the client to the server without the need to use return data
206 represents a range of client requests, a response packet comprising content-range entity the contents of the specified range.
3xx Redirection
301 permanent redirect
302 temporary redirection, typically a jump to the next page will be
303 less frequent, and 302 is similar, but requires the client to the GET method process
304 is not changed, the server sends a request, the client does not make practical changes, basically no modifications due to send resources, so the client directly back to the original cached resource
307 temporary redirect, but will not require the browser to redirect the POST method requests into GET method
4xx Client Error
400 Request format, syntax error
401 is not landed, not certified, and so
403 does not have permission, request refusal
404 not find the file in the path, not to get resources
5xx Server Error
500 server error when requesting the implementation of
503 service unavailable hung up, unable to handle the request
The difference between the cookie and session
A cookie is stored in the client, the server session is stored in the
cookie can reduce server resources, but direct exposure to the client, unsecured
session on the server, the more secure, but resource-
cookie common scenario:
session state management (such as user login status, cart, game scores or other information to be recorded)
personalization settings (such as user-defined settings, themes, etc.)
browser behavior tracking (such as tracking user behavior analysis, etc.)
the session common scenarios:
multi-service login credentials, web services cluster
http following security issues:
Use plain text communications, content may be eavesdropping
does not verify the identity of the communicating parties, communication party identity could be camouflaged
https Introduction
HTTPS protocol is not new, but first let HTTP and SSL (Secure Sockets Layer) communications, and then by the SSL and TCP traffic, that uses HTTPS tunneling to communicate.
By using SSL, HTTPS with the encryption (eavesdropping), authentication (security apparatus) and integrity protection (tamper-proof).
Commonly used encryption method:
1. Symmetric key encryption
symmetric key encryption (Symmetric-Key Encryption), use the same key for encryption and decryption.
Advantages: fast speed;
disadvantages: not safely transfer the key to the communicating parties.
2. The asymmetric key encryption
asymmetric key cryptography, also known as public key encryption (Public-Key Encryption), use different encryption and decryption keys.
After all the public key can be obtained, communication sender to obtain the recipient's public key, you can use the public key to encrypt, the recipient uses the private key to decrypt the content upon receipt of the communication.
Key is used to encrypt the asymmetric addition may also be used to sign. Because the private key can not be acquired others, so that the communication sender uses its private key to sign the communication receiver uses the sender's public key to decrypt the signature, we can determine that the signature is correct.
Advantages: more securely communicate public key is transmitted to the sender;
disadvantages: lower speed.
The difference between GET and POST methods
GET used to obtain resources for transport and POST entity body.
Secure HTTP server method does not change the state, that it is only readable.
GET method is safe, and POST is not, because the purpose is to convey POST entity body content, this content may be form data uploaded by the user, after a successful upload, the server might put the data stored in the database, so the state will take place changed.
Safe method other than GET there: HEAD, OPTIONS.
In addition to the POST method unsafe there PUT, DELETE.
GET is harmless when the browser is rolled back and the POST request will be submitted again.
GET URL address can be generated Bookmark, and not POST.
GET request will be actively cache browser, POST will not, unless manually.
GET request can only be url encoded, and POST supports multiple encoding.
GET request parameters are intact in the browser history, and the POST parameters will not
be retained.
GET request parameters passed in the URL length is limited, but what there is POST.
the data type of the parameter, GET accepts only ASCII characters, but there is no limit POST.
GET more secure than POST, because the parameters directly exposed on the URL, it can not be used to transmit
sensitive information.
GET parameters passed via the URL, POST Request body in place.
GET generates a TCP packet; generating the POST two TCP packets.
For the GET request, the browser will http header and data sent together, the server response 200 (return data);
and for the POST, the browser transmits the first header, the server response 100 continue, the browser then transmits data, in response to the server 200 ok (return data).
For more details refer to the article
https://mp.weixin.qq.com/s/OE-iWmuspuSiKJ1sHkNfQw