Note - Internet and HTTP
Internet
A global systems of interconnected computer networks and tangible network of computers sharing/exchanging information with the help of PROTOCOLS
Internet Protocols
-Protocol is a form of etiquette. prescribed guide for conduct or action
-usually specifies:
-The format of the messages
-How to handle the errors
OSI Model
Upper Layers
Application - HTTP, FTP, SMTP
Presentation - JPEG, GIF, MPEG
Session - Apple talk, winSock
Lower Layers
Transport - TCP, UDP, SPX
Network - IP, ICMP, IPX (router)
Data Link - Ethernet , ATM (Switch, Bridge)
Physical - Ethernet, Token Ring (hub, repeater)
Hyper Text Transfer Protocol
-provides a set of rules and standards that govern how information is transmitted on the World Wide Web
-WWW uses the HTTP to talk with each other
-first part of the URL of a site on the internet, signifying a document written in HTML
-HTTP can be implemented on top of any other protocol on the internet, or on other networks
-HTTP is stateless, the life time of a connection corresponds to a single request-response sequence
-The pure HTTP server implementation treats every request as if it was brand-new.
HTTP request/response consist of three parts
- A response or request line
- Header information
- The body
Request - response mechanism
Resource identification
Statelessness
Meta Data support
Request Methods
GET
-whatever the information is identified by the request-URI
-can Get static content and data produced by a program
POST
-Submit information to a Web server
-information is include in the message body
-The actual function is depending on the request body
HEAD
-Server response does not include message body
-useful for getting resource metadata without transferring the resource
-also useful for debugging, checking for validity, accessibility and modification
PUT
-Request a server store the enclosed data under the supplied Request URL
-Creates the resource if it does not exist
-Not useful for web publishing
DELETE
-Remove the Web Object
-Needs to be carefully used for security reasons
RACE method
-Invokes a remote application layer feedback of the request message
-Useful for testing what is being received at the server
-Also possible to forward to intermediaries for debugging purposes
OPTIONS
-requests information about communication options available to server
Advantages of HTTP
- Platform independent - Allows Straight cross platform porting
- No runtime support required to run properly
- Usable over FireWalls, Global applications possible
- Not connection oriented
HTTP limitations
Security concerns
-Privacy - Anyone can see the content
- Integrity - someone might alter content. HTTP are insecure since it uses no encryption method. Hence is subject to man in the middle and eavesdropping of sensitive information.
- Authentication - Not clear who we are talking with and
Stateless
Need state management techniques to maintain the information across multiple request-response cycles.
SSL
- Acts like a sublayer regular HTTP application layering
HTTPS encrypts an HTTP message prior to transmission and decrypt message upon arrival. And the URL s begins with HTTPS indicate that the connection between client and the server is encrypted using SSL
-application independent
-operates between application and transport layer
-Application protocols such as HTTP sit on top of it and TCP/IP beneath it
How SSL works
-The public key is a random number generated in pair (the other part of the pair is the private key known by the server)
-Data encrypted by the public key can be decrypted only by using the private key
What SSL does and Does not
Does
-Data encryption
-Server authentication
-Message integrity
-optional client authentication
Does not
-SSL does not protect the data stored on the disk
-Information getting stolen through pages cached on the browser
-Stealing confidential information from the browser memory.Since in SSL data is encrypted only during transmission on the network, it is clear text in the browser memory.
Referrences
HTTP Basics by sanjoysanyal
HTTP and HTTPS by simplyyharshad
A global systems of interconnected computer networks and tangible network of computers sharing/exchanging information with the help of PROTOCOLS
Internet Protocols
-Protocol is a form of etiquette. prescribed guide for conduct or action
-usually specifies:
-The format of the messages
-How to handle the errors
OSI Model
Upper Layers
Application - HTTP, FTP, SMTP
Presentation - JPEG, GIF, MPEG
Session - Apple talk, winSock
Lower Layers
Transport - TCP, UDP, SPX
Network - IP, ICMP, IPX (router)
Data Link - Ethernet , ATM (Switch, Bridge)
Physical - Ethernet, Token Ring (hub, repeater)
Hyper Text Transfer Protocol
-provides a set of rules and standards that govern how information is transmitted on the World Wide Web
-WWW uses the HTTP to talk with each other
-first part of the URL of a site on the internet, signifying a document written in HTML
-HTTP can be implemented on top of any other protocol on the internet, or on other networks
-HTTP is stateless, the life time of a connection corresponds to a single request-response sequence
-The pure HTTP server implementation treats every request as if it was brand-new.
HTTP request/response consist of three parts
- A response or request line
- Header information
- The body
Request - response mechanism
Resource identification
Statelessness
Meta Data support
Request Methods
GET
-whatever the information is identified by the request-URI
-can Get static content and data produced by a program
POST
-Submit information to a Web server
-information is include in the message body
-The actual function is depending on the request body
HEAD
-Server response does not include message body
-useful for getting resource metadata without transferring the resource
-also useful for debugging, checking for validity, accessibility and modification
PUT
-Request a server store the enclosed data under the supplied Request URL
-Creates the resource if it does not exist
-Not useful for web publishing
DELETE
-Remove the Web Object
-Needs to be carefully used for security reasons
RACE method
-Invokes a remote application layer feedback of the request message
-Useful for testing what is being received at the server
-Also possible to forward to intermediaries for debugging purposes
OPTIONS
-requests information about communication options available to server
Advantages of HTTP
- Platform independent - Allows Straight cross platform porting
- No runtime support required to run properly
- Usable over FireWalls, Global applications possible
- Not connection oriented
HTTP limitations
Security concerns
-Privacy - Anyone can see the content
- Integrity - someone might alter content. HTTP are insecure since it uses no encryption method. Hence is subject to man in the middle and eavesdropping of sensitive information.
- Authentication - Not clear who we are talking with and
Stateless
Need state management techniques to maintain the information across multiple request-response cycles.
SSL
- Acts like a sublayer regular HTTP application layering
HTTPS encrypts an HTTP message prior to transmission and decrypt message upon arrival. And the URL s begins with HTTPS indicate that the connection between client and the server is encrypted using SSL
-application independent
-operates between application and transport layer
-Application protocols such as HTTP sit on top of it and TCP/IP beneath it
How SSL works
-The public key is a random number generated in pair (the other part of the pair is the private key known by the server)
-Data encrypted by the public key can be decrypted only by using the private key
What SSL does and Does not
Does
-Data encryption
-Server authentication
-Message integrity
-optional client authentication
Does not
-SSL does not protect the data stored on the disk
-Information getting stolen through pages cached on the browser
-Stealing confidential information from the browser memory.Since in SSL data is encrypted only during transmission on the network, it is clear text in the browser memory.
Referrences
HTTP Basics by sanjoysanyal
HTTP and HTTPS by simplyyharshad
Comments
Post a Comment