**Application layer concept:**Network application is the direct way and "interface" for ordinary network users to use network services. Network application is also the fastest growing and most abundant layer of computer network.
application layer function
The application layer is related to the network services provided to users. These services are very rich, including file transfer, email, P2P applications, etc. The application layer provides users with an interface for using network applications.
Web Application Architecture
- Client/Server (C/S) structure network application :
C/S structure network application is the most classic and basic network application.
Features : The two sides of the communication are the server and the client . The server needs to run first and be ready to accept communication. The client program runs later and actively requests to communicate with the server.
Advantages : Give full play to the processing ability of the client, many tasks can be submitted to the server after the client processes, and the client responds quickly.
Disadvantages : System maintenance and upgrade costs are very high. The C/S architecture needs to install special client software, when there is a problem with the computer, such as a virus. If the hardware is damaged, it needs to be installed or maintained; every time the system software is upgraded, the client needs to be reinstalled.
For example: WWW application, file transfer FTP protocol, email, etc.
-
Browser/Server (B/S) structure network application:
This system can be understood as the change and promotion of C/S structure. Under this architecture, the user interface is implemented through the WWW browser, a very small part of the business logic is implemented on the front end, and the main business logic is implemented on the server side, forming a so-called three-tier structure.- Browser side: the browser used by the user is the interface of the user's operating system. The user makes a request to the server side through the browser interface, and processes and displays the results returned by the server side. Through the interface, the logic function of the system can be updated. Good show.
- Server side: provide data services, operate data, and then return the structure to the central layer, and the results are displayed on the system interface.
- Middleware: This is what runs between the browser and the server. This layer mainly completes the system logic, implements specific functions, receives user requests and sends them to the server, and then returns the results of the server to the user. The information that needs to be exchanged between the browser and the server is completed through the middleware.
The difference between C/S and B/S architecture:
- CS is based on a small-scale network of local area network and private network , and the local area network provides connection and data exchange services through a dedicated server; BS is based on a wide area network , does not need to be a dedicated network hardware environment.
- The CS client is not an input and output device without computing power, but has certain data processing and data storage capabilities ; the BS client is just a simple input and output device .
- Data security: due to the CS structure software Due to the characteristics of data distribution , data may be lost in any accidents that occur on the client side, such as fires, hackers, etc. For group-level remote software applications, the CS architecture must install multiple servers in various places. At this time, data synchronization between multiple servers and Data consistency will be affected, and if a server has a problem, it will affect the data security of the entire application; while the data of the BS architecture is stored centrally in the database server at the headquarters , and the client does not save any data, so there is no need to consider data synchronization. Class problems, security will be more reliable .
- CS has fast response speed: Since the CS architecture client has certain data storage and computing capabilities, a lot of work is transmitted to the server after the client is calculated.
- Portability: CS generally has restrictions on the client's operating system. It may be suitable for Win98, but not necessarily for Win2000, or not for other new Microsoft operating systems, not to mention Linux, Unix, etc.; all clients of the BS architecture are just browsers, and do not need any maintenance. -
Pure P2P structure network application :
Features : In the pure P2P structure network application, there is no traditional distinction between server and client, and they are collectively referred to as peers .
The P2P structure network has excellent performance and fast transmission speed.
Advantages : namely "equal status". Peers typically run on common user computing devices.
Disadvantages : peers join or leave the application dynamically, and newly joined peers need to know which peers are online, addresses of online peers, and services provided by online peers. For pure P2P applications, since there is no central server, it is very difficult to solve these problems.
- Mixed-structure network application :
In a mixed-structure network application, there is a traditional C/S structure communication between the client and the server, and there is also direct communication between clients.
Communication process:
1. Each customer registers its own network address with the server through the C/S method, and declares the resources that can be shared or the services that can be provided. 2.
Discover other online customers through the central server, and retrieve resources that other customers can share, etc. Information
3. When a customer wants to obtain resources or services owned by another customer, he can directly initiate communication with the customer and request him to provide services.
HTTP protocol
Also known as Hypertext Transfer Protocol , the port number is 80 .
Principle of HTTP connection:
- The HTTP client process requests port 80 of the server to establish a TCP connection .
- The HTTP client process sends a request message to the server based on the established TCP connection . Common request methods include GET, HEAD, POST, OPTION, and PUT.
-GET: Request to read information marked with URL.
-HEAD: Request to read the header of the information marked by the URL, that is, there is no need to include the object in the response message.
-POST: Add information to the server, such as comments.
-OPTION: Request information about some options.
-PUT: Store a document under the specified URL. - The HTTP server process receives the request message, operates according to the requirements of the request message, and encapsulates the information to be returned into a response message and sends it to the client process .
- The HTTP server process notifies TCP to disconnect .
- The HTTP client receives the response message and disconnects the TCP connection, and the browser extracts the HTML file from the response message for parsing and displaying .
HTTP connection mode:
HTTP is based on the TCP transmission message of the transport layer.
- Non-persistent connection : The HTTP client establishes a TCP connection with the HTTP server, sends an HTTP request message through the connection, receives an HTTP response message, and then disconnects.
- Parallel connection : Establish multiple parallel TCP connections, send HTTP requests in parallel and receive HTTP responses in parallel.
- Persistent connection : Reuse the established TCP connection, thereby reducing the event overhead of creating a new TCP connection.
- Non-pipeline persistent connection : also known as non-pipeline persistent connection, the client can send the next request message only after receiving the previous response message. Request --> Response --> Request
- Pipeline persistent connection : also known as pipeline persistent connection, the client can send multiple requests at the same time , receive multiple responses at the same time , and send request messages continuously without waiting for response messages.
Classification of HTTP status codes and common status codes:
The HTTP status code is used by the server to notify the client of the response.
Classification of HTTP status codes
| status code category | Ranges | effect | illustrate |
|---|---|---|---|
| 1xx | 100 ~ 199 | message notification | Notification information, further interaction may be required |
| 2xx | 200 ~ 299 | success | Successfully complete the client request operation and respond |
| 3xx | 300 ~ 399 | redirect | Indicates that the resource has been moved and a request needs to be sent to a new URL |
| 4xx | 400 ~ 499 | client error | Unable to respond successfully due to a bad client request |
| 5xx | 500 ~ 599 | server side error | Unable to respond successfully due to a server-side error |
Common HTTP Status Codes
| status code | phrase | meaning |
|---|---|---|
| 100 | Continue | Indicates that the initial part of the request has been successfully received, the client is asked to continue |
| 200 | OK | Success, the requested message is in the response message |
| 301 | Moved Permanently | Redirection, the requested address is permanently removed, and a new URL will be given in the first line of the response message Location:, usually the browser will automatically send a request to the new URL |
| 400 | Bad Request | Client request error, that is, the client cannot correctly understand the client request |
| 401 | Unauthorized | Unauthorized, need to enter username and password |
| 404 | Not Found | The object requested by the client does not exist on the server |
| 451 | Unsupported Media Type | Unsupported media type, the request may be rejected by the server, or the request method or parameters do not match the server requirements |
| 505 | HTTP Version Not Supported | The HTTP version used by the request, which is not supported by the server |
Cookie
Cookie中文名称为小型文本文件,指某些网站为了辨别用户身份、进行对话跟踪而储备在用户本地终端上的数据,主要用于用户跟踪。
为什么要使用Cookie?
HTTP服务器端并不会保存关于客户的任何消息,所以HTTP是一种无状态的协议。因此,客户端与服务器端一旦数据交换完毕,客户端和服务器端的连接就会关闭,再次发送消息需要再次建立连接,这就意味着服务器无法跟踪用户的会话。比如用户选择一件衣服放进购物车,当再次选择一件衣服的时候,服务器端不知道这是否还是这个顾客的行为,因此需要每购买一件衣服就立刻结账。
Cookie技术:
-
HTTP响应报文中的Cookie头行:Set-Cookie。在使用Cookie技术的网站,在给用户发送的HTTP响应报文中,通过Set-Cookie头行,发送大小通常不超过 4 KB的Cookie信息,其中包含为其用户分配的ID、用户对网站的访问偏好等;
-
用户浏览器在本地存储、维护和管理的Cookie文件。浏览器每当获得新的Cookie信息,就会在Cookie文件中追加一行Cookie信息,包括网站的域、路径、内容(如用户ID、访问偏好、商品选择等)、有效期、安全5个字段;
-
域(domain)和路径(path)
这两个选项共同决定了Cookie信息能被哪些页面共享Domain Path www.google.com.hk / .google.com.hk /webhp .google.com.hk / .google.com.hk / domain参数用来控制cookie对哪个域有效,默认为设置cookie的那个域。这个值可以包含子域,也可以不包含。如上图,domain选项中,可以是**.google.com.hk不包含子域,也就是对.google.com.hk所有子域都有效,也可以是www.google.com.hk**包含子域。
path用来控制cookie发送的指定域的路径,默认为 “/”,表示指定域下的所有路径都可以访问。他是在域名的基础上,指定可以访问的路径。例如cookie设置为“domain = .google.com.hk ; path = /webhp”,那么只有".google.com.hk/webhp"和"/webhp"下的任一子目录如"/webhp/xxx"会发送cookie信息,而".google.com.hk"不会发送。
-
内容(expires)和有效期(max-age)
expires默认为Sessison,表示浏览器绘画结束的时候(即关闭浏览器)就会删除该cookie信息;
可以通过expries设置删除时间,这个值为GMT格式的日期,如:Thu,11 Nov 2021 16:00:00 GMT,表示在2021-11-11日的16点整失效,在此期间cookie信息仍会保存在用户的机器中;
如果失效日期是以前的时间,则cookie会被立刻删除。在新的HTTP协议中,逐渐使用max-age属性取代到expires。expires表示的是失效时间,是时刻;max-age是失效的时间段,以秒为单位。
若max-age为正值,则cookie信息在max-age秒后失效,如:“max-age = 10800;”,则cookie信息在三个小时后失效;
若max-age为负值,则cookie信息将在浏览器会话结束后失效;
若max-age为0,则表示删除cookie信息。 -
安全(secure):
secure是cookie的安全标志,通过cookie直接包含一个secure单词来指定的,也是cookie字段中唯一一个非名值对的部分。默认情况下为空,即不指定secure选项,则不论是HTTP请求还是HTTPS请求,均会发送cookie;
指定后,cookie只有在使用SSL连接(如HTTPS请求)时才会发送到服务器。
注意:只有保证网页是安全协议(如HTTPS协议)请求时,才能去设置secure类型的cookie。 -
HTTP选项(HTTPOnly)
需要特别提一下HTTPOnly属性,该属性是用来限制客户端脚本对cookie的访问。将cookie设置为HTTPOnly可以减轻XSS攻击的危害,放置cookie被窃取,以增强cookie的安全性。
-
-
HTTP请求报文中Cookie头行:Cookie。当用户向已经访问过的且获得Cookie信息的网站发送HTTP请求报文时,浏览器会自动检索本地的Cookie文件,并在每个请求报文中通过Cookie头行,携带上网站为该用户分配的Cookie信息。网站基于用户请求中的Cookie值,实现对用户的追踪、偏好统计、会话关联等功能。
-
网站在后台数据库中存储、维护Cookie信息、包含已分配给用户ID、每个ID用户在本网站的访问特征等。
Cookie工作原理如下:
Cookie缺点:
- 安全性:对于在公共场所多个用户使用同一台计算机使用浏览器,则会被不法分子获取用户的信息,如登录过哪些网站,购买过什么商品。
- 信息不同步:如果一台浏览器安装多个浏览器,不同的浏览器都会以独立的空间存放Cookie,因为Cookie不但可以确认用户,还包含计算机和浏览器的信息,对于在不同的浏览器中登录,就会得到不同的Cookie信息。
HTTPS协议
HTTPS是以安全为目标的HTTP通道,在HTTP的基础上通过传输加密和身份认证保证了传输过程的安全性。HTTPS在HTTP的基础上加入了SSL / TLS,HTTPS的默认端口号是443,存在一个加密/身份验证层(在HTTP与TCP之间)。
HTTP存在不安全性的严重缺陷:
- 明文数据传输:HTTP采用明文数据传输,攻击者只需要采取网络嗅探的攻击方式,就可以获取大型网站的用户信息。
- 消息完整性检测:HTTP检测数据完整性仅仅使用报文头部包含的本次传输数据的长度,而对信息是否被篡改不做检测,因此攻击者很容易就发动中间人攻击,修改客户端和服务器端传输的数据,甚至在传输数据中插入恶意代码,导致客户端被引流至恶意网站被植入木马。
HTTPS连接原理:
- 客户端将所支持的算法列表和一个用于产生密钥的随机数发送给服务器;
- 服务器从算法列表中选择一种加密算法,并将加密算法、一份包含服务器公用密钥的证书以及用于认证目的的服务器标识、服务器提供的一个用作产生密钥的随机数一起发送给客户端;
- 客户端对服务器的证书进行检验,确认是否由自己信任的证书签发机构签发,如果不是,则将是否继续通讯的决定权交给用户选择(此处为一个安全缺陷)。如果检查无误或者用户选择继续通讯,则客户端认可服务器身份;
- 客户端抽取服务器的公用密钥,并产生一个叫做 PreMaster Secret 的随机密码串,并使用服务器的公用密钥对其进行加密,并将加密的信息发送给服务器;
- 客户端和服务器端根据PreMaster Secret以及客户端和服务器的随机数值独立计算出会话密钥(Session Key) 和 MAC算法密钥;
- 后续的客户端与服务器交互过程中使用会话密钥和MAC算法密钥进行加密和解密:
- 加密过程:首先使用MAC算法对内容进行摘要,然后将摘要放在内容后面,再使用会话密钥进行加密。
- 解密过程:首先使用会话密钥进行解密,然后取出摘要对数据完整性进行验证。
HTTP与HTTPS的优缺点:
- 使用HTTPS协议可认证用户和服务器,确认数据发送到正确的客户端或者服务器;
- HTTPS协议采用SSL + HTTP 构架的可进行加密传输、身份认证的网络协议,安全性比HTTP强,但并不是绝对安全,却也大幅增加了中间人攻击的成本;
- 相同网络环境下,HTTPS协议会使页面的加载时间延长近 50%,且HTTPS会影响缓存,增加数据开销和功耗。
- 因为HTTPS协议的工作需要额外的计算资源消耗,导致成本增加。如在大规模的用户访问应用的场景下,服务器需要频繁的进行加密和解密操作,几乎每个字节都需要进行加解密,这就产生了服务器成本。
Internet电子邮件
电子邮件系统结构:
组成:主要包括邮件服务器、简单邮件传输协议(SMTP)、用户代理和邮件读取协议(POP、IMAP)等。
电子邮箱工作流程:
对于邮件服务器来说,既是客户端也是服务器端,如邮件接收器A主动发送邮件给B,此时A为客户端,B为服务器端。
用户代理:
用户代理是电子邮件应用的客户端软件,为用户提供使用电子邮件的接口。
主要功能:支持用户撰写、显示、处理、收发邮件,为用户阅读、回复、转发、保存和撰写邮件提供编译和操作环境。
邮件服务器:
实现:邮件服务器内存维护一个外出邮件队列,在队列中暂存注册用户等待向外发送的邮件。邮件服务器之间发送和接收邮件采用C/S架构。
功能:邮件服务器的功能是发送和接收邮件,同时告诉发信人邮件传送的情况(已交付、已拒绝、丢失等),是电子邮件体系结构的核心;
发送过程:
1. 用户A向用户B发送邮件,邮件首先发送到邮件服务器A的外出邮件队列中;
2. 首先从服务器A依次从队列中取出邮件,当发送邮件A时,先从收件人邮件地址中解析出接收邮件服务器的域名或IP地址,然后将邮件基于SMTP协议发送给邮件服务器B。
3. 邮件服务器B将接收到的邮件存放到用户B的邮箱中。
4. 如果邮件A已经成功从邮件服务器A发送给邮件服务器B,则清除邮件服务器A中外出邮件队列中的邮件A,否则,邮件A将继续保存在外出邮件队列中;如果发送失败,则每隔一段时间重新发送,通常间隔30min,如果几天后仍没有发送成功,则以邮件的形式告诉用户A邮件发送失败。
参考文献
《计算机网络原理2018年版》作者 :李全龙
百度百科
CSDN
以上是我自己的学习总结,如果哪里不足或者描述错误欢迎大家提出来,期待和大家一起进步!!!
码字不易,希望获得您的小小的点赞和收藏,感激不尽!!!