personal micro-channel public number: program ape fight with
1. HTTP related [2]
1.1Get differences and request Post request
From three levels to answer:
1.1.1 HTTP messages from levels:
Get request to request information on the back URL, the request information and a question mark between a URL ( ?separated), between a plurality of requests with the information &are separated, in the form 键值对of the form, and has a length limit.
Post requests are placed in the packet body, I want to get the requested information must request packet, therefore, security is higher than Get, but can obtain information packet capture tool, so it is not absolutely safe, but also on concrete https, no length limit
1.1.2 from the database level:
Get in line Idempotence and security, Post does not comply
Idempotence:
Once operation of the database and the results obtained multiple operations are consistent
safety:
Operation of the database does not change data in the database
1.1.3 point of view from other levels
Get can be cached, stored, will be saved in the History browser, URL to Get method of transmission can be saved as a browser bookmark, and not post
1.2 Cookie and Session difference:
The reason both generated: HTTP is the most important feature: no state, each landing a site should take the trouble to enter the account password, which it produced Cookie and Session.
1.2.1 Cookie INTRODUCTION:
Specific information is sent by the client to the server, in the form of text stored in the client
When a client requests again, Cookie will send back
When the server receives, it parses the content of the client in the Cookie generating corresponding
1.2.1.1 Cookie setup procedure and send
Http client sends a request to the server,
Http server sends a response to the client, which includes a Set-Cookie header
Http client sends a request to the server, including the Cookie header
Http server sends corresponding to the client
1.2.2 Session Introduction
Server mechanisms, the information stored on the server
Parsing client requests and operates Session id, save state information needed
1.2.2.1 Session of implementation
1. Cookie achieve
Assigned to each server a unique Session JSESSIONID, and sent to the client by Cookie, when the client sends a new request will carry JSESSIONID in a Cookie header, so that the server can find the corresponding Session
2. Use the URL writeback achieve
Refers to all the pages sent to the server in the browser carries JSessionID parameters, so that the client will put a link to click on any value passed to the server JSessionID
1.2.3 The difference between Cookie and Session
1.Cookie data stored in the browser, Session stored in the server
2.Session relatively safe Cookie
3. Considering the burden on the server, you should use Cookie
1.3 difference between HTTP and HTTPS
1.3.1 HTTPS Introduction
Is a safe conduct pass purpose transport protocol is a secure version of Http
1.3.2 SSL (Security Sockets Layer, Secure Sockets Layer)
1. To provide security and data integrity of a secure communications protocol for the network
2. The operating system API is provided externally, after SSL3.0 renamed TLS
So how does it protect the security and data integrity?
Use 身份验证and 数据加密ensure the security and integrity of the data communication network
1.3.3 encryption
1. Symmetric encryption:
Encryption and decryption use the same secret key, high performance, security is relatively weak
2. Asymmetric encryption:
Encryption and decryption keys are different, referred to as public and private keys, lower performance, security super
3. hash algorithm:
Converting the information of an arbitrary length to a fixed length value, irreversible algorithm (MD5 algorithm common)
4. Digital signatures:
Proof of a message or file is sent from a person / identity
1.3.4Https data transmission process
The browser will support the encryption algorithm information to the server
2. Select a server browser supports encryption algorithm, in the form of a certificate sent back to the browser
3. The browser verifies the validity of the certificate, a certificate and public key encryption in conjunction with the information sent to the server
4. The server uses the private key to decrypt the information, verification hash, the encrypted information in response to postback browser
The browser decrypts the response information, and authentication information, interactive data after encrypting
1.3.5 the difference between HTTP and HTTPS
1.HTTPS need to apply for CA certificates, HTTP does not require
2.HTTPS ciphertext transmission, HTTP cleartext
3. different connections, HTTPS default port 443, http port 80
4.HTTPS = HTTP + encryption + authentication + integrity protection, the more secure HTTP
1.3.6HTTPS it really safe
not necessarily
1. Browser default fill http://, request needs to jump, there is the risk of being hijacked
2. You can use HSTS (HTTP Strict Transport Security) optimization
Above, the end portion of the computer network