Other chapters:
- HTML & CSS
- Javascript Part 1
- Javascript Part 2
- Vue part
- The React part
- Network part
- Part of the performance
Network related
Difference between Http and Https
Http protocol runs on TCP, plaintext transmission, client and server can not verify each other’s identity; Https is Http with Secure Socket Layer (SSL) shell. SSL runs on TOP of TCP and is Http with encryption and authentication mechanisms added. The differences between the two are as follows:
- Port difference: Http and Http use different connection modes and different ports, the former is 80, the latter is 443.
- Resource consumption: Compared with HTTP communication, Https communication consumes more CPU and memory resources due to encryption processing.
- Overhead: Https communication requires a certificate, which is typically purchased from a certification authority;
The Https encryption mechanism is a mixture of shared key encryption and public key encryption.
Three handshakes and four waves
(1). Three handshakes (I want to establish a link with you, you really want to establish a link with me, I really want to establish a link with you, success)
- First handshake: The Client sets the SYN flag bit to 1, randomly generates a value seq=J, and sends the packet to the Server. The Client enters the SYN_SENT state and waits for confirmation from the Server.
- Second handshake: When the Server receives the packet, the flag bit SYN=1 knows that the Client requests to establish a connection. The Server sets the flag bit SYN and ACK to 1, ACK =J+1, randomly generates a value seq=K, and sends the packet to the Client to confirm the connection request. The Server enters the SYN_RCVD state.
- Third handshake: After receiving the confirmation, the Client checks whether the ACK is J+1 and ack is 1. If yes, the Client sets the flag ACK bit to 1, ack=K+1, and sends the packet to the Server. The Server checks whether the ACK is K+1 and ACK is 1. The Client and Server enter the ESTABLISHED state and complete the three-way handshake. Data can be transmitted between the Client and Server.
(2). Four waves (I’m disconnecting from you; Ok, cut it off. I also want to disconnect from you; Ok, cut it off) :
- First wave: The Client sends a FIN to stop data transmission from the Client to the Server, and the Client enters the FIN_WAIT_1 state.
- Second wave: After receiving a FIN, the Server sends an ACK to the Client. The ACK sequence number is +1 (the same as that for SYN, one FIN occupies one sequence number). The Server enters CLOSE_WAIT state. In this case, the TCP connection is half-closed. That is, the client has no data to send, but the client still needs to receive data sent by the server.
- Third wave: The Server sends a FIN to disable data transfer from the Server to the Client, and the Server enters the LAST_ACK state.
- Fourth wave: After receiving the FIN, the Client enters the TIME_WAIT state and sends an ACK to the Server to confirm that the FIN number is +1. The Server enters the CLOSED state and waves four times.
Why do TCP connections require three handshakes, but not two?
The purpose of the three-way handshake is to prevent the invalid link request packet from being sent to the server and causing an error.
- In normal cases, USER A sends A connection request but receives no confirmation because the connection request packet is lost. Therefore, user A retransmits the connection request. Confirmation was received and a connection was established. After the data is transferred, the connection is released. A sends two connection request segments, of which the first is lost and the second reaches B. There is no Invalid connection request segment.
- Now suppose that there is an abnormal situation: that is, the segment of the first connection request packet sent by A is not lost, but is detained at A network node for A long time, so that it is delayed to arrive at B some time after the connection is released. Originally, this is an invalid packet segment. However, after receiving the invalid connection request packet segment, USER B mistakenly thinks that it is A new connection request sent by USER A. Then it sends A confirmation message to A, agreeing to establish A connection.
Assuming that the “three-way handshake” is not used, a new connection is established as soon as B sends an acknowledgement. Since A has not made A connection request, B’s confirmation is ignored and data is not sent to B. But B thinks that the new transport connection has been established and waits for data from A. So a lot of B’s resources go to waste. The three-way handshake prevents this from happening.
Why do you wave four times?
TCP is a connection-oriented, reliable, byte stream – based transport-layer communication protocol. TCP is in full-duplex mode, which means that when A sends A FIN packet to B, IT only indicates that A has no data to send, but A can still receive the data from B. The ACK message sent by B to A simply tells A that it knows that A has no data to send, but B can still send data to A.
So four waves are all it takes to end this conversation on a happy note
What’s the difference between GET and POST?
GET and POST are two commonly used HTTP methods. The differences between them mainly include the following five aspects:
(1) In terms of functions, GET is generally used to obtain resources from the server, and POST is generally used to update resources on the server;
(2) from the perspective of REST services, GET is idempotent, that is, read the same resource, always GET the same data, while POST is not idempotent, because each request to change the resource is not the same; Further, GET does not change resources on the server, whereas POST does;
(3). In terms of the form of request parameters, the data of GET request will be attached to the URL, that is, the request data will be placed in the request header of THE HTTP message to? Split URL and transfer data, parameters are concatenated with &. In particular, if the data is alphanumeric, send it as is; Otherwise, it will be coded as Application/X-www-form-urlencoded MIME strings (if Spaces, convert to +, if Chinese/other characters, BASE64 will be used to encode the strings, as follows: %E4%BD%A0%E5%A5%BD, where XX in % XX is the ASCII hexadecimal representation of the symbol); A POST request places the submitted data in the body of an HTTP request.
(4). In terms of security, the security of POST is higher than that of GET, because the data submitted by GET request will appear in the URL in plain text, and the parameters of POST request are wrapped in the request body, which is relatively safer.
(5). In terms of the size of the request, the length of the GET request is limited by the URL length of the browser or the server, and the amount of data allowed to be sent is relatively small, while the SIZE of the POST request is not limited.
Why is the URL encoded in a GET request?
We know that non-Spanish characters are encoded in the URL in GET requests to avoid ambiguity. If you look at the following example,
For the “name1= Value1&name2 =value2” example, let’s talk about data parsing from client to server. First, the above strings are represented as ASCII on a computer:
6E616D6531 3D 76616C756531 26 6E616D6532 3D 76616C756532 6E616D6531: name1 3D: = 76616C756531: value1 26: &6e616d6532: Name2 3D: = 76616C756532: value2 Copies the codeCopy the code
After receiving the data, the server can traverse the byte stream and eat it byte by byte. When 3D byte is eaten, the server knows that the first byte represents a key and eats it later. If 26 is encountered, it indicates that the value of the last key is between the 3D byte just eaten and the 26 sub-section. The same can be done to parse out the parameters passed by the client.
Now consider what happens if the value of our argument contains a special character like = or &. For example, “name1= Value1”, where the value of value1 is the string “VA&lu = E1”, is actually changed to “name1= VA&lu = E1” during transmission. Thus, the intent is to have only one key-value pair, but the server resolves to two key-value pairs, creating ambiguity.
So, how to solve the ambiguity brought by the above problems? The solution is to URL-encode arguments: for example, if we urL-encode the above ambiguous character “name1=va%26lu%3D”, the server will treat the bytes immediately after “%” as normal bytes, rather than as separators for individual arguments or key-value pairs.
Enter:www.xxx.com
“What happened after that? Please elaborate
- The process from domain name to IP address searching for AN IP address goes through the browser cache, system cache, hosts file, router cache, and recursive search for the root DNS server.
- Establishing a TCP/IP connection (three-way handshake)
- An HTTP request is sent by the browser
- After being forwarded by the router, the HTTP request reaches the server through the server’s firewall
- The server processes the HTTP request and returns an HTML file
- The browser parses the HTML file and displays it on the browser side
- Note here:
- HTTP is an application layer protocol based on TCP/IP. A TCP/IP connection must be established before an HTTP data request is made
- HTTP is a car that provides a concrete form for encapsulating or displaying data. Sockets are engines that provide network communication capabilities.
- The communication between two computers is nothing more than the data communication between two ports, and the specific forms of data are defined by different application layer protocols.
What is HTTP stateless protocol? How to solve Http stateless protocol?
HTTP is a stateless protocol, meaning that it has no memory, which means that each request is independent, and the lack of state means that if the previous information is needed for subsequent processing, it must be retransmitted, which can result in a larger amount of data being transferred per connection. On the other hand, the server responds quickly when it doesn’t need the previous information.
This feature of HTTP has both advantages and disadvantages:
- Advantages: Frees up the server, making every request “clickable” without unnecessarily tying up connections
- Disadvantages: A large amount of duplicate content information is transferred on each request, and data cannot be shared between requests
Solution:
- Use parameter passing mechanism: concatenate parameters after the REQUESTED URL to achieve data passing (GET mode), for example:
/param/list? username=wmyskxz
The problem: Can solve the problem of data sharing, but this method is not secure, and the data transfer capacity is only 1KB - Using Cookie technology
- Using Session technology
What are the common HTTP methods?
- GET: Requests access to resources that have been identified by the URI (Uniform Resource Identifier) and can be sent to the server through the URL
- POST: Transmits information to the server. It is similar to GET, but POST is recommended.
- PUT: transfers the file. The packet body contains the file content and saves it to the URI.
- HEAD: obtains the packet HEAD. This method is similar to GET but does not return the packet body. It is used to verify whether the URI is valid.
- DELETE: deletes a file. In contrast to the PUT method, the file at the URI position is deleted.
- OPTIONS: Queries HTTP methods supported by the URI.
Common HTTP status codes
- 1XX (Interim response)
- 2XX (Success)
- 3XX (redirection) : Indicates that further action is required to complete the request
- 4XX (error) : Indicates that the request may be in error, preventing the server from processing it
- 5XX (server error) : Indicates an internal error occurred while the server was trying to process the request
- Common status codes:
- 200 (Success)
- 304 (unmodified) : The requested page has not been modified since the last request. When the server returns this response, the web page content is not returned
- 401 (unauthorized) : Request requires authentication
- 403 (Forbidden) : The server rejected the request
- 404 (not found) : The server could not find the requested page
SQL injection
SQL injection is to trick the server into executing malicious SQL commands by inserting SQL commands into Web form submissions or query strings for domain names or page requests.
(1). General idea of SQL injection attack:
- Find the location of SQL injection
- Determine the server type and background database type
- SQL injection attacks are carried out against abnormal servers and database features
(2). SQL injection attack example:
For example, if you are asked to enter a user name and password on a login screen, you can enter the following information to achieve account-free login:
Username: 'or 1 = 1 -- key code: copy codeCopy the code
Once the user clicks login, if there is no special treatment, then the illegal user is very proud to log in. Why is that? In theory, the background authentication program will have the following SQL statement:
String SQL = "select * from user_table where username= '+ username +' and password= '+password+'";Copy the code
Therefore, when the above username and password are entered, the above SQL statement becomes:
SELECT * FROM user_table WHERE username= 'or 1 = 1 - and password='Copy the code
SQL > select * from user where username= ‘or 1=1’; And then we add two — that means comments, it comments the following statements so that they don’t work. In this way, the above statement will always execute correctly and the user can easily fool the system into obtaining a legitimate identity.
(3) Solutions:
1. Parameter binding:
With precompilation, binding parameters is the best defense against SQL injection. At present, many ORM frameworks and JDBC have implemented SQL precompilation and parameter binding functions. Malicious SQL from attackers will be executed as SQL parameters rather than SQL commands. In mybatis mapper file, we usually use # and for passing parameters
This Latex formula is not recognized: to get parameter values. When # is used, the variable is a placeholder, which is normally used in a JavajDBC PrepareStatement, to prevent SQL injection; When using copy codeCopy the code
When the variable is directly appended to SQL, there will be SQL injection problems.
2. Use regular expressions to filter the incoming parameters
XSS attacks
XSS is a kind of computer security vulnerability that often appears in Web applications. Together with SQL injection, XSS has become the most mainstream attack method in the Web. XSS refers to a malicious attacker using the website not to escape the user submits the data and insufficient filter faults, and then add some script code embedded in a web page, the other users to access will execute the corresponding embed code, to steal user information, the use of user’s identity for a certain action or violation of a virus attack for the visitor.
(1). Harm of XSS attack:
- Steal all kinds of user accounts, such as machine login account, user network bank account, all kinds of administrator account
- Control of enterprise data, including the ability to read, modify, add, and delete sensitive enterprise data
- Stealing important data of commercial value from the enterprise
- Illegal transfer
- Force E-mail to be sent
- Website hang a horse
- Control the victim’s machine to launch attacks on other sites
(2).
- Main reason: too much trust in the data submitted by the client!
- Solution: Do not trust any data submitted by the client. Any data submitted by the client should be filtered before proceeding to the next step.
- Further analysis details: The data submitted by the client is required by the application. However, malicious attackers use the website’s trust in the data submitted by the client to insert some symbols and javascript code into the data. Then the data will become a part of the application code, and the attacker can carry out unscrupulous attacks. Therefore we can never trust any client submitted data!!
(3). XSS attack classification:
- \1. Reflexive XSS attacks (non-persistent XSS attacks) :
The vulnerability arises because the data injected by the attacker is reflected in the response. A typical non-persistent XSS attack contains a link with an XSS attack vector (that is, each attack requires a user click), for example, sending a message normally:
http://www.test.com/message.php?send=Hello, the World!Copy the code
The receiver will receive the message and display Hello,World; However, messages are sent improperly:
http://www.test.com/message.php?send= < script > alert (' foolish! ') < / script >!Copy the code
A warning window will pop up when the receiver receives the message display!
- \2. Persistent XSS attack (message board scenario) :
XSS attack vectors (generally XSS attack code) are stored in the website database and executed when a page is opened by a user. That is, the script executes whenever the user opens the specified page using the browser. Compared with non-persistent XSS attacks, persistent XSS attacks are more harmful. As the name suggests, a persistent XSS attack is one that stores attack code into a database and executes it when the client opens.
For example, the form field in a message board form:
<input type= "text" name= "content" value= "here is the user fill in the data" >Copy the code
The normal operation process is: the user is to submit the corresponding message information – to store the data to the database – other users access the message board, application to data and display; While the normal operation process is that the attacker fills in the value:
< script > alert (' foolish! '); </script> <! -- or another HTML tag (breaking style), a piece of attack code -->Copy the code
Submit and store the data in the database; When other users retrieve the data display, the attack code will be executed.
(4). Vulnerability repair Policy:
The root cause of vulnerability is too much trust in the data submitted by users and insufficient filtering of the data submitted by users. Therefore, solutions should also start from this aspect, and specific solutions include:
- If the HttpOnly attribute is set in the cookie, the js script will not be able to read the cookie. This can effectively prevent XSS attacks);
- The type of the specified value of the form data, for example: age should only be int, name can only be alphanumeric…
- Perform Html Encode processing on the data
- Filter or remove special Html tags, such as:
.
,< for <
.> for>
." for
- Filter JavaScript event tags, such as “onclick=”, “onfocus”, etc.
Note that HTML tags and even javascript code are allowed in some applications. Therefore, when filtering data, we need to carefully analyze which data has special requirements (for example, the output requires HTML code, javascript code concatenation, or the form is directly allowed to use, etc.) and then treat them differently!