the wonderful world of http presented by: richard chan ashlee clair sky mcbean robert wolfer
Post on 20-Dec-2015
220 views
TRANSCRIPT
Overview of Presentation
What is HTTPHow Does It WorkUse of HTTP in Business TodayControls for HTTPFuture trends
Definition of HTTP
HyperText Transfer Protocol (HTTP) is how the world wide web transfers or conveys information. Originally designed to provide a way to publish and receive HTML pages. HTML is the language in which one publishes hypertext on
the World Wide Web. From www.w3.org
Picture provided by The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
About HTTP
HTTP is not a protocol for transferring hypertext; rather it is a protocol for transmitting information with the efficiency necessary for making hypertext jumps. The information transferred using HTTP can be plain text, hypertext, audio, images, basically any Internet accessible information.
From- The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
Who Created HTTP
Hypertext Transfer Protocol Created by WWW
Consortium also known as W3C
Authors of HTTP Tim Berners-Lee Henrik Frystyk
Nielsen Roy T. Fielding
Next 3 Slides from www.w3c.com
Tim Berners-Lee: Director of W3C and Inventor of the World Wide Web
About W3C
The World Wide Web Consortium (W3C) is an international consortium where Member organizations, a full-time staff, and the public work together to develop Web standards.
Mission Statement: To lead the World Wide Web to its full potential by developing protocols and guidelines that ensure long-term growth for the Web.
More About W3C
W3C primarily pursues its mission through the creation of Web standards and guidelines. Since 1994, W3C has published more than ninety such standards, called W3C Recommendations.
History
HTTP 0.9 Never widely used Only supports requests for representations of the specified
resources. HTTP 1.0 was created and put into use in May 1996
Still in wide use Does not use proxy servers very well
HTTP 1.1 was put into use in June 1999 This is the current form being used today Persistent connections and works well with proxies Allows multiple requests to be sent at one time
From: www.wikapedia.com
Process
HTTP is a request/response protocol between clients and servers.A web browser, client, sends a request by
connecting to a port or remote host by a transmission control protocol (TCP).
Then a server takes the request string, such as “GET / HTTP/www.bus.orst.edu” and that will show that default home page.
From: www.wikapedia.com
Basic Structure of a URL
• Protocol - set of standards that govern the communication of data (i.e. HTTP)
• Domain name - the address of the Website • Path - a certain directory/subdirectory at the Website• HTML - Hypertext markup language
McLeod Jr., Raymond, George P. Schell. Management Information Systems, 9th ed. Upper Saddle River, N.J.: Prentice Hall.
Process Example
Client Request GET /index.html HTTP/1.1 Host:
www.example.com Server Response
HTTP/1.1 200 OK Date: Mon, 23 May 2005 22:38:34 GMT Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes Content-Length: 438 Connection: close Content-Type: text/html; charset=UTF-8
Next 2 Slides from: www.wikapedia.com
Eight Request Methods
GET – Requests a representation of the specified resource. By far the most common method used on the Web today.
HEAD – Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
POST – Submits user data (e.g. from a HTML form) to the identified resource. The data is included in the body of the request.
PUT – Uploads a representation of the specified resource. DELETE – Deletes the specified resource (rarely implemented). TRACE – Echoes back the received request, so that a client can see
what intermediate servers are adding or changing in the request. OPTIONS – Returns the HTTP methods that the server supports. This
can be used to check the functionality of a web server. CONNECT – For use with a proxy that can change to being an SSL
tunnel.
Why HTTP
FlexibiilityHTTP makes use of TCP (Transfer Control Protocol) to establish a reliable connection between the client and the server. However it is a 'stateless' protocol, which means that a new connection between the client and a server is established for each transaction, the transaction occurs and then the connection is terminated. Each specific HTTP client server transaction is executed independently, creating a new TCP connection for each HTTP transaction.
It is this stateless nature of HTTP which makes it particularly suited to the web. If you think about how a user browses the web, typically they will jump from website to website. Their browser makes a rapid sequence of requests from a number of distributed servers. The flexible stateless nature of HTTP facilitates this kind of communication.
Next 2 From- The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
Why HTTP
Versatility Another important feature of HTTP is its versatility. It can handle a range of file formats. When a client issues a request to a server it may include a prioritized list of formats it can handle. The server then responds with the appropriate format. This arrangement prevents the transmission of unnecessary information, making more effeicient use of the connection.
Business use of HTTP
E-Commerce E-Business
Next 3 slides from Kinicki, Angelo and Robert Kreitner. Organizational Behavior. New York City: McGraw-Hill, 2006.
E-commerce
Selling products over the internetOnline forms send information to
company’s database
JR Cigars
http://www.jrcigars.com
E-business
Using the internet to facilitate every aspect of the business Communication: Memos, instructions… Discussion forums E-learning, research Online forms for regulatory agencies
IBM for E-business
http://www.ibm.com/e-business
IT controls for HTTP
Because HTTP is a transfer protocol used to spread information through the WWW, companies must have a strategy in place to limit the number of threats that can be transmitted through HTTP.
A strategy is particularly important because these threats can attack the firm’s information resources.
One strategy that has become popular among companies is the implementation of a Risk Management strategy
Next 7 slides from: McLeod Jr., Raymond, George P. Schell. Management Information Systems, 9th ed. Upper Saddle River, N.J.: Prentice Hall.
Risk Management Strategy
The risk management strategy bases the security of the firm’s information resources on the risks that these resources face
Similarity between Risk Management Strategy and the components of an Internal Control System
Riskassessment
Control
Activities
Information and Communication
Control
Environment
Monitoring
Identify the Threats
1. Viruses
2. Worms
3. Hackers
4. Malware - invades a system and performs functions not intended by the system owners
5. Trojan Horses - produce unwanted changes in the system’s functionality
Define the Risks
1. Unauthorized Disclosure and Theft - industrial spies gaining valuable competitive information and computer criminals embezzling the firm’s funds
2. Unauthorized Use of the Firm’s Information Resources (i.e. the database)
3. Unauthorized Destruction and Denial of Service - which can cause a shutdown in the firm’s computer operations
4. Unauthorized Modification - changes made to the firm’s data
Establish the Policy Phase 1 - Policy Development Phase 2 - Consultation and
Approval Phase 3 - Awareness and
Education: once the policy has been approved training awareness and policy education programs are conducted
Phase 4 - Policy Dissemination: the security policies are disseminated throughout the organizational units where the policies apply (i.e. promote a good control environment)
Implement the Controls
Intrusion Detection Systems - virus protection software (Norton Antivirus)
Firewalls - acts as a filter and barrier that restricts the flow of data to and from the firm from the internet
Cryptography - data and information can be encrypted as it resides in storage and as it is transmitted over the networks
New In HTTP
HTTP/1.1
The basic operation of HTTP/1.1 remains the same as for HTTP/1.0, and the protocol ensures that browsers and servers of different versions can all interoperate correctly. If the browser understands version 1.1, it uses HTTP/1.1 on the request line instead of HTTP/1.0. When the server sees this is knows it can make use of new 1.1 features (if a 1.1 server sees a lower version, it must adjust its response to use that protocol instead).
HTTP/1.1 contains a lot of new facilities, the main ones are: hostname identification, content negotiation, persistent connections, chunked transfers, byte ranges and support for proxies and caches.
Next 2 slides from Apache Week: http://www.apacheweek.com/features/http11
How This Affects Browsers and Servers
Non-IP virtual HostsVirtual hosts can be used without needing additional IP addresses.
Content Negotiation means more content types and better selectionUsing content negotiation means that resources can be stored in various formats, and the browser automatically gets the 'best' one (e.g. the correct language). If a best match cannot be determined, the browser or server can offer a list of choices to the user.
Faster ResponsePersistent connections will mean that accessing pages with inline or embedded documents should be quicker.
Better handling of interrupted downloadsThe ability to request byte ranges will let browsers continue interrupted downloads.
Better Behavior and Performance from CachesCaches will be able to use persistent connections to increase performance both when talking to browsers and servers. Use of conditionals and content negotiation will mean caches can identify responses quicker.