当前位置:网站首页>Security analysis of Web Architecture
Security analysis of Web Architecture
2022-07-05 14:21:00 【Cwxh0125】
web Working mechanism
Webpage 、 Website
We can see beautiful pages on the Internet through the browser , It is usually rendered by the browser .html page , It includes css Equal front end technology . The collection of multiple web pages is the website .
Web Containers
Web Containers , Also called Web The server , Mainly provide Web service , That's what they say HTTP service .
common Web The container has :Apache/IIS/Nginx etc. .
Static page
Static page , They are all .html file , It's a plain text file . These files contain html Code .
Middleware server
The above , Only one-way tactical information can be given to users . With Web The development of , Information should flow in both directions , There is a need for interaction , That is, the concept of dynamic web pages ; The so-called dynamic is to use flash、Php、asp、Java And other technologies to embed some scripts that can run in the web page , When the user browser interprets the page , When you encounter a script, start and run it .
The use of scripts makes Web The service model has the ability of two-way communication ,Web The server mode can also handle various transactions like traditional software , Such as editing files 、 Interest calculation 、 Submit forms, etc ,Web The applicability of the architecture is greatly expanded
These scripts can be embedded in the page , Such as JS etc. . It can also be stored separately in the form of files Web In the server directory , Such as .asp、.php、jsp Documents, etc. . There are more and more functional scripts like this , Form a common toolkit , Manage alone ,Web Business development , Just use it directly , This is the middleware server , It's actually Web Expansion of server processing capacity .
The emergence of databases
Static web pages and scripts are designed in advance , Generally, it is not changed frequently , But a lot of content on the website needs to be updated frequently , It is obviously inappropriate to put these changed data in the program of static web pages , The traditional method is to separate the data from the program , Professional database used .
Web Developers in Web A database server is added behind the server , These constantly changing data are stored in the database , It can be updated at any time . When a user requests a page , The script is based on the page requested by the user , Where dynamic data is involved , utilize SQL Database language , Read the latest data from the data , production “ complete ” page , Finally, send it to the user
HTTP agreement
Brief overview
HTTP It's a browser and web Communication protocol between servers Are the specifications and requirements for message delivery .
1900 Put forward in , The current version is 1.1
HTTP It's used to put HTML Document from web Server transfer to web browser , Is a request and response protocol . The client makes the request , The server responds to the request
HTTP Use reliable TCP Connect , The default port is 80
characteristic
Support browser or service mode
When the browser makes a request to the server , Just send the request method and request path
HTTP Run to transfer objects of any type
URL
Uniform resource locator ( website ), To tell Web Containers , The resource requested by the browser ( file ) The path of . for example :Schema://login:[email protected]:port/path/to/resource/?query_string#fragment
Port 80
Login user name
Password password
Fragment Anchor point ( Realize the positioning in the page )
URL The coding
URL Only characters allowed are limited ,URL in path Start allowing direct presence [A-Z][a-z][0-9]
Half width minus sign (-)、 Underline period (.)、 The waves, (~). Other characters will be encoded with a percent sign ( Including Spaces )
Can be in burp Inside decoder Encoding and decoding
decode :%+ASCII Code hexadecimal
HTTP Message analysis
HTTP The request is made by the request line Request header The body of the request consists of
Request line : Method , Resource path , agreement / edition
Request header : The content from the second line of the request message to the first blank line . It contains many fields
Request body : Under the request header
Request method :
GET The most common method , Usually, the user requests a resource sent by the server .
POST You can submit parameters and forms to the server , Including file stream, etc
HEAD And GET The method is similar to , But only the first part is returned in the server response
PUT And GET Read the document from the server ,PUT Method writes a document to the server
TRACE Echo browser requests
OPTIONS request Web The server informs it of the various functions it supports DELETE
Response message analysis
The response message consists of the status line Response head The response text consists of
Status line : agreement / edition , The status code , Descriptive phrase
Respond to the headlines
Everything from the second line to the first blank line , It contains information about HTTP Important fields of response .
Response Content
The server returns the contents of the resource , That is, what the browser receives HTML Code .
Status code
100~199 Informational status code
200~299 Success status code
300~399 Redirect the status code
400~499 Client error status code
500~599 Server error status code
The main field
Server Server fingerprint
Set-Cookie Set... To the browser side Cookie
Last-Modified The server tells the browser through this header , Last modified time of resource
Content-Length Request body length
Location Redirect target page
Refresh Server pass Refresh The header tells the browser to refresh the browser regularly
边栏推荐
- [learning notes] stage test 1
- Linux下mysql数据库安装教程
- The IPO of Ruineng industry was terminated: the annual revenue was 447million and it was planned to raise 376million
- 根据CronSequenceGenerator计算cron表达式的时间
- 01. Solr7.3.1 deployment and configuration of jetty under win10 platform
- 如何将 DevSecOps 引入企业?
- 怎么叫一手一机的功能方式
- R語言ggplot2可視化:可視化折線圖、使用theme函數中的legend.position參數自定義圖例的比特置
- Google EventBus 使用详解
- 快消品行业SaaS多租户解决方案,构建全产业链数字化营销竞争力
猜你喜欢
乌卡时代下,企业供应链管理体系的应对策略
让秒杀狂欢更从容:大促背后的数据库(下篇)
Postman简介、安装、入门使用方法详细攻略!
Countermeasures of enterprise supply chain management system in UCA Era
Sharing the 12 most commonly used regular expressions can solve most of your problems
直播预告|如何借助自动化工具落地DevOps(文末福利)
Online electronic component purchasing Mall: break the problem of information asymmetry in the purchasing process, and enable enterprises to effectively coordinate management
基于 TiDB 场景式技术架构过程 - 理论篇
世界环境日 | 周大福用心服务推动减碳环保
How can non-technical departments participate in Devops?
随机推荐
The function of qualifier in C language
关于memset赋值的探讨
After the microservice project is deployed, static resources and files uploaded to upload cannot be accessed. Solution
Enjoy what you want. Zhichuang future
MySQL user-defined function ID number to age (supports 15 / 18 digit ID card)
Login interface code
R语言ggplot2可视化:使用ggplot2可视化散点图、使用labs参数自定义X轴的轴标签文本(customize X axis labels)
Tidb DM alarm DM_ sync_ process_ exists_ with_ Error troubleshooting
The speed monitoring chip based on Bernoulli principle can be used for natural gas pipeline leakage detection
How to deeply understand the design idea of "finite state machine"?
Fonctions communes de thymeleaf
Scenario based technology architecture process based on tidb - Theory
R语言使用ggplot2包的geom_histogram函数可视化直方图(histogram plot)
Don't be unconvinced. Mobile phone function upgrade is strong
R language ggplot2 visual bar graph: visualize the bar graph through the two-color gradient color theme, and add label text for each bar (geom_text function)
WebRTC的学习(二)
矩阵链乘 - 动态规划实例
What is the future development trend of neural network Internet of things
R Language ggplot2 Visualization: visualize linegraph, using Legend in Theme function. Paramètre de position emplacement de la légende personnalisée
Show strength. In this way, the mobile phone will not be difficult to move forward