HTTP2 Flashcards

1
Q

What is HTTPS?

A

HTTPS is a secure version of HTTP, inserting an additional layer between HTTP and TCP called TLS or SSL (Transport Layer Security or Secure Sockets Layer, respectively)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

In what port does HTTPS work?

A

443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How is a connection established?

A

resolve IP address from host name via DNS; establish a connection with the server; send a request; wait for a response; close connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Connection: close

A

tells the server to close the connection after sending the response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Server-side Connection Handling

A

establishing a socket to start listening on port 80 (or some other port); receiving the request and parsing the message; processing the response; setting response headers; sending the response to the client; close the connection if a Connection: close request header was found

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Different ways a server can collect information for identification and authentication

A

Request headers: From, Referer, User-Agent; Client-IP; Fat Urls - storing state of the current user by modifying the URL and redirecting to a different URL on each click; each click essentially accumulates state; Cookies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Cookies - server side

A

Cookies allow the server to attach arbitrary information for outgoing responses via the Set-Cookie response header. A cookie is set with one or more name=value pairs separated by semicolon (;), as in Set-Cookie: session-id=12345ABC; username=nettuts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Cookies - browser side

A

Cookies are automatically sent by the browser for each request made to a server, and the browser ensures that only the domain- and path-specific cookies are sent in the request. The request header Cookie: name=value [; name2=value2] is used to send these cookies to the server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Basic Authentication

A

In Basic Authentication, the server initially denies the client’s request with a WWW-Authenticate response header and a 401 Unauthorized status code. On seeing this header, the browser displays a login dialog, prompting for a username and password.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Proxy Authentication

A

Instead of a web server, the authetication challenge is requested by an intermediate proxy. The proxy sends a Proxy-Authenticate header with a 407 Unauthorized status code. In return, the client is supposed to send the credentials via the Proxy-Authorization request header.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Digest Authentication

A

similar to Basic but uses a more secure hashing function to encrypt the username and password

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

how to make the web application work over HTTPS?

A

you need to have a working digital certificate deployed on the server. Once the certificate is verified, the SSL handshake is complete and secure transmission is in effect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Certificates information

A

the certificate issuer
the algorithm used for the certificate
the subject name or organization for whom this cert is created
the public key information for the subject
the Certification Authority Signature, using the specified signing algorithm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Private cache

A

within a browser, caches usernames, passwords, URLs, browsing history and web content. They are generally small and specific to a user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Public cache

A

deployed as caching proxies between the server and client. These are much larger because they serve multiple users. A common practice is to keep multiple caching proxies between the client and the origin-server. This helps to serve frequently accessed content, while still allowing a trip to the server for infrequently needed content.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

process of maintaining a cache

A

Receive request message.
Parse the URL and headers.
Lookup a local copy; otherwise, fetch and store locally
Do a freshness check to determine the age of the content in the cache; make a request to refresh the content only if necessary.
Create the response from the cached body and updated headers.
Send the response back to client.
Optionally, log the transaction.

17
Q

responses to help to tune the cache and ensure that stale content is not kept for too long.

A

If a document hasn’t changed, the server should respond with a 304 Not Modified. If the cached copy has expired, it should generate a new response with updated response headers and return with a 200 OK. If the resource is deleted, it should come back with 404 Not Found