lesson 3 Flashcards
Why is https important?
- Think that you are using a public wifi connection. Malicious cafe owners or malicious visitors can manipulate and see your http requests. With https you avoid these
- People can listen to the wifi reponses
How to get a free certificate for the website?
- lets encrypt
What is https?
- https = http + tls
- http = hypertext transfer protocol
- tls = transport layer security. TLS encrypts the communication so that it can only be read by the intended recipients.
- To ensure that you connect to the server that you intent to, TLS uses a chain of trust. The server identifies it self with a certificate that contains info about it and a fingerprint of its encryption key
How is the TLS Handshake or process?
1) Server send the certificate with: public key, domain and its signature by certificate authority
2) The client checks if the domain is correct and if the signature is valid
3) The clients generates a random key for symmetrical encryption and encrypts it with the servers public key
4) The server can only communicate if it owns the random key.
What page helps to see the behavior of chrome when problems in TLS?
https://badssl.com/
What is mixed-content?
- It is when the server connection is https but not all its assets are.
- Assets like images, jquery, iframes, etc.
How to test if the website has mixed-content?
- With a self signed certificate
What is head of line blocking (HOL)?
- Is when other requests have to wait to start while one request finishes.
- This issue is revolved with http 2
What is the problem with request headers?
- Request headers are not compressed and because of this they take a lot of memory.
- Compressing the headers helps so the requests are faster
What are http2 improvements?
- human readability of request and response headers are gone and now they are compressed to maximize speed.
- No more head of line blocking. With multiplexing there just one connection with multiple streams. When one stream is blocked another one is put to work.
- http2 brings a big decrease in the time a requests takes.
- With http2 concatenate is not necessary. Most times it is a bad idea because it makes caching inefficient
How to support http2 in your site?
- Enable http2 in your server
Why is same origin policy important?
- If you were allow to make request to other origins then you could steal facebook messages