1 / 59

Advanced?

Advanced?. HT TP. Web Seminar #01. elaborate. Wheel. 바퀴짱 ?. SPARCS 07. 밤의 제왕 ?. 안병욱. The presenter is. 3 월 신작 ?. 4 월 신작 ?. Moodle TA. CS101 TA. 5 월 신작 ?. 6 월은 아직 …. 악명 높은 TA?. 여러분 방학 은 다들 잘 보내셨는지요 ?. 첫 세미나인 만큼 즐겁게 하고 싶어요. 어쩌다 보니 제가 첫 세미나를 맡았는데 ,,,,,,.

stellab
Télécharger la présentation

Advanced?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Advanced? HTTP Web Seminar #01

  2. elaborate Wheel 바퀴짱? SPARCS 07 밤의 제왕? 안병욱 The presenter is 3월 신작? 4월 신작? Moodle TA CS101 TA 5월 신작? 6월은 아직… 악명 높은 TA?

  3. 여러분 방학은 다들 잘 보내셨는지요? 첫 세미나인 만큼 즐겁게 하고 싶어요. 어쩌다 보니 제가 첫 세미나를 맡았는데,,,,,, 딱히 할 말도 없고,,,, 뭐 어떻게 해야 하는지 참.. 아… 물 같은 걸 끼얹으면 되는 건가? 장짤인데…. 내가 뭐 하는 건지 참…. ㄴ이ㅏ런이ㅏ런이ㅏ런아ㅣ러나이런아ㅣ런이러ㅏㄴㅇㄹ 아무튼 시작합니다!

  4. Brief Contents Abbreviation Protocol? Definition Introduction What is HTTP? Structure of HTTP Stateless Session Further HTTPS, TLS/SSL? public, private key Request HTTP Response HTTP Sever side Client side Certificate Certificate Authority Self Signed Certificate Digital Signature Message Digest

  5. What is HTTP? Hypertext Transfer Protocol

  6. What is HTTP? Hypertext Transfer Protocol Hypertext? Text displayed on electronic device with references. Reader can immediately access, usually by a mouse click or key press. It contains tables, images, and other presentational devices. Underlying concept defining the structure of the WWW, making flexible format to share information over the Internet.

  7. What is HTTP? Hypertext Transfer Protocol Hypertext? < This is Text. It is nothing but just text. This is Hypertext. It is text but express more than just text. V

  8. What is HTTP? Hypertext Transfer Protocol Protocol? A formaldescription of message formats and the rules for exchanging those messages FTP, IMCP, DHCP, LDAP, NFS, NTP, MIME, DNS, SSH, POP, IMAP, SMTP, RPC, NIS,,,, etc so many things!

  9. What is HTTP? Hypertext Transfer Protocol HTTP? A protocol which defines standard of transferringHypertext such as text, file, or image. Looks quite easy… ?

  10. What is HTTP? Hypertext Transfer Protocol HTTP Another? Application Layer for distributed, collaborative, hypermedia information systems. (Architecture Models of Computer Networking) Such as OSI Model, Internet Protocol Suite Simply, protocols that applications use

  11. What is HTTP? Hypertext Transfer Protocol HTTP Another? HTTP is a request-responsestandard typical of client-server computing. Server Client HTTP Response Request

  12. Now You are Abbreviation Protocol? Definition Introduction What is HTTP? Structure of HTTP Stateless Session Further HTTPS, TLS/SSL? public, private key Request HTTP Response HTTP Sever side Client side Certificate Certificate Authority Self Signed Certificate Digital Signature Message Digest

  13. Structure of HTTP? Simply, we can divide into twokinds of HTTP. Request HTTP A HTTP that occurs when the client requests to the server Server Client Request

  14. Structure of HTTP? Simply, we can divide into twokinds of HTTP. Response HTTP A HTTP that occurs when the server response to the client. Server Client Response

  15. Structure of HTTP? Request HTTP Formally, we can say Request line *(( general header | request header | entity header ) CRLF) CRLF [ message body ]

  16. Structure of HTTP? Request HTTP Formally, we can say Empty or more than once Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] OR \r\n (it depends on system and program language) Optional Attributes

  17. Structure of HTTP? Request HTTP Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] Request-Line = METHOD SP Request-URI SP HTTP-Version CRLF

  18. Structure of HTTP? Request HTTP Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] Space Real text Request-Line = METHOD SP Request-URI SP HTTP-Version CRLF “OPTIONS” | “GET” | ”HEAD” | ”POST” | ”PUT” | ”DELETE” | ”TRACE” | ”CONNECT” | extension-method Methods indicates the desired action to be performed on the identified resource

  19. Structure of HTTP? Request HTTP Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] Request-Line = METHOD SP Request-URI SP HTTP-Version CRLF "*" | absoluteURI | abs_path | authority For non-particular resource (“OPTIONS”) Only for “CONNECT” For Proxy On an origin server or gateway The Request-URI is a Uniform Resource Identifier and identifies the resource upon which to apply the request

  20. Structure of HTTP? Request HTTP Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] Request-Line = METHOD SP Request-URI SP HTTP-Version CRLF HTTP/1.0 | HTTP/1.1 (in web) It specify the HTTP version. In these days, version 1.1 is dominant.

  21. Structure of HTTP? Request HTTP Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] general-header = Cache-Control | Connection | Date | Pragma | Trailer | Transfer-Encoding | Upgrade | Via | Warning request-header = Accept | Accept-Charset | Accept-Encoding | Accept-Language | Authorization | Expect | From | Host | If-Match | If-Modified-Since | If-None-Match | If-Range | If-Unmodified-Since | Max-Forwards | Proxy-Authorization | Range | Referer | TE | User-Agent entity-header = Allow | Content-Encoding | Content-Language | Content-Length | Content-Location | Content-MD5 | Content-Range | Content-Type | Expires | Last-Modified | extension-header extension-header = message-header Cookie RFC-4229

  22. Structure of HTTP? Request HTTP Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] Indicates the end of header It could be also end of HTTP, if there is no ‘message body’

  23. Structure of HTTP? Request HTTP Request-Line *(( general header | request header | entity header ) CRLF) CRLF [ message body ] message-body = entity-body | <entity-body encoded as per Transfer-Encoding> The message-body (if any) of an HTTP message is used to carry the entity-body associated with the request or response.

  24. Structure of HTTP? Request HTTP Now we know Request HTTP POST /login/ HTTP/1.1 Host: sparcs.kaist.ac.kr User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3)……. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: https://sparcs.kaist.ac.kr/login/? Cookie: sessionid=39d2089695cab9408868433d6b811eec Content-Type: application/x-www-form-urlencoded Content-Length: 41 username=elaborate&password=*******&next=

  25. Structure of HTTP? Response HTTP Formally, we can say Status-Line *(( general header | response header | entity header ) CRLF) CRLF [ message body ]

  26. Structure of HTTP? | "500" ; Section 10.5.1: Internal Server Error | "501" ; Section 10.5.2: Not Implemented | "502" ; Section 10.5.3: Bad Gateway | "503" ; Section 10.5.4: Service Unavailable | "504" ; Section 10.5.5: Gateway Time-out | "505" ; Section 10.5.6: HTTP Version not supported Response HTTP Status-Line *(( general header | response header | entity header ) CRLF) CRLF [ message body ] | extension-code extension-code = 3DIGIT Reason-Phrase = *<TEXT, excluding CR, LF> Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF Status-Code = "100" ; Section 10.1.1: Continue | "101" ; Section 10.1.2: Switching Protocols | "200" ; Section 10.2.1: OK | "201" ; Section 10.2.2: Created | "202" ; Section 10.2.3: Accepted | "203" ; Section 10.2.4: Non-Authoritative Information | "204" ; Section 10.2.5: No Content | "205" ; Section 10.2.6: Reset Content | "206" ; Section 10.2.7: Partial Content | "300" ; Section 10.3.1: Multiple Choices | "301" ; Section 10.3.2: Moved Permanently | "302" ; Section 10.3.3: Found | "303" ; Section 10.3.4: See Other | "304" ; Section 10.3.5: Not Modified | "305" ; Section 10.3.6: Use Proxy | "307" ; Section 10.3.8: Temporary Redirect | "400" ; Section 10.4.1: Bad Request | "401" ; Section 10.4.2: Unauthorized | "402" ; Section 10.4.3: Payment Required | "403" ; Section 10.4.4: Forbidden | "404" ; Section 10.4.5: Not Found | "405" ; Section 10.4.6: Method Not Allowed | "406" ; Section 10.4.7: Not Acceptable | "407" ; Section 10.4.8: Proxy Authentication Required | "408" ; Section 10.4.9: Request Time-out | "409" ; Section 10.4.10: Conflict | "410" ; Section 10.4.11: Gone | "411" ; Section 10.4.12: Length Required | "412" ; Section 10.4.13: Precondition Failed | "413" ; Section 10.4.14: Request Entity Too Large | "414" ; Section 10.4.15: Request-URI Too Large | "415" ; Section 10.4.16: Unsupported Media Type | "416" ; Section 10.4.17: Requested range not satisfiable | "417" ; Section 10.4.18: Expectation Failed

  27. Structure of HTTP? Response HTTP Status-Line *(( general header | response header | entity header ) CRLF) CRLF [ message body ] general-header = Cache-Control | Connection |Date | Pragma | Trailer | Transfer-Encoding | Upgrade | Via | Warning response-header = Accept-Ranges | Age | Etag | Location | Proxy-Authenticate | Retry-After | Server | Vary | WWW-Authenticate entity-header = Allow | Content-Encoding | Content-Language | Content-Length | Content-Location | Content-MD5 | Content-Range | Content-Type | Expires | Last-Modified | extension-header extension-header = message-header Set-Cookie RFC-4229

  28. Structure of HTTP? Response HTTP Status-Line *(( general header | response header | entity header ) CRLF) CRLF [ message body ] Indicates the end of header It could be also end of HTTP, if there is no ‘message body’

  29. Structure of HTTP? Response HTTP Status-Line *(( general header | response header | entity header ) CRLF) CRLF [ message body ] message-body = entity-body | <entity-body encoded as per Transfer-Encoding> The message-body (if any) of an HTTP message is used to carry the entity-body associated with the request or response.

  30. Structure of HTTP? Response HTTP Now we know Response HTTP HTTP/1.1 200 OK Date: Tue, 01 Jun 2010 12:20:15 GMT Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch Last-Modified: Sat, 17 Apr 2010 11:13:28 GMT Etag: "7201e2-d23-4846cd133a600" Accept-Ranges: bytes Content-Length: 3363 Keep-Alive: timeout=2, max=99 Connection: Keep-Alive Content-Type: text/css (Large size of data)

  31. Now You are Abbreviation Protocol? Definition Introduction What is HTTP? Structure of HTTP Stateless Session Further HTTPS, TLS/SSL? public, private key Request HTTP Response HTTP Sever side Client side Certificate Certificate Authority Self Signed Certificate Digital Signature Message Digest

  32. Stateless? HTTP is stateless protocol. Server would not retain your information about users between requests. Session In computer science, in particular networking, a session is a semi-permanent interactive information interchange, between two or more communicating devices, or between a computer and user

  33. Session? Again, we can simply divide into twokinds of HTTP. Server side session A session that stored in the server. Handy and efficient, but huge load on the server Client side session A session that stored in clients. Cookies and cryptographic techniques. Cookies are not only for session management, it could be used for Personalization, Tracking, and Third-party.

  34. Session? Set-Cookie set-cookie = "Set-Cookie:" cookies cookies = 1#cookie cookie = NAME "=" VALUE *(";" cookie-av) NAME = attr VALUE = value cookie-av = "Comment" "=" value | "Domain" "=" value | "Max-Age" "=" value | "Path" "=" value | "Secure" | "Version" "=" 1*DIGIT Response Set-Cookie: sessionid=39d2089695cab9408868433d6b811eec; expires=Thu, 17-Jun-2010 04:55:45 GMT; Max-Age=1209600; Path=/

  35. Session? Cookie cookie = "Cookie:" cookie-version 1*((";" | ",") cookie-value) cookie-value = NAME "=" VALUE [";" path] [";" domain] [";" port] cookie-version = "$Version" "=" value NAME = attr VALUE = value path = "$Path" "=" value domain = "$Domain" "=" value port = "$Port" [ "=" <"> value <"> ] Request Cookie: sessionid=39d2089695cab9408868433d6b811eec

  36. Now You are Abbreviation Protocol? Definition Introduction What is HTTP? Structure of HTTP Stateless Session Further HTTPS, TLS/SSL? public, private key Request HTTP Response HTTP Sever side Client side Certificate Certificate Authority Self Signed Certificate Digital Signature Message Digest

  37. HTTPS? It is quite hard to understand at once. I tried to explain in easiest way. There are something you need to now Certificate Authority (CA) Private key, Public key Message Digest Digital Signature TLS/SSL Encrypt, Decrypt

  38. HTTPS? HTTPS(HTTP Secure) includes all characteristics in HTTP and it has more! HTTP has nothing about security, just encoding text is all they can do. Somebody can hijack or thieve. HTTPS guarantee that the server or the client is what we want to communicate such as bank or log in. It requires several steps to authorize the server and client. This is quite issue on SPARCS right now.

  39. HTTPS? SPARCS I create private key(SP priv) and public key (SP pub) CA They have private key(CA priv) and public key(CA pub) also. They have (CA certificate) which is distributed all over the world.

  40. HTTPS? SPARCS I create private key(SP priv) and public key (SP pub) CA They have private key(CA priv) and public key(CA pub) also. They have (CA certificate) which is distributed all over the world and includes (CA pub). Now, they have SP pub. 1. Give a (SP pub) to CA

  41. HTTPS? SPARCS I create private key(SP priv) and public key (SP pub) CA private key(CA priv) public key(CA pub) (CA certificate) (SP pub) They generate (SP certificate). 1. Give a (SP pub) to CA 2. They generate (SP certificate) which includes (SP pub) and )CA digital signature)

  42. HTTPS? SPARCS I create private key(SP priv) and public key (SP pub) CA private key(CA priv) public key(CA pub) (CA certificate) (SP pub) (SP certificate){CA priv}. 1. Give a (SP pub) to CA 2. They generate (SP certificate) which includes (SP pub) and (CA digital signature) 3. Give (SP certificate) to SPARCS

  43. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate){CA priv}. Hi Client Web browser

  44. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate){CA priv} Hello, Here is my SP cert. Client Web browser SP Certificate

  45. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate) Now, I have (SP certificate){CA priv}. Decrypt with (CA pub) which is in (CA Certificate). Then, I can get (CA digital signature) and (SP pub). I will match (CA digital signature) from SP cert and CA Certificate. Client Web browser SP Certificate

  46. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate) It matches! You are authorized! or It does not match or expired… F__k you. Disconnect! Client Web browser SP Certificate

  47. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate) I want you to identify yourself. There might be a server who mocking you. Client Web browser SP Certificate

  48. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate) O.K here is a message{SP priv} Please decrypt it. It will prove myself. Client Web browser SP Certificate

  49. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate) Now, I decrypt message{SP priv} with (SP pub) Let me see it is able to decrypt. Client Web browser SP Certificate

  50. HTTPS? SPARCS private key(SP priv) public key (SP pub) (SP certificate) Well, it works! Nice to see you SPARCS. or It is not valid message… F__k you. Disconnect! Client Web browser SP Certificate

More Related