Better handling of interrupted downloads
Download
Report
Transcript Better handling of interrupted downloads
The Wonderful World of
HTTP
Presented by:
Richard Chan
Ashlee Clair
Sky McBean
Robert Wolfer
Overview of Presentation
What is HTTP
How Does It Work
Use of HTTP in Business Today
Controls for HTTP
Future trends
Definition of HTTP
HyperText Transfer Protocol (HTTP) is how the world
wide web transfers or conveys information. Originally
designed to provide a way to publish and receive
HTML pages.
HTML is the language in which one publishes hypertext on
the World Wide Web.
From www.w3.org
Picture provided by The Web Designer’s HTTP Primer:
http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
About HTTP
HTTP is not a protocol for transferring
hypertext; rather it is a protocol for
transmitting information with the
efficiency necessary for making
hypertext jumps. The information
transferred using HTTP can be plain text,
hypertext, audio, images, basically any
Internet accessible information.
From- The Web Designer’s HTTP Primer:
http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
Clarification
Analogy:
HTTP is to Hypertext as Latin is to Science
Who Created HTTP
Hypertext Transfer
Protocol
Created by WWW
Consortium also
known as W3C
Authors of HTTP
Tim Berners-Lee
Henrik Frystyk
Nielsen
Roy T. Fielding
Next 3 Slides from www.w3c.com
Tim Berners-Lee: Director of W3C and Inventor of the
World Wide Web
About W3C
The World Wide Web Consortium (W3C) is
an international consortium where Member
organizations, a full-time staff, and the
public work together to develop Web
standards.
Mission Statement: To lead the World Wide
Web to its full potential by developing
protocols and guidelines that ensure longterm growth for the Web.
More About W3C
W3C primarily pursues its mission
through the creation of Web standards
and guidelines. Since 1994, W3C has
published more than ninety such
standards, called W3C
Recommendations.
History
HTTP 0.9
HTTP 1.0 was created and put into use in May 1996
Never widely used
Only supports requests for representations of the specified
resources.
Still in wide use
Does not use proxy servers very well
HTTP 1.1 was put into use in June 1999
This is the current form being used today
Persistent connections and works well with proxies
Allows multiple requests to be sent at one time
From: www.wikapedia.com
Process
HTTP is a request/response protocol
between clients and servers.
A web browser, client, sends a request by
connecting to a port or remote host by a
transmission control protocol (TCP).
Then a server takes the request string, such
as “GET / HTTP/www.bus.orst.edu” and that
will show that default home page.
From: www.wikapedia.com
Basic Structure of a URL
• Protocol - set of standards that govern the
communication of data (i.e. HTTP)
• Domain name - the address of the Website
• Path - a certain directory/subdirectory at the
Website
• HTML - Hypertext markup language
McLeod Jr., Raymond, George P. Schell. Management Information Systems, 9th ed. Upper Saddle River, N.J.:
Prentice Hall.
HTTP Process
Process Example
Client Request
GET /index.html HTTP/1.1 Host: www.example.com
Server Response
HTTP/1.1 200 OK Date: Mon, 23 May 2005
22:38:34 GMT Server: Apache/1.3.27 (Unix) (RedHat/Linux) Last-Modified: Wed, 08 Jan 2003
23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" AcceptRanges: bytes Content-Length: 438 Connection:
close Content-Type: text/html; charset=UTF-8
Next 2 Slides from: www.wikapedia.com
Eight Request Methods
GET – Requests a representation of the specified resource. By far the
most common method used on the Web today.
HEAD – Asks for the response identical to the one that would
correspond to a GET request, but without the response body. This is
useful for retrieving meta-information written in response headers,
without having to transport the entire content.
POST – Submits user data (e.g. from a HTML form) to the identified
resource. The data is included in the body of the request.
PUT – Uploads a representation of the specified resource.
DELETE – Deletes the specified resource (rarely implemented).
TRACE – Echoes back the received request, so that a client can see
what intermediate servers are adding or changing in the request.
OPTIONS – Returns the HTTP methods that the server supports. This
can be used to check the functionality of a web server.
CONNECT – For use with a proxy that can change to being an SSL
tunnel.
Why HTTP
Flexibiility
HTTP makes use of TCP (Transfer Control Protocol) to establish
a reliable connection between the client and the server. However
it is a 'stateless' protocol, which means that a new connection
between the client and a server is established for each
transaction, the transaction occurs and then the connection is
terminated. Each specific HTTP client server transaction is
executed independently, creating a new TCP connection for each
HTTP transaction.
It is this stateless nature of HTTP which makes it particularly
suited to the web. If you think about how a user browses the web,
typically they will jump from website to website. Their browser
makes a rapid sequence of requests from a number of distributed
servers. The flexible stateless nature of HTTP facilitates this kind
of communication.
Next 2 From- The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
Why HTTP
Versatility
Another important feature of HTTP is its versatility. It can
handle a range of file formats. When a client issues a
request to a server it may include a prioritized list of formats
it can handle. The server then responds with the
appropriate format. This arrangement prevents the
transmission of unnecessary information, making more
effeicient use of the connection.
Business use of HTTP
E-Commerce
E-Business
Next 3 slides from Kinicki, Angelo and Robert Kreitner. Organizational Behavior. New
York City: McGraw-Hill, 2006.
E-commerce
Selling products over the internet
Online forms send information to
company’s database
JR Cigars
http://www.jrcigars.com
E-business
Using the internet to facilitate every aspect of
the business
Communication: Memos, instructions…
Discussion forums
E-learning, research
Online forms for regulatory agencies
IBM for E-business
http://www.ibm.com/e-business
IT controls for HTTP
Because HTTP is a transfer protocol used to
spread information through the WWW, companies
must have a strategy in place to limit the number
of threats that can be transmitted through HTTP.
A strategy is particularly important because these
threats can attack the firm’s information
resources.
One strategy that has become popular among
companies is the implementation of a Risk
Management strategy
Next 7 slides from: McLeod Jr., Raymond, George P. Schell. Management Information Systems,
9th ed. Upper Saddle River, N.J.: Prentice Hall.
Risk Management Strategy
The risk
management
strategy bases the
security of the firm’s
information
resources on the
risks that these
resources face
Similarity between Risk Management Strategy and
the components of an Internal Control System
Control
Environment
Risk
assessment
Control
Activities
Information and
Communication
Monitoring
Identify the Threats
1.
2.
3.
4.
5.
Viruses
Worms
Hackers
Malware - invades a
system and performs
functions not intended
by the system owners
Trojan Horses produce unwanted
changes in the
system’s functionality
Define the Risks
1.
2.
3.
4.
Unauthorized Disclosure and
Theft - industrial spies gaining
valuable competitive
information and computer
criminals embezzling the firm’s
funds
Unauthorized Use of the Firm’s
Information Resources (i.e. the
database)
Unauthorized Destruction and
Denial of Service - which can
cause a shutdown in the firm’s
computer operations
Unauthorized Modification changes made to the firm’s
data
Establish the Policy
Phase 1 - Policy
Development
Phase 2 - Consultation and
Approval
Phase 3 - Awareness and
Education: once the policy
has been approved training
awareness and policy
education programs are
conducted
Phase 4 - Policy
Dissemination: the security
policies are disseminated
throughout the organizational
units where the policies apply
(i.e. promote a good control
environment)
Implement the Controls
Intrusion Detection
Systems - virus protection
software (Norton Antivirus)
Firewalls - acts as a filter
and barrier that restricts
the flow of data to and
from the firm from the
internet
Cryptography - data and
information can be
encrypted as it resides in
storage and as it is
transmitted over the
networks
New In HTTP
HTTP/1.1
The basic operation of HTTP/1.1 remains the same as for
HTTP/1.0, and the protocol ensures that browsers and servers of
different versions can all interoperate correctly. If the browser
understands version 1.1, it uses HTTP/1.1 on the request line
instead of HTTP/1.0. When the server sees this is knows it can
make use of new 1.1 features (if a 1.1 server sees a lower
version, it must adjust its response to use that protocol instead).
HTTP/1.1 contains a lot of new facilities, the main ones are:
hostname identification, content negotiation, persistent
connections, chunked transfers, byte ranges and support for
proxies and caches.
Next 2 slides from Apache Week: http://www.apacheweek.com/features/http11
How This Affects Browsers and Servers
Non-IP virtual Hosts
Virtual hosts can be used without needing additional IP addresses.
Content Negotiation means more content types and better selection
Using content negotiation means that resources can be stored in various
formats, and the browser automatically gets the 'best' one (e.g. the
correct language). If a best match cannot be determined, the browser or
server can offer a list of choices to the user.
Faster Response
Persistent connections will mean that accessing pages with inline or
embedded documents should be quicker.
Better handling of interrupted downloads
The ability to request byte ranges will let browsers continue interrupted
downloads.
Better Behavior and Performance from Caches
Caches will be able to use persistent connections to increase
performance both when talking to browsers and servers. Use of
conditionals and content negotiation will mean caches can identify
responses quicker.