280 likes | 407 Views
The Wonderful World of HTTP Presented by: Richard Chan Ashlee Clair Sky McBean Robert Wolfer. Overview of Presentation . What is HTTP How Does It Work Use of HTTP in Business Today Controls for HTTP Future trends. Definition of HTTP.
E N D
The Wonderful World of HTTP Presented by: Richard Chan Ashlee Clair Sky McBean Robert Wolfer
Overview of Presentation • What is HTTP • How Does It Work • Use of HTTP in Business Today • Controls for HTTP • Future trends
Definition of HTTP • HyperText Transfer Protocol (HTTP) is how the world wide web transfers or conveys information. Originally designed to provide a way to publish and receive HTML pages. • HTML is the language in which one publishes hypertext on the World Wide Web. From www.w3.org Picture provided by The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
About HTTP • HTTP is not a protocol for transferring hypertext; rather it is a protocol for transmitting information with the efficiency necessary for making hypertext jumps. The information transferred using HTTP can be plain text, hypertext, audio, images, basically any Internet accessible information. From- The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
Clarification Analogy: HTTP is to Hypertext as Latin is to Science
Who Created HTTP • Hypertext Transfer Protocol • Created by WWW Consortium also known as W3C • Authors of HTTP • Tim Berners-Lee • Henrik Frystyk Nielsen • Roy T. Fielding Next 3 Slides from www.w3c.com Tim Berners-Lee: Director of W3C and Inventor of the World Wide Web
About W3C • The World Wide Web Consortium (W3C) is an international consortium where Member organizations, a full-time staff, and the public work together to develop Web standards. • Mission Statement: To lead the World Wide Web to its full potential by developing protocols and guidelines that ensure long-term growth for the Web.
More About W3C • W3C primarily pursues its mission through the creation of Web standards and guidelines. Since 1994, W3C has published more than ninety such standards, called W3C Recommendations.
History • HTTP 0.9 • Never widely used • Only supports requests for representations of the specified resources. • HTTP 1.0 was created and put into use in May 1996 • Still in wide use • Does not use proxy servers very well • HTTP 1.1 was put into use in June 1999 • This is the current form being used today • Persistent connections and works well with proxies • Allows multiple requests to be sent at one time From: www.wikapedia.com
Process • HTTP is a request/response protocol between clients and servers. • A web browser, client, sends a request by connecting to a port or remote host by a transmission control protocol (TCP). • Then a server takes the request string, such as “GET / HTTP/www.bus.orst.edu” and that will show that default home page. From: www.wikapedia.com
Basic Structure of a URL • Protocol - set of standards that govern the communication of data (i.e. HTTP) • Domain name - the address of the Website • Path - a certain directory/subdirectory at the Website • HTML - Hypertext markup language McLeod Jr., Raymond, George P. Schell. Management Information Systems, 9th ed. Upper Saddle River, N.J.: Prentice Hall.
Process Example • Client Request • GET /index.html HTTP/1.1 Host: www.example.com • Server Response • HTTP/1.1 200 OK Date: Mon, 23 May 2005 22:38:34 GMT Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes Content-Length: 438 Connection: close Content-Type: text/html; charset=UTF-8 Next 2 Slides from: www.wikapedia.com
Eight Request Methods • GET – Requests a representation of the specified resource. By far the most common method used on the Web today. • HEAD – Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content. • POST – Submits user data (e.g. from a HTML form) to the identified resource. The data is included in the body of the request. • PUT – Uploads a representation of the specified resource. • DELETE – Deletes the specified resource (rarely implemented). • TRACE – Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request. • OPTIONS – Returns the HTTP methods that the server supports. This can be used to check the functionality of a web server. • CONNECT – For use with a proxy that can change to being an SSL tunnel.
Why HTTP • Flexibiility HTTP makes use of TCP (Transfer Control Protocol) to establish a reliable connection between the client and the server. However it is a 'stateless' protocol, which means that a new connection between the client and a server is established for each transaction, the transaction occurs and then the connection is terminated. Each specific HTTP client server transaction is executed independently, creating a new TCP connection for each HTTP transaction. It is this stateless nature of HTTP which makes it particularly suited to the web. If you think about how a user browses the web, typically they will jump from website to website. Their browser makes a rapid sequence of requests from a number of distributed servers. The flexible stateless nature of HTTP facilitates this kind of communication. Next 2 From- The Web Designer’s HTTP Primer: http://www.dmc.dit.ie/maim2002/mairead/practice/projects/MP4/What/index.html
Why HTTP • Versatility Another important feature of HTTP is its versatility. It can handle a range of file formats. When a client issues a request to a server it may include a prioritized list of formats it can handle. The server then responds with the appropriate format. This arrangement prevents the transmission of unnecessary information, making more effeicient use of the connection.
Business use of HTTP • E-Commerce • E-Business Next 3 slides from Kinicki, Angelo and Robert Kreitner. Organizational Behavior. New York City: McGraw-Hill, 2006.
E-commerce • Selling products over the internet • Online forms send information to company’s database JR Cigars http://www.jrcigars.com
E-business • Using the internet to facilitate every aspect of the business • Communication: Memos, instructions… • Discussion forums • E-learning, research • Online forms for regulatory agencies IBM for E-business http://www.ibm.com/e-business
IT controls for HTTP • Because HTTP is a transfer protocol used to spread information through the WWW, companies must have a strategy in place to limit the number of threats that can be transmitted through HTTP. • A strategy is particularly important because these threats can attack the firm’s information resources. • One strategy that has become popular among companies is the implementation of a Risk Management strategy Next 7 slides from: McLeod Jr., Raymond, George P. Schell. Management Information Systems, 9th ed. Upper Saddle River, N.J.: Prentice Hall.
Risk Management Strategy • The risk management strategy bases the security of the firm’s information resources on the risks that these resources face
Similarity between Risk Management Strategy and the components of an Internal Control System Control Environment Risk assessment Control Activities Information and Communication Monitoring
Identify the Threats • Viruses • Worms • Hackers • Malware - invades a system and performs functions not intended by the system owners • Trojan Horses - produce unwanted changes in the system’s functionality
Define the Risks • Unauthorized Disclosure and Theft - industrial spies gaining valuable competitive information and computer criminals embezzling the firm’s funds • Unauthorized Use of the Firm’s Information Resources (i.e. the database) • Unauthorized Destruction and Denial of Service - which can cause a shutdown in the firm’s computer operations • Unauthorized Modification - changes made to the firm’s data
Establish the Policy • Phase 1 - Policy Development • Phase 2 - Consultation and Approval • Phase 3 - Awareness and Education:once the policy has been approved training awareness and policy education programs are conducted • Phase 4 - Policy Dissemination: the security policies are disseminated throughout the organizational units where the policies apply (i.e. promote a good control environment)
Implement the Controls • Intrusion Detection Systems-virus protection software (Norton Antivirus) • Firewalls - acts as a filter and barrier that restricts the flow of data to and from the firm from the internet • Cryptography - data and information can be encrypted as it resides in storage and as it is transmitted over the networks
New In HTTP HTTP/1.1 • The basic operation of HTTP/1.1 remains the same as for HTTP/1.0, and the protocol ensures that browsers and servers of different versions can all interoperate correctly. If the browser understands version 1.1, it uses HTTP/1.1 on the request line instead of HTTP/1.0. When the server sees this is knows it can make use of new 1.1 features (if a 1.1 server sees a lower version, it must adjust its response to use that protocol instead). • HTTP/1.1 contains a lot of new facilities, the main ones are: hostname identification, content negotiation, persistent connections, chunked transfers, byte ranges and support for proxies and caches. Next 2 slides from Apache Week: http://www.apacheweek.com/features/http11
How This Affects Browsers and Servers • Non-IP virtual HostsVirtual hosts can be used without needing additional IP addresses. • Content Negotiation means more content types and better selectionUsing content negotiation means that resources can be stored in various formats, and the browser automatically gets the 'best' one (e.g. the correct language). If a best match cannot be determined, the browser or server can offer a list of choices to the user. • Faster ResponsePersistent connections will mean that accessing pages with inline or embedded documents should be quicker. • Better handling of interrupted downloadsThe ability to request byte ranges will let browsers continue interrupted downloads. • Better Behavior and Performance from CachesCaches will be able to use persistent connections to increase performance both when talking to browsers and servers. Use of conditionals and content negotiation will mean caches can identify responses quicker.