WWW: an Internet application Bill Chu
© Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains a collection of documents a client can request a document from any info server one document can refer another document in any information server via a Hyper link HTTP is the application protocol that defines the WWW server-client interactions HTTP server maintains the HTTP documents HTTP client obtains and displays the HTTP docs
© Bei-Tseng Chu Aug 2000 The client and server architecture A client connects to a server to send and receive information A server typically a “large” computer that is capable of handling multiple client requests at the same time. The WWW is the universal client server architecture.
© Bei-Tseng Chu Aug 2000 Benefits of the Client Server architecture Effective model for information sharing Server makes information available for multiple clients Clients are sure to receive the most up to date information Server technology can be changed (e.g. a database change) without effecting clients Clients can be dispersed geographically Server maintenance is easier since if all clients are connecting to one place.
© Bei-Tseng Chu Aug 2000 Protocol A protocol is a series of steps, involving two or more parties, designed to accomplish a task Everyone involved in the protocol must know the protocol and all of the steps to follow in advance Everyone in the protocol must agree to follow it The protocol must be unambiguous; each step must be well defined and there must be no chance of a misunderstanding. The protocol must be complete; there must be a specified action for every possible situation.
© Bei-Tseng Chu Aug 2000 HyperText Transfer Protocol (HTTP) Address: IP address + TCP port 80 Format: HTTP request format Request request-URL HTTP-version 0 or more headers Body if it is a POST request HTTP reply format HTTP-version response-code response-phrase 0 or more headers body (HTTP document) Rules: client sends a HTTP request to server server sends back a HTTP reply
© Bei-Tseng Chu Aug 2000 Example Step one: wait for a new request The httpd program waits for a request to arrive from some client somewhere on the Internet. The server program listens on a port and is dormant at this state (default 80).
© Bei-Tseng Chu Aug 2000 Step two: A request arrives from a client A user might have typed in a URL at a browser: The browser will request a connection with the server at The browser issues GET /sample.html http/1.0 User-agent: Mosaic for X Windows/2.4 Accept: text/plain Accept: text/html Accept: images/*
© Bei-Tseng Chu Aug 2000 Step three: The server parses the request The server decodes the message according to http protocol and determines what it should do: Method: GET Document: /sample.html Protocol: http, Version 1.0 User agent: Mosaic for X Window/2.4 Accept: text/plain,text/html, image/*
© Bei-Tseng Chu Aug 2000 Step four: Do the method requested The httpd program fulfills the request. To GET a document, the server looks up the file (/sample.html) in its document tree Success: document sent HTTP/ Document follows Server: NCSAV1.4 Date: Thu, 20 Jul :00:00 GMT Content-type: text/html Content-length: 1066 Last-modified: Thu, 20 Jul :38:00 GMT Failure: an error is sent HTTP/ Not Found Server NCSA/1.4 Date: Thu, 20 Jul :00:00 GMT Content-type: text/html Content-length: 0
© Bei-Tseng Chu Aug 2000 Step five: Finish up: close file; close network connection When the file is completely sent or an error message is sent, the httpd server is finished with its work. It closes the file and closes the network connection. The client receives the data and formats it according to http tags. The server is now ready for more requests and it goes to step 1.
© Bei-Tseng Chu Aug 2000 Web scripts and CGI Web script is a program that can be executed by the web server in response to web requests. Any program can be a web script, there is no mandatory language Common Gateway Interface (CGI) is a standard for how scripts can be called (by httpd) and how data is passed between the httpd server and the script
© Bei-Tseng Chu Aug 2000 Example Step one: wait for a new request The httpd program waits for a request to arrive from some client somewhere on the Internet. The server program listens on a port and is dormant at this state.
© Bei-Tseng Chu Aug 2000 Step two: A request arrives from a client A user might have typed in a URL at a browser: The browser will request a connection with the server at The browser issues GET /scripts/how_busy_are_you http/1.0 User-agent: Mosaic for X Windows/2.4 Accept: text/plain Accept: text/html Accept: images/*
© Bei-Tseng Chu Aug 2000 Step three: Do the method requested The httpd program fulfills the request by executing the script. The server knows it is a script because it is a file under the direction “script”. The name of the “script” directory is set at web server configuration time. To GET the script, the server looks up the file (/scripts/how_busy_are_you) in its document tree Success: the output of the script (normally directed to the screen) is sent to browser HTTP/ Document follows Server: NCSAV1.4 Date: Thu, 20 Jul :00:00 GMT Content-type: text/plain 11:35am up 7 days, 4:35, 5 users, load average: 0.00, 0.09, 0.00 Failure: an error is sent HTTP/ Document follows Server: NCSAV1.4 Date: Thu, 20 Jul :00:00 GMT Content-type: text/plain Cannot find uptime command on this system
© Bei-Tseng Chu Aug 2000 Step four: Finish up: close file; close network connection When the file is completely sent or an error message is sent, the httpd server is finished with its work. It closes the file and closes the network connection. The client receives the data and formats it according to http tags. The server is now ready for more requests and it goes to step 1.
© Bei-Tseng Chu Aug 2000 Scripts and forms Form for CSO PH Query This form will send a PH query to the specified ph server PH server: Return name? Return phone? Return ? At least one of the following fields must be specified: Name
© Bei-Tseng Chu Aug 2000
Passing arguments to web scripts When the submit button is clicked the browser sends: GET Jserver=ns.anywhere.com&doname=yes&dophone=yes&Qname= http/1.0
© Bei-Tseng Chu Aug 2000 HTTP request methods GET: retrieve information from the server. It is the most commonly used. It can also be used in conjunction of CGI to pass parameters to the server HEAD: it is identical to GET, except that the server does not return a document. It is useful for verifying a document exists for checking links or time of modification POST: allows the server to receive data from the client. It is most commonly used to send the data in HTML forms to the server for processing.
© Bei-Tseng Chu Aug 2000 Security risks for CGI Consider a web-based form: message:
© Bei-Tseng Chu Aug 2000
Security problem Suppose the pearl script saves the message into a temp file and executes the unix command: sendmail A malicious user could type in the field for address: This turns into: sendmail