Presentation is loading. Please wait.

Presentation is loading. Please wait.

Internet and Intranet Protocols and Applications Lecture 13: Web Beyond HTTP 4/25/2000 Arthur P. Goldberg Computer Science Department New York University.

Published byShanon Taylor Modified over 8 years ago

Similar presentations

Presentation on theme: "Internet and Intranet Protocols and Applications Lecture 13: Web Beyond HTTP 4/25/2000 Arthur P. Goldberg Computer Science Department New York University."— Presentation transcript:

1 Internet and Intranet Protocols and Applications Lecture 13: Web Beyond HTTP 4/25/2000 Arthur P. Goldberg Computer Science Department New York University artg@cs.nyu.edu

2 Web Beyond HTTP HTTP offers limited request/response semantics –Unrelated requests –non-secure communications

3 Some critical extensions for client/server applications Security –encryption/authentication SSL Sessions –Cookies programming environments built on them

4 Secure Communications Goal Client-----Hostile Network------Server || Client-Server In room by themselves Client-----Hostile Network------Server || Client-Server In room by themselves Cryptographic protocols provide Authenticate –Reliably identify each other Encryption –Messages cannot be read, modified, or created by hostile intermediaries

5 HTTPS SSL TCP

6 Key SSL Calls Socket = connect( … ); /* TCP */ SSL_struct = SSL_new(); /* create an SSL structure */ SSL_set_fd( SSL_struct, Socket ); /* bind to a socket*/ SSL_connect( SSL_struct ); ret_code = SSL_write( SSL_struct, buffer, num_bytes); o o o ret_code = SSL_read( SSL_struct, buffer_pointer, num_bytes);

7 Client BrowserWeb Server Establish a New SSL Connection Hello Hello, Certificate Key exchange, Change Cipher Spec Change Cipher Spec SSL connect, Creating new Session Key TCP Connect

8 Client BrowserWeb Server SYN ACK/SYN Client Hello TCP Connect Server Hello, Change Cipher Spec Finished SSL connect, Reusing Cached Session Key Reestablish an SSL Connection

9 HTTP state management mechanism - “cookies” A ‘cookie’: A session identifier rfc2109 2/97 Kristol & Montulli

10 Cookie Headers Set-Cookie –Server to client Cookie –Client to server

11 Set-cookie response header Name=value; [Domain=value;] –the domain for which the cookie is valid (Defaults to the request-host) [path=value;] –the subset of URLs to which the cookie applies [max-age=value] –the lifetime of the cookie, in seconds

12 Caching To suppress caching of the Set-Cookie header in HTTP 1.1 –Cache-control: no-cache="set- cookie"

13 Cookie request header Cookie: –NAME = VALUE [";" path] [";" domain] –Multiple name=value pairs

14 Cookie selection Rules for choosing cookie-values from all the browser’s cookies Domain Selection –The origin server's fully-qualified host name must domain-match the Domain attribute of the cookie. Path Selection –The Path attribute of the cookie must match a prefix of the request-URI. Max-Age Selection –Cookies that have expired should have been discarded

15 Server cookie use unique ID for session/argument to lookups key into user database

16 Web Server Programming Environments Single Request CGI/fast-CGI APIs Netscape (NSAPI) Microsoft (ISAPI) Templates Webpage=program database interface full language Servlets Multiple Request Process, with control flow

17 HTML with embedded commands eg. Oracle Allairecold fusion

18 Specialized tags get interpreted by programs/OB queries Template filled in by output of program may be compiled

19 Example: Cold Fusion Web page/file is a cold fusion module, or CFM Accessing the page –Loads the cold fusion interpreter which –‘exceutes’ the page and –Returns HTML

20 CFM TAGS –HTML –CF CF concepts –Variables –Control flow –SQL –Tables

21 CF Example download data to a spreadsheet Select first_name, last_name from people First name Last Name #first_name# #last_name#

22 CF Example

23 Server Programming Session –Variety of techniques Custom JAVA ‘Process’ – Interworld ‘Dynamo’ - Art Technology Group

24 Connection: close

25 HTTPS Connection Psuedo code if (HTTPS) Default_port=443; else Default_port=80; if ( !port) port=Default_port; s=TCP_connect (host, port); if ( HTTPS) SSL_handle = SSL_connect(s);

26 /* write */ if (HTTPS) rc=SSL_write (SSL_handle, buf, n); else rc=write (s, buf, n);

27 /* read */ if (HTTPS) rc=SSL_read(SSL_handle, buf, n); else rc= read(s, buf, n);

Download ppt "Internet and Intranet Protocols and Applications Lecture 13: Web Beyond HTTP 4/25/2000 Arthur P. Goldberg Computer Science Department New York University."

Similar presentations

A Comparison of HTTP and HTTPS Performance Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, Computer Science Department Courant.

A Comparison of HTTP and HTTPS Performance Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, Computer Science Department Courant.
Cryptography and Network Security Chapter 16

Cryptography and Network Security Chapter 16
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
COEN 445 Communication Networks and Protocols Lab 4

COEN 445 Communication Networks and Protocols Lab 4
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.

INTERNET DATABASE Chapter 9. u Basics of Internet, Web, HTTP, HTML, URLs. u Advantages and disadvantages of Web as a database platform. u Approaches for.
Introduction to Web Database Processing

Introduction to Web Database Processing
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.

Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)
Secure Web Server Response Time Improved by Caching SSL Session Keys Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, Computer.

Secure Web Server Response Time Improved by Caching SSL Session Keys Arthur Goldberg, Robert Buff, Andrew Schmitt [artg, buff, Computer.
Definitions, Definitions, Definitions Lead to Understanding.

Definitions, Definitions, Definitions Lead to Understanding.
Introduction to Web Interface Technology (CSE2030)

Introduction to Web Interface Technology (CSE2030)

Similar presentations

Ads by Google