HTTP state management

HTTP vs HTTPS

 HTTP:

  • Hyper text transfer protocol

  • Layer7 protocol which enables client browser to interact with / communicate with the webs erver

  • OSI layers/OSI models()



    http is at the top of OSI model

  • when we enter some url with http as protocol, then it fetches related data from that particular server

  • HTTP sends and gets the data in plain text and it's light weight(so gives better performance bcs it doesn't have any encryption and other things what we've in https; there is no mechanism to secure the data)

  • HTTP > bank site > insecure(bcs there is no security) , not protected > easily be hacked

  • default port of http server is 80 on any server

  • now every company has https

HTTPS:
  • we've an additional layer of security which is provided through TLS/SSL(Transport Layer security/secure socket Layer)
  • https => http over TLS/SSL
  • https uses SSL certificate. and these certificates are signed through a certificate authority
  • certificate authority is an entity that issues digital certificates
  • That particular certificate is installed on the browser and browser should understand that it's a legitimate certificate and only then that communication channel is opened 
  • while the data is on the network it's not in the plain text; It's completely encrypted and decrypted


  • Encrypted data


  • Layer 4 (Transport)
  • Key exchange
    • public and private key exchange for encrypting and decrypting the data
  • Heavier than http
    • adding more layers of security
    • adding more encryption decryption 
  • Certificate Authority(CA)
  • Port 443
    • default port
To make the system more robust we can combine both symmetric and asymmetric encryptions of SSL



HTTP methods:
  • GET(read)
    • This is used to provide a read only access to a resource.
    • 200 - success http code
    • 404(Not found), 400(Bad request) - failure
  • POST(Create)
    • This is used to update a existing resource or create a new resource
    • For creating a resource ( does not matter if it was duplicated )
    • Duplication is allowed here
    • 201- success
  • PUT(replace)
    • If the client sends data with an identifier, then we will check whether that identifier exists. If the identifier exists, we will update the resource with the data, else we will create a resource with the data and assign/generate a new identifier.
    • we are not throwing an exception if an identifier is not found.
    • A method of modifying resource where the client sends data that updates the entire resource.
    • 200, 204(if not returning any content in the body) - success
  • PATCH(update)
    • A method of modifying resources where the client sends partial data that is to be updated without modifying the entire data.
    • we are throwing an exception if the identifier is not found.
  • DELETE(delete)
    • This is used to remove a resource
    • 200, 204(if not returning any content in the body) - success

No comments:

Post a Comment