web uses "HTTP" or "HTTPS" protocol for information transmission. The HTTP protocol specifies what kind of messages the client may send to the server and what kind of response it gets; while the HTTPS protocol is an HTTP channel aimed at security. Based on HTTP, the security of the transmission process is ensured through transmission encryption and identity authentication. sex.
The operating environment of this tutorial: Windows 10 system, Dell G3 computer.
web uses "HTTP" or "HTTPS" protocol for information transmission.
HTTP
Hypertext Transfer Protocol (HTTP) is a simple request-response protocol that usually runs on top of TCP. It specifies what kind of messages the client may send to the server and what kind of response it gets. The headers of request and response messages are given in ASCII form; the message contents have a MIME-like format. This simple model was responsible for the early success of the Web because it made development and deployment very straightforward.
Disadvantages of HTTP:
Although HTTP is extremely widely used, it has many security flaws, mainly its clear text transmission of data and lack of message integrity detection. These two points It happens to be the security aspect that needs the most attention in emerging applications such as online payment and online transactions.
Regarding HTTP plaintext data transmission, the most common attack method used by attackers is network sniffing, trying to analyze sensitive data from the transmission process, such as the administrator's login process to the Web program background, etc., thus Obtain website management rights and then penetrate the entire server. Even if the background login information cannot be obtained, attackers can still obtain the private information of ordinary users from the network, including mobile phone numbers, ID numbers, credit card numbers and other important information, leading to serious security incidents. Carrying out a network sniffing attack is very simple and requires very little from the attacker. Using any packet capture tool released on the Internet, it is possible for a novice to obtain user information of large websites.
In addition, when HTTP transmits client requests and server responses, the only data integrity check is that the length of the transmitted data is included in the message header, and there is no confirmation whether the content has been tampered with. Therefore, an attacker can easily launch a man-in-the-middle attack, modify the data transmitted between the client and the server, and even insert malicious code into the transmitted data, causing the client to be directed to a malicious website and implanted with a Trojan horse.
HTTPS
HTTPS (full name: Hyper Text Transfer Protocol over SecureSocket Layer) is a security-focused HTTP channel that uses transmission encryption and Identity authentication ensures the security of the transmission process. HTTPS adds SSL to the foundation of HTTP. The security foundation of HTTPS is SSL, so the details of encryption require SSL. HTTPS has a different default port than HTTP and an encryption/authentication layer (between HTTP and TCP). This system provides authentication and encrypted communication methods. It is widely used for security-sensitive communications on the World Wide Web, such as transaction payments.
HTTPS protocol is a network protocol built by HTTP plus TLS/SSL protocol that can perform encrypted transmission and identity authentication. It mainly completes Internet data transmission encryption through digital certificates, encryption algorithms, asymmetric keys and other technologies. Realize Internet transmission security protection. There are three main design goals.
(1) Data confidentiality: Ensure that the data content will not be viewed by a third party during the transmission process. Just like a courier delivering a package, it is sealed so that others cannot know what is inside.
(2) Data integrity: Timely detection of transmission content that has been tampered with by a third party. Just like a courier who doesn't know what's in a package, but he may drop it midway, data integrity means that if a package is dropped, we can easily find it and reject it.
(3) Identity verification security: Ensure that the data reaches the destination expected by the user. Just like when we mail a package, although it is a package that has not been dropped, we must make sure that the package will not be sent to the wrong place, and ensure that it is sent to the right place through identity verification.
For more related knowledge, please visit theFAQcolumn!
The above is the detailed content of What protocol does the web use for information transmission?. For more information, please follow other related articles on the PHP Chinese website!