lectures.alex.balgavy.eu

Lecture notes from university.
git clone git://git.alex.balgavy.eu/lectures.alex.balgavy.eu.git
Log | Files | Refs | Submodules

Server-side.html (2584B)

      1 <?xml version="1.0" encoding="UTF-8"?>
      2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
      3 <html><head><link rel="stylesheet" type="text/css" href="sitewide.css"><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/><meta name="exporter-version" content="Evernote Mac 6.13.3 (455969)"/><meta name="created" content="2018-01-17 12:57:22 PM +0000"/><meta name="updated" content="2018-01-18 4:38:23 PM +0000"/><title>Server-side</title></head><body><ul><li>not all requests are for static content, need dynamic content through programmable server behaviour</li><ul><li>from a browser’s perspective, it’s just a URI</li><li>how to deal with this?</li></ul><li>enter CGI: common gateway interface</li><ul><li>commonly agreed way to run scripts as response to HTTP requests</li><li>program’s output returned verbatim to client</li><li>pros: very flexible</li><li>cons: new process per request, inconvenient with DBs, mixes program logic &amp; HTML</li></ul><li>alternatives: frameworks, other languages</li><ul><li>PHP, Java, Python, Ruby on Rails</li><li>templates: stuff like Bottle, Flask, Handlebars…</li></ul><li>problems: concurrency, sessions/cookies, security…</li><ul><li>concurrency solution</li><ul><li>multiple threads (multithreading)</li><li>master thread delegates requests</li></ul><li>sessions</li><ul><li>how do you identify users? cookies.</li><li>first connection, user given ID in cookie</li><li>subsequent requests contain info (ID), used by the server for e.g. shopping cart</li></ul><li>database connectivity</li><ul><li>all frameworks simplify DB interaction</li><li>a server needs a LAMP (or MAMP, or WinAMP)</li><ul><li>OS with TCP/IP support (Linux)</li><li>HTTP server implementation (Apache)</li><li>Database for content (MySQL)</li><li>Framework to make page from database (PHP)</li></ul></ul><li>security issues</li><ul><li>some clients don’t have access to servers: proxy</li><li>some servers can’t access clients: reverse proxy</li><li>auth &amp; encryption</li><ul><li>originally HTTP 1.0 Basic Access Auth (plaintext)</li><li>now, HTTPS over secure layer (public key encryption, everything is encrypted)</li><ul><li>not as vulnerable to man-in-the-middle attacks</li><li>site needs to send certificate, which is signed by a CA (certificate authority)</li></ul></ul><li>cross-origin resource sharing (CORS)</li><ul><li>opt in using HTTP headers</li><li>include origin, then server verifies if it’s OK</li></ul></ul></ul></ul><div><br/></div></body></html>