Server-side.md (1973B)
1 +++ 2 title = 'Server-side' 3 +++ 4 # Server-side 5 - not all requests are for static content, need dynamic content through programmable server behaviour 6 - from a browser's perspective, it's just a URI 7 - how to deal with this? 8 - enter CGI: common gateway interface 9 - commonly agreed way to run scripts as response to HTTP requests 10 - program's output returned verbatim to client 11 - pros: very flexible 12 - cons: new process per request, inconvenient with DBs, mixes program logic & HTML 13 - alternatives: frameworks, other languages 14 - PHP, Java, Python, Ruby on Rails 15 - templates: stuff like Bottle, Flask, Handlebars… 16 - problems: concurrency, sessions/cookies, security… 17 - concurrency solution 18 - multiple threads (multithreading) 19 - master thread delegates requests 20 - sessions 21 - how do you identify users? cookies. 22 - first connection, user given ID in cookie 23 - subsequent requests contain info (ID), used by the server for e.g. shopping cart 24 - database connectivity 25 - all frameworks simplify DB interaction 26 - a server needs a LAMP (or MAMP, or WinAMP) 27 - OS with TCP/IP support (Linux) 28 - HTTP server implementation (Apache) 29 - Database for content (MySQL) 30 - Framework to make page from database (PHP) 31 - security issues 32 - some clients don't have access to servers: proxy 33 - some servers can't access clients: reverse proxy 34 - auth & encryption 35 - originally HTTP 1.0 Basic Access Auth (plaintext) 36 - now, HTTPS over secure layer (public key encryption, everything is encrypted) 37 - not as vulnerable to man-in-the-middle attacks 38 - site needs to send certificate, which is signed by a CA (certificate authority) 39 - cross-origin resource sharing (CORS) 40 - opt in using HTTP headers 41 - include origin, then server verifies if it's OK