Download presentation
Presentation is loading. Please wait.
Published byElaine Gaskin Modified over 9 years ago
1
HTTP Cookies
2
CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP response message 2) cookie header line in HTTP request message 3) cookie file kept on user’s host, managed by user’s browser 4) back-end database at Web site Example: r Susan always access Internet always from PC r visits specific e- commerce site for first time r when initial HTTP requests arrives at site, site creates: unique ID entry in backend database for ID
3
CPSC 441 - Application Layer 3 Cookies: keeping “state” (cont.) client server usual http response msg cookie file one week later: usual http request msg cookie: 1678 cookie- specific action access ebay 8734 usual http request msg Amazon server creates ID 1678 for user create entry usual http response Set-cookie: 1678 ebay 8734 amazon 1678 usual http request msg cookie: 1678 cookie- spectific action access ebay 8734 amazon 1678 backend database
4
CPSC 441 - Application Layer 4 Cookies (continued) What cookies can bring: r authorization r shopping carts r recommendations r user session state (Web e-mail) Cookies and privacy: r cookies permit sites to learn a lot about you r you may supply name and e-mail to sites aside How to keep “state”: r protocol endpoints: maintain state at sender/receiver over multiple transactions r cookies: http messages carry state
5
The Telnet Protocol CPSC 441 - Application Layer 5
6
Telnet r Developed in 1969 (RFC 15), later extended in RFC 854 r A generic method for remotely accessing machines r Client-server paradigm, bi-directional communication r Connection oriented (TCP based) r Telnet service (telnetd) uses port 23 CPSC 441 - Application Layer 6
7
The Telnet protocol r Exchanges of 8 bit bytes r MSB 0 signifies next 7 bits is ASCII r MSB 1 used to indicate special protocol character CPSC 441 - Application Layer 7
8
Telnet Communication Model r Client process captures user input, sent over network to server r Server receives remote input, sends to operating system r Operating system response captured by server, sent over network to client r Client receives remote response, outputs to user r Every character is sent as a standalone packet! CPSC 441 - Application Layer 8
9
Telnet Security Problems r Telnet sends everything in plaintext r No authentication mechanism r Telnet server has many vulnerabilities and exploits r Telnet has since been superseded by the SSH protocol r Secure Shell (SSH) provides both Encryption authentication CPSC 441 - Application Layer 9
10
Telnet applications r Telnet is a generic TCP client. Sends user input directly to the TCP socket. Outputs anything received from the TCP socket. r Can be used to troubleshoot and “talk” directly to network “ASCII based” services r E.g. can be used to communicate with Web servers SMTP servers CPSC 441 - Application Layer 10
11
CPSC 441 - Application Layer 11 Trying out HTTP (client side) for yourself 1. Telnet to your favorite Web server: Opens TCP connection to port 80 (default HTTP server port) at cis.poly.edu. Anything typed in sent to port 80 at cis.poly.edu telnet cis.poly.edu 80 2. Type in a GET HTTP request: GET /~ross/ HTTP/1.1 Host: cis.poly.edu By typing this in (hit carriage return twice), you send this minimal (but complete) GET request to HTTP server 3. Look at response message sent by HTTP server!
12
CPSC 441 - Application Layer 12 Try SMTP interaction for yourself: telnet servername 25 r see 220 reply from server r enter HELO, MAIL FROM, RCPT TO, DATA, QUIT commands above lets you send email without using email client (reader)
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.