17 August 2016

HTTP Protocol

Hypertext Transfer Protocol (HTTP) is the core communications protocol used to access the web. Originally developed for retrieving static text, it has been expanded to enable support for more complex applications (Stuttard & Pinto 2011, p.39).
HTTP functions as a request-response protocol between a client and a server, where the client sends a request to the server, and the server returns a response (w3Schools 2016). A HTTP message has both requests and responses. The request takes three items, the HTTP method, the request Uniform Resource Locator (URL) and the HTTP version being used (typically version 1.1).
It is important to understand the errors that can occur with a response, and what they mean in order to rectify the issue. Status messages: 100 series covers information about servers receiving requests, and of asking the server to switch protocols.
200 series covers successful requests, being the request is OK, has been fulfilled, and has been successfully processed.
300 series covers redirection, there can be link lists for the user to select a link, or a link to the page having moved permanently or temporarily.
400 series covers client error, which can be due to syntax error (typo), unauthorised or forbidden request, and the infamous 404 not found.
500 series covers server error, which can be internal, not implemented, unavailable or timed out. (w3Schools 2016)

HTTP methods GET and POST are extremely important as they can affect an applications security if overlooked (Stuttard & Pinot 2011, p.42).
The Get method is used to request data from specified resources. These Get requests remain in the browser history and can be bookmarked, so should not be used with sensitive data – passwords etc. The data is visible to all as it is displayed in the URL (w3Schools 2016).
The Post method is used to submit data to be processed to a specified resource. Post requests should be used when an action is being performed.
Post requests do not remain in the browser and cannot be bookmarked, so is a little safer than Get. No data in displayed in the URL. Data submitted via the Post method will be resubmitted if the user presses the ‘Back’ or ‘reload’ buttons on the browser, it is important to alert the user that the information will be resubmitted (w3Schools 2016).


References
Stuttard D & Pinto M, 2011, The Web Application Hacker’s Handbook, Wiley Publishing, Inc. Indianapolis, Indiana USA.

W3 Schools, 2016, accessed 15th August 2016
http://www.w3schools.com/tags/ref_httpmethods.asp

No comments:

Post a Comment