You are previewing HTTP Developer’s Handbook.
O'Reilly logo
HTTP Developer’s Handbook

Book Description

HTTP is the protocol that powers the Web. As Web applications become more sophisticated, and as emerging technologies continue to rely heavily on HTTP, understanding this protocol is becoming more and more essential for professional Web developers. By learning HTTP protocol, Web developers gain a deeper understanding of the Web's architecture and can create even better Web applications that are more reliable, faster, and more secure.

The HTTP Developer's Handbook is written specifically for Web developers. It begins by introducing the protocol and explaining it in a straightforward manner. It then illustrates how to leverage this information to improve applications. Extensive information and examples are given covering a wide variety of issues, such as state and session management, caching, SSL, software architecture, and application security.

Table of Contents

  1. Copyright
  2. About the Author
  3. Acknowledgments
  4. We Want to Hear from You!
  5. Reader Services
  6. Introduction
  7. Introducing HTTP
    1. What Is HTTP?
      1. Brief History and Purpose of HTTP
      2. Summary
    2. The Internet and the World Wide Web
      1. The Internet
      2. The World Wide Web
      3. Networking Protocols
      4. Uniform Resource Identifiers
      5. Formatting Information with HTML
      6. Clients and Servers
      7. Summary
    3. HTTP Transactions
      1. Connections
      2. Summary
    4. Using HTTP
      1. Web Servers and Clients
      2. Debugging Web Applications
      3. Improving Performance
      4. Analyzing Security
      5. Summary
  8. HTTP Definition
    1. HTTP Requests
      1. Request Syntax
      2. Request Methods
      3. Request Headers
      4. Summary
    2. HTTP Responses
      1. Response Syntax
      2. Response Status Codes
      3. Response Headers
      4. Summary
    3. General Headers
      1. Cache-Control
      2. Connection
      3. Date
      4. Pragma
      5. Keep-Alive
      6. Trailer
      7. Transfer-Encoding
      8. Upgrade
      9. Via
      10. Warning
      11. Summary
    4. Entity Headers
      1. Allow
      2. Content-Encoding
      3. Content-Language
      4. Content-Length
      5. Content-Location
      6. Content-MD5
      7. Content-Range
      8. Content-Type
      9. Expires
      10. Last-Modified
      11. Summary
    5. Formatting Specifications
      1. Line Termination
      2. Header Formatting
      3. Date Formats
      4. URL Encoding
      5. Summary
    6. Media Types
      1. Media Type Format
      2. Media Type Categories
      3. Practical Implementations
      4. Content-Disposition
      5. Summary
  9. Maintaining State
    1. HTTP State Management with Cookies
      1. Authentication, Identification, and Client Data
      2. What Is Statelessness?
      3. Using Cookies to Associate Transactions
      4. Restricting Access with Cookie Attributes
      5. Privacy and Security Concerns with Cookies
      6. Summary
    2. Other Methods of State Management
      1. Utilizing Form Variables
      2. Using URL Variables
      3. Combinations
      4. Sample State-Management Mechanism
      5. Summary
    3. Maintaining Client Data
      1. Where Should Client Data Be Stored?
      2. Session-Only Data
      3. Persistent Data
      4. Sample Session Management Mechanism
      5. Summary
  10. Performance
    1. Leveraging HTTP to Enhance Performance
      1. Caching Overview
      2. Controlling Caching with HTTP
      3. Managing Connections
      4. Compression
      5. Range Requests
      6. Chunked Transfers
      7. Summary
    2. Introduction to Caching Protocols
      1. Internet Cache Protocol (ICP)
      2. Cache Digest Protocol
      3. Cache Array Resolution Protocol
      4. Web Cache Coordination Protocol
      5. Summary
    3. Load Distribution
      1. Transactional Versus Computational Load
      2. Distributing Transactional Load
      3. Distributing Computational Load
      4. Summary
  11. Security
    1. Authentication with HTTP
      1. Basic Authentication
      2. Digest Authentication
      3. Summary
    2. Secure Sockets Layer
      1. Symmetric Cryptography
      2. Asymmetric Cryptography
      3. Certificate Authorities
      4. Applying Cryptography to HTTP
      5. Virtual Hosting
      6. SSL Acceleration
      7. Summary
    3. Transport Layer Security
      1. Summary
    4. Secure HTTP
      1. Secure HTTP Requests
      2. Secure HTTP Responses
      3. Initiating a Secure HTTP Transaction
      4. Cryptographic Message Syntax
      5. Summary
    5. Intelligent Architecture
      1. Hardware Architecture
      2. Software Architecture
      3. Summary
    6. Programming Practices
      1. Never Trust Data from the Client
      2. Never Depend on Security Through Obscurity
      3. Only Grant Necessary Privileges
      4. Always Use the Simplest Solution
      5. Always Protect Sensitive Data
      6. Summary
    7. Common Attacks and Solutions
      1. Presentation Attacks
      2. Cross-Site Attacks
      3. Denial of Service
      4. Exposure
      5. Summary
  12. Evolution of HTTP
    1. Standards Organizations
      1. World Wide Web Consortium
      2. Internet Engineering Task Force
      3. Summary
    2. The Future of HTTP
      1. SOAP and Web Services
      2. WebDAV
      3. P3P
      4. Summary
  13. Index