chapter: the application layer - wordpress.com · • proxy: the local dns servers ack like a proxy...

Chapter: The Application Layer

By: Dr. Bhargavi Goswami, CHRIST, Bengaluru. Sub: CN, Email: [email protected]

The application layer: Introduction • A layer interacting with the user • Applications run at application layer • Use TCP or UDP to get their job done • SOCKET API is used for interaction • Varieties of applications to deal with • Users expect similar behavior for Internet based applications like browsers

Topics: 1. DNS 2. EMAIL 3. HTTP 4. FTP

Q. DNS (Domain Name Service):

essence of DNS: Invention of a hierarchical, domain-based naming scheme and a distributed database system for implementing this naming scheme.

It is primarily used for mapping host names and e-mail destinations to IP addresses but can also be used for other purposes.

DNS is defined in RFCs 1034 and 1035. For mapping library procedure called resolver is called. Eg: gethostbyname. Procedure: The resolver sends a UDP packet to a local DNS server, which then looks up the name and

returns the IP address to the resolver, which then returns it to the caller. Armed with the IP address, the program can then establish a TCP connection with the destination or send it

UDP packets. DNS entries in DNS tables are purged after every one or two days.



Q. Domain namespace requirements: • Efficient • Continue working despite break downs • Should not introduce additional overheads • Information available from the nearby servers • Contain a few additional information • A single server can manage multiple networks. • It should be secure enough (not provided) • Non-case-sensitive: It doesn’t differentiate between upper and lower case letters.

Q. DNS Poisoning: • When a system is poisoned with incorrect information, users who faithfully type a specified company’s URL

are switched to some other(hacker’s) place. • This is known as DNS Poisoning. • Solution, DNS namespace or domain namespace.

Q. Labels and domains:

A label is a string which cannot exceed 63 characters.

The domain name is collection of such labels separated by dots.

Domain name either represents a bunch of computers or a single computer.

The root is a null label and all other labels are non-null. Q. Fully Qualified v/s Partially Qualified Name:

• FQDM: Fully qualified domain name for abcict is “abcict.org.”(with • The last dot is not accident; it represents an empty string coming next to org. • This empty string (null label) represents the root servers which are, for some obscure reason, kept

anonymous. • PQDM: A partially qualified domain name like abcict.org (without last dot) or abcict can also be used if

context is clear. • Resolver contains logic to convert partially qualified names to fully qualified names.

Q. Advantages of Hierarchy: • Even TLD(Top Level Domains) have a few domains and sub domains under it. • Reasons of Hierarchy:

1. Improve search time 2. Avoid congestion by distributing queries over distributed servers instead of firing queries to central

server. 3. Hierarchy helps better organization. Root Servers store only DNS Server Names, which is forwarded

to 13 internet servers. 4. Hierarchy also helps in efficient resolution of domain names. When most of queries are answered by

local machines, servers are not heavily loaded. 5. DNS database is comparatively static. Information can be cached by resolvers. Thus, efficient DNS

access.



6. Helps clear cut controlling of infrastructure. Owners of domain, grant subdomains and further grant subdomains under them.

7. Showcases flexibility in assignment. Eg. ABC has ica (institute of computer applications), ict(technology), ibm (institute of business management), etc under it as subdomains.

8. Partitioning mechanism is both, administratively efficient to add or delete a subdomain and technically efficient for mapping names to numbers.

• Space constraint • Processing time constraint • Congestion near the server • Organized form of information • Efficient resolution of domain names • A comparatively static database is better to be organized this way • Clear cut controlling infrastructure • Delegation of authority is clearly defined • Autonomous control

Domains and hierarchy: lower level domains are part of higher level domains



Q. Domain names:

• Partially and fully qualified names • Resolver • Resolution process

Q. Distributed database: • Most of the queries in DNS are resolved within the local server’s scope • It reduces the network traffic • No single point of failure • Easy maintenance • Can be easily managed

Q.DNS terms:



• Resolution: Searching IP address for a given domain is most important and most frequent operation of DNS. This is called resolution.

• Authoritative Servers: Servers are known as authoritative servers when they have the authority over names of specified domains. Records coming from authoritative servers are always correct. Cached records may not stale and thus incorrect sometimes.

• Proxy: the local DNS servers ack like a proxy to the machine that is looking for the IP address. • Iterative Name Resolution: Local machine queries local DNS server which pushes it to different servers

starting from root server to abcict server and returns back to local machine in the end. Large search time. Long run to get details.

• Recursive Name Resolution: Local machines queries local DNS servers, which passes to different servers starting from root server to abcict server and returns back to local machine at the end. Small search time. Get answers without asking any other server.

Iterative Name Resolution:

Recursive name resolution



Q. Zones: • Area of domain namespace that is managed by single server known as zone. • Single zone can have multiple domains and visa versa. • Zones are non-overlapping, so no area of hierarchy is managed by multiple servers. • Each zone is responsible for each its area. • Risk : If server goes down, entire zone suffers. • Solution? IETF mandatorily imposed that primary server must have another backup server that can be switch

over in case of failure. • Both servers (primary & backup) should not draw power from same power source. • For more security, secondary servers are also duplicated or backup servers are kept out of zone. • Backup servers gets synchronized updated by answering queries of overloaded primary servers also. • Main servers perform addition and removal of domain names which is never done by backup servers.

Q.The Registration Process:

• Its imp that companies select any domain name. • This is taken care by ICANN (Internet Corporation of Assigned Names and Number) that each one gets

unique domain name. • The job of registrar is shown in figure above. • Organization interested to work as registrar must get accreditation from ICANN. • Registrars usually charge some fees. • Eg. To join under “in” domain, he has to choose from 70 registrars available. • Registrars provide 2 services:

– Insert primary and secondary server’s IPaddress in TLD for specified domain. – Adds mail id with domain.



• Steps for registering a domain:

1. Get unique domain name (user’s desire) 2. Pay a little registration fees 3. Register domain name, web server & mail server. 4. Get primary and backup servers. Mostly ISP provide their server’s on rent. 5. Web & Mail servers also need to be installed and running for registration. 6. Additionally, ISP provide service of registering your domain in search engines.

• Special registrars are appointed for government and education domain registrations. 1. Eg. NIC (National Information Center) for govn org. 2. ERNET (Education and research network) for education i.e ac.in or edu.in

Q. Name Servers:

Name servers answer ‘DNS’ questions. Several types of name servers:

Authoritative servers: Give authoritative answers for one or more zones. Are always correct. master (primary): server normally loads the data from a zone file. slave (secondary): normally replicates the data from the master via a zone transfer.

(Caching) recursive servers: do the actual lookups; they ask questions to the DNS on behalf of the clients.

Answers are obtained from authoritative servers but the answers forwarded to the clients are marked as not authoritative.

Stored in memory (cache) temporarily. Also caching forwarders: Answers are stored for future reference in the cache.

Mixture of functionality: Resolvers ask the questions to the DNS system on behalf of the application. Normally implemented in a system library (e.g, libc)

gethostbyname(char *name); gethostbyaddr(char *addr, int len, type);

When queries are not satisfied locally, query fails but it return next server address. This reduces response time and gives o/p that server is down, needs more time to resolve the query.

3 Types 1. Root Servers 2. TLD, Top Level Domain servers 3. Authoritative Servers • Makes system more reliable, efficient, robust. • If clusters, floods of queries can be handled parallel. • At times ISP does the job by renting servers. • See next fig.



Domain Name servers, root, TLD and Local servers:

Q. Resource Records:

• DNS database is stored as resource records. • Stores >> IPaddress, Mail Server Names, relevant information in zone file. • Contains five different fields.

– Domain – Time to live – Class – Type – Value

• Files that hold all such records is known as zone file. • Primary servers create and destroy Resource Records. • Questions asked by DNS are answered by resource record. • Next table is Type of Resource Record • Next to Next figure is Zone File

Type Meaning Value

A IPv4 address 32-bit value

AAAA IPv6 address 128-bit value

CNAME Canonical Name Alias name for host

PTR Pointer IP address (IPv4 or IPv6)

NS Name Server Name server(s)

SOA Start of Authority Zone name etc

MX Mail Exchanger mail server/exchanger

HINFO Host Info Optional information

SPF Sender Policy Framework Identify mail servers

TXT Text Text information

DNSKEY DNS Key Public key of domain

RRSIG R R Signature Resource Record Signature



Zone File:

Domain Time-to-live Class Type Value

207.118.130.194 / 24 172800 IN PTR abcict.org.

ftp.abcict.org. 172800 IN CNAME Vishwanath.abcict.org.

abcict.org. 172800 IN NS ns2.webmastersindia.com.


abcict.org. 172800 IN A 207.118.130.194

abcict.org. 172800 IN MX (10) mail.abcict.org.

172800 IN MX (20) Vishwanath.abcict.org

172800 IN MX (30) Ponting.abcict.org

mail.abcict.org. 172800 IN A 207.118.130.194

www.abcict.org. 172800 IN CNAME Ponting.abcict.org

www.abcict.org. 172800 IN CNAME abcict.org.

Ponting.abcict.org. 172800 IN A 208.118.130.194

Ponting.abcict.org. 172800 IN HINFO HP laptop with RHEL 9

Vishwanath.abcict.org. 172800 IN A 209.118.130.194

172800 IN HINFO HP I3

laser.abcict.org 172800 IN A 210.118.130.194

172800 IN HINFO The laser printer

DNS Records for big websites:

DNS records for a big website with multiple servers

Domain Time to live Class Type Value

www.TheBigWebsite.com 172800 IN A 1.2.3.4





Name Servers:

Name servers



https://www.glsict.org:8443/plesk/client@5/domain@70/dns/resource-record@965/properties/?previous_page=dns











Load Balancing using Distributed Strategy instead of Central Control:

Load balancing in name servers

Domain Time to live Class Type Value

oracle.com. 172800 IN NS u-ns2.oracle.com.


oracle.com. 172800 IN NS u-ns4.oracle.com

oracle.com. 172800 IN NS u-ns5.oracle.com


oracle.com. 172800 IN NS ns1.oracle.com.

oracle.com. 172800 IN NS ns4.oracle.com.

oracle.com. 172800 IN NS Ns1.oracle.com.

The principal DNS resource records types for IPv4:

SOA: provides information about the name server's zone,

the e-mail address of its administrator, a unique serial number, and various flags and timeouts.

A (Address) record: It holds a 32-bit IP address. IPv4 or IPv6 (A6: IPv6 address). NS: Value contains name for host that knows how to resolve the name. CNAME: Value is a canonical name for host, used to define aliases. HINFO: Host information, OS, Configuration of host. MX: Value gives the domain name for a host running a mail server and ready to accept mails. PTR: Pointer to domain name (reverse DNS). Primary DNS data type. Bind name with IP. TXT: Free Text. allows domains to identify themselves in arbitrary ways.

Resource records with blank names

abcict.org. 172800 IN MX (10) mail.abcict.org.

172800 IN MX (20) Vishwanath.abcict.org




Partially qualified domain names

www 172800 IN CNAME Ponting ;canonical name is Ponting.abcict.org

ftp 172800 IN CNAME Vishwanath ;canonical name is Vishwanath.abcict.org

ftp.abcict 172800 IN CNAME Vishwanath.abcict.org ;exactly as above

DNS query and resource record in response:

Q. EMAIL:

• Senders and receivers are flexible to send and receive mails on their accordance. • Synchronization:

– Spooling manage synchronization. • Sending Process:

– When user sends mail, stored in mail servers buffers, called SPOOL. – Mail contains information about sender, receiver, time of sent, files attached, etc. – This process is done in background. – Background process establish TCP connection and then transfer data from SPOOL as shown in figure. – The mail client (SMTP client) picks up unsent mail from mail spoofing area (outbox) and tries to

deliver it by establishing TCP connection to other end. – Receiving Process: – When ISP’s web mail service provider’s server receives mail, it stores mail in specific mailbox. – When user logs in, server delivers its content to user as shown in figure.

ftp://ftp.abcict/



Q. The email system components: • User Agent: it is what users interact with to send and receive mails. • Message Transfer Agent: which navigates mails to their intended recipient. Establish TCP connection using

SMTP. • Mail: envelop having data to be sent with details of communication parties and time. Have text, html page,

audio clip, video clip, etc and no limit of verities of file formats. • SMTP has standard mechanism to handle mails defined in RFC=2821. • See figure. • Mailing Procedure:

– Sender’s user agent accepts mail from user and passes it on message transfer agent. – Message Transfer Agent establishes TCP connection to message transfer agent of receiver and sends

the mail across. – At the end, Message Transfer Agent delivers mail at the recipient’s mailbox.

• Lara & Gayle’s Example is shown in the figure. Q. The complete mailing process:

Example: Lara & Gayle’s Communication Steps:

1. Lara invokes user agent, construct mail and click “send”. 2. User agent send mail to local mail server on ISP / SMTP mail server. 3. Mail server now gets connected to OBS.com using TCP connection. 4. OBS.com receives and stores it in buffer until Gayle is online. 5. Once, Gayle is online, OBS.com transfer’s mail to Gayle’s user agent.. 6. OBC.com invokes user agent so that Gayle can open mail.



Q. Mailboxes, Mail Aliases and Alias Expansion: • Mailbox: Mails are stored in mailbox. • Alias : Recipient who gets the mail, specified by sender is known as Alias. • Alias Expansion: A single mail address sometimes is converted to a list and visa versa. Eg. Sending group

mails or Forwarding. • Eg. [email protected], before @ is mailbox and after @ is domain. • See figure • Sometimes two or more mail id’s are synchronized to single mail. How it is handled is shown in 2nd figure. • Mail sent to a group can also make it reach them all individually, service of group provided by yahoo and

gmail. • This is handled by webmail service provide, eg. Gmail, yahoo, etc. • See 3rd figure.

Alias expansion while sending:

Alias expansion while receiving:

mailto:[email protected]



Alias expansion in web mail:

Q. User Agent:

• Lets the users interact with mail system. • Most users are GUI. • Types of User Agent:

– Based on API called Mail API (MAPI), used by languages like VB and Java. – Plain vanilla text, used with UNIX, mobile phones.

• With user agents, user can: – Compose mail – Read subject lines of incoming mails – Read content – Reply to message – Forward a message – Additional support of vocational response, signature text, normal and blind copies, etc. – Manage mail addresses in address book. – Perform spell check – Search mail – Create different folders and add filters – Run anti spamming filter that automatically diverts potential spam to special folders.

Q. Internet Mail Standard for Mail Content : RFC 2822: • All internet standards are uniquely identified by RFC : Recommended for Comments. • Previous standard was 822 and updated one is 2822. • Has two parts same as envelops:

– Header – Body

• Very similar to HTTP protocol. • Some headers are compulsory where as some are not. Some headers are hidden(security reasons) where as

some are not. • The text is universally represented as ASCII format and UNICODE. • Both the figures explain difference between both the mail type (email and post mails).



conventional mail Example with the Email format

From: Lara Brian ABC ICT Ahmedabad To: Gayle Chris OBS

Content description Example of content Name of content

Sender’s and Receiver’s mail address

[email protected] [email protected]

Envelope

From: Lara Brian To: Gayle Chris

Sender’s and Receiver’s name

Prof. Lara Brian Gayle Chris

Header The message

Dear Gayle, Here is second book Regards Lara

The content of the message Dear Gayle, Here is second book Regards Lara

Body

Q. SMTP:



• SMTP (Simple Mail Transfer Protocol). • Procedure:

– E-mail is delivered by having the source machine establish a TCP connection to port 25 of the destination machine.

– Then calls for SMTP. – Then accepts incoming connections and copies messages from them into the appropriate mailboxes. – If a message cannot be delivered, an error report containing the first part of the undeliverable

message is returned to the sender. • SMTP is a simple ASCII protocol. • Especially used for chatting.

– Waits for the receiving machine, operating as the server, to talk first. – The server starts by sending a line of text giving its identity and telling whether it is prepared to

receive mail. – If it is not, the client releases the connection and tries again later. – If the server is willing to accept e-mail, the client announces whom the e-mail is coming from and

whom it is going to. – If such a recipient exists at the destination, the server gives the client the go-ahead to send the

message. – Then the client sends the message and the server acknowledges it. – No checksums are needed because TCP provides a reliable byte stream. – When all the e-mail has been exchanged in both directions, the connection is released. – The first command from the client is indeed HELO. – the message is sent to only one recipient, so only one RCPT command is used. – Using ASCII text makes the protocols easy to test and debug.

Example: Client Server Communication SMTP: S: 220 OBS.com SMTP server ready C: HELO abcict.orgS: 250 Hello OBS.com, I am glad to meet you C: MAIL FROM:[email protected] S: 250 OkC: RCPT TO:[email protected] S: 250 OkC: RCPT TO:[email protected] S: 250 Ok C: RCPT TO:[email protected] S: 550 No such user hereC: DATA S: 354 End data with <CR><LF>.<CR><LF> C: From: "LARA Brian" < [email protected] > C: To: “Gayle Chris” [email protected] C: Cc: [email protected] C: Subject: The Second Book C: Hello Gayle. C: I will soon send you the second Book. C: regards C: Lara C: . S: 250 Ok: C: QUIT S: 221 Bye {The server closes the connection} Disadvantages of SMTP:

1. One problem relates to message length. Some older implementations cannot handle messages exceeding 64 KB.









2. Another problem relates to timeouts. If the client and server have different timeouts, one of them may give up while the other is still busy, unexpectedly terminating the connection.

3. Infinite mail-storms can be triggered. For example, if host 1 holds mailing list A and host 2 holds mailing list B, generate a never-ending amount of e-mail traffic unless somebody checks for it.

Solution? Extended SMTP (ESMTP) has been defined in RFC 2821. Clients wanting to use it should send an EHLO message instead of HELO initially. Q. Internet Mail Types: (IMT):

• IMT is used by MIME. Y? – SMTP used 7bit characters to transfer only text. – But users required to send images, audio, video, executable files, zip files, etc. – Problem? Yes / No? – Solution? IMT.

• Procedure? – Files that are not text, can be represented by binary values. – On both ends, data interpretation is done based on different applications specified in header. – Header specify which type the file is. – Eg. Binary file given to MS-Word is different from WinZip or Gzip.

• Thus, once MIME is applied, mail supports all file types transmission on mail. • It’s a two part identifier for file formats on internet. • Two parts:

– Type – Sub type

• Originally defined for SMTP but used with HTTP, RTP(Real Time Protocol), SIP(Session Initiation Protocol), etc. used with VoIP for using internet as telephone.

Example of Internet Media Types : From: [email protected] To: [email protected] Date: Thu, 29 APR 2010 16:02:43 -0500 MIME-Version: 1.0 Content-Type: image/jpeg Content-Transfer-Encoding: base64 < a blank line> ………..binary data for the image in text form……… Type and meaning:

Content Type Meaning

text Text information, i.e. a notepad file.

image A photograph or graphics

audio Recorded sound.

video Recorded video.

application A binary file like a Word doc.

multipart Message divided in multiple parts, each with different type of data

message A forwarded email or a reference link

X–…. Non-standard header.




Q. POP3 and IMAP: Overview:

• Delete mail is default in POP3 • IMAP can have multiple mailboxes • IMAP allows partial mail download • IMAP allows access by features and content • IMAP allows message status to be informed • IMAP is more complicated • Webmails provide everything that IMAP provides

POP3:

• One needs to run mail client on his desktop. POP3 and IMAP mail clients are used for this purpose. • User need two protocols to enable mailing:

– SMTP client is required to send mails to SMTP servers. – POP3 or IMAP is required to receive mails.

• POP3 (Post Office Protocol Version 3), is described in RFC 1939. • POP3 begins when the user starts the mail reader. • The mail reader calls up the ISP (unless there is already a connection) and establishes a TCP connection with

the message transfer agent at port 110. • Once the connection has been established, the POP3 protocol goes through three states in sequence:

– Login/Authorization: authorization state deals with having the user log in. – Mail Transfer To Receiver and Sender: transaction state deals with the user collecting the e-mails

and marking them for deletion from the mailbox. – Update: update state actually causes the e-mails to be deleted.

• Dis-advantage: By defualt, POP3 server deletes all mails that are copied to desktop to reduce storage requirement of servers.

• So, they when user reads mails at Ahmedabad, cannot read it once in Delhi. IMAP:

• Disadvantage of POP3: it normally downloads all stored messages at each contact, the result is that the user's e-mail quickly gets spread over multiple machines.

• This disadvantage gave rise to an alternative final delivery protocol, IMAP (Internet Message Access Protocol), which is defined in RFC 2060.

• IMAP provides mechanisms for creating, destroying, and manipulating multiple mailboxes on the server. • IMAP assumes that all the e-mail will remain on the server indefinitely in multiple mailboxes. • Useful when using a slow modem (or mobiles) to read the text part of a multipart message with large audio

and video attachments and reading only subject. • The comparison is given in the next figure.

POP3/IMAP:



Q. Webmail: • Desktop email client is not required here. • Eg. Gmail, Yahoo, Hotmail. • One can access mails his mails using an computer which has Internet Connection. • Webmail is location independent. • Process:

– User types [email protected], recipients mail address. – Webmail tries to get MX record for abcict.org first. – Webmail queries DNS server search for abcict.org ‘s IP Address. – Once, IP Address obtained, SMTP client establishes TCP connection to server. – Then authentication is done. – Once authenticated, using POP3 or IMAP server, mails are transferred to user agents.

• The difference lies here. • Webmails reformats plain text into html pages before sending them to users.

Q. What is HTTP?

Browser is a client program and Web server is a server program.

Both of them talk to each other using HTTP (Hyper Text Transfer Protocol).

Browsers are sometimes regarded as HTTP clients and Web Servers are regarded as HTTP servers.

Download consist of many items like text, images, audio clips, video, etc.

Web pages can be of two types. Static Page and Dynamic Page.

To develop dynamic webpage, quite a few alternate techniques are used. One of them is CGI – Common Gateway Interface.

PHP, ASP.net, Java that can construct dynamic web pages.

Web pages are always addressed by its uniform resource locator (URL).

Eg. http://www.oup.co.in/schools/index.php

Here, http:// indicates that it uses HTTP protocol.

www.oup.co.in indicates web server of oxford university press and is Indian website so co.in


http://www.oup.co.in/schools/index.php

http://www.oup.co.in/



/schools/index.php indicates that storage location is in some different directory called schools, also called virtual directory location.

Eg.

Q. Write a note one HTTP Request and HTTP Response. Also list down all the methods for it.

HTTP Request:

GET http://www.oup.co.in/category.php?cat_id=43 HTTP/1.1 Host: www.oup.co.in User-Agent: Mozilla/5.0; Accept: text/html,application/xhtml+xml, application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Cookie: PHPSESSID=c3a1082780a2c6621126fa3bd8ad11f1

HTTP Response:

HTTP/1.0 200 OK Date: Mon, 19 Apr 2010 10:50:00 GMT Server: Apache/1.3.27 (Unix) PHP/4.2.3 mod_ssl/2.8.12 OpenSSL/0.9.7g X-Powered-By: PHP/4.2.3 Expires: Thu, 19 Nov 2010 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Type: text/html Connection: close

The structure of request and response:



Components of request and response:

Complete request structure:

Complete response structure:



Method Function

GET Retrieve a page from the server. A few simple inputs can be provided. Body is always empty.

POST Provide information to the server. Nonempty body part contains the information.

HEADER Same as GET except the body of the page is not retrieved.

PUT Place the data at the user- specified URL.

DELETE Remove an object from the web server.

CONNECT Helps converting an HTTP request into HTTPS.

Q. What is the persistent connection? How does pipelining helps? Also explain Cookies.

The persistent connection:

Servers can be of two types, stateful and stateless.

Stateful servers keep a track on their clients state and respond to their queries accordingly.

On the other hand, if server is stateless, client must explicitly specify the record it wants because the server forgets everything about the client once a query is over.

Stateful servers provide additional facility to clients in comparison of stateless servers.

Often , multiple requests are sent and responses are sought from a single TCP connection and so, no additional task of establishing TCP connection every time getting connected to the server.

When the connection does not need to be established afresh, the response time improves.

Pipelining:

Pipelining is stacking multiple request and sending them together when a page consist of multiple objects like HTML files, images, audio chips, etc.

Most of modern browsers provide this facility.

It improves the performance of an HTTP 1.1 client connection.



Cookies:

Browsers store relevant data of previous connections as cookies to facilitate quick access when the user tries to establish the same connection again.

Cookies are alphanumeric values stored at client by browser.

The information is stored in database at the server side and indexed by the unique number.

This number is passed back to the client in form of a cookie as a header Set-Cookie: with a value.

Eg. Set-Cookie: SachinID = c3a1082

This helps Sachine next time he gets online on the same website.

Sachine do not have to give his details everytime he gets online on the same website.

But only dis-advantage is that this information can be used by hackers and that my result we compromise with our security.

Q. What is session variable? Also explain conditional download.

Session Variable:

Session variables are quite similar to cookies, but their lifetime is restricted to a single instance of a program.

ASP.NET, JSP and PHP uses session variables.

Some session variables have a scope of lifetime of server and some have lifetime of client login duration.

Administrator of website can see few links which others can’t see. How?

Using session variables. o if (username == “ ”),

o //no username provided

o Jump to login page

o else if (user name != administrator)

o Display “this page is restricted” message

Session variables are also useful in keeping shopping list for a shopping cart applications.



It is used to prepare final list and billing.

Both session and cookies improve users’ convenience but they bring potential security problems as well.

Thus, overuse of both must be avoided.

Conditional Download:

Suppose a user visits the website of Sunshine to download a page to find our details about regular faculties of

Sunshine.

If the browser has asked for the same page sometime back and it is already there in cache, then HTTP can

compare two versions and download only if necessary , not otherwise.

A special entry called conditional header is provided in the request to enable such behavior.

If server has not modified that file, it doesn’t send the data.

And msg comes from server with empty body.

Conditional download: request

GET http://www.glsict.org/mcaregular.htm HTTP/1.1 Host: www.glsict.org If-modified-since: Thu, 29 Mar 2010 4:35:10 GMT

Conditional download: Two responses

Response-1 HTTP/1.1 304 Not Modified

Response-2 HTTP/1.1 200 OK Date: Mon, 19 Apr 2010 10:50:00 GMT Server: Apache Last-Modified: 15 Apr 2010 3:34:05 GMT



Q. Explain Proxies as Intermediaries.

The protocol can specify one or more intermediaries that can access the pages on user’s behalf.

These intermediaries are known as proxies.

Proxy can catch page.

If same user or some other user asks for that page, it can be produced from cache.

Technically, when proxies are used, two TCP connections operate in parallel; first between client and proxy and

second between proxy and web server.



Has following advantages:

o Reduce load on web servers

o Reduced response time

o Traffic monitoring can be implemented and few websites can be blocked.

o Extending Internet access to others with few ISP authenticated IPs.

o Max-forwards header: HTTP can control number of proxies that one can have in intermediate path by

using a header is called Max Forwards.

o Proxies save 20% of bandwidth utilization.

o Multiple browsers can use cached information at proxies’ gives independence of browser.

o Also can be used to provide access control.

Q. Explain Dynamic Web:

Server Side Dynamism:

Live cricket scores, stock exchange information, list of books available at a specific store, etc are kind of

information which cannot be configured beforehand and carved into web pages.

See next figure explains dynamic page delivery process.

Web page that is constructed on fly is called a dynamic web page.



Client Side Dynamism:

Users during online form filling forget to enter data to mandatory field.

Validations are needed for forms before the form is submitted to server with the aim to save bandwidth.

Can be implemented by VB scripts, CSS (Cross Site Scripting), Java and Active X controls.

Q. What Is FTP - File Transfer Protocol? FTP stands for File Transfer Protocol, which is a network protocol used to transfer data from one computer to another through a network. FTP is the simplest and secure way to transfer files. The most common use for FTP is to download files from the Internet to a local computer, or upload files from a local compter to a remote server. One may ask a question: we already have email for sending and receiving information, attaching files, why we need FTP? Well, if you just have a few files with small size (less than 1MB), using email is a convenient way to exchange files. But if you have dozens or even hundreds of files, in hundreds of MBs, you will need FTP to transfer the files through the Internet. Command Line FTP Login to your FTP account Open your Command Line utility. If you are using Windows, mouse point to: Start > All Programs > Accessories > Command Prompt. A window with black background will pop up. Now you need to log into your FTP account, type the following at the prompt: ftp ftp.princeton.edu



You will be prompted to enter your user name, case specific and then hit enter. Do the same for the password, case sensitive, and hit enter. When you see the ftp> you are logged into your FTP account. Eg. Microsoft(R) Windows NT(TM) (C) Copyright 1985-2001 Microsoft Corp. C:\>ftp ftp.princeton.edu Connected to ftp.princeton.edu. 220-Serv-U FTP-Server v2.4a for WinSock ready... User (ftp.princeton.edu:(none)): your user name 331 User name okay, need password. Password:****** 230 User logged in, proceed. ftp> Depending on the server settings, the message on the screen could be vary for different sites. FTP Commands - Viewing Files and Directories To view all the contents of your current directory you can type: ls or: dir and the contents of that directory will be displayed. You can move in and out of folders with the following commands: to move into a folder: cd foldername and to move up one directory/folder: cd .. For example: User (ftp.xxxxxx.com:(none)): your user name 331 User name okay, need password. Password:Enter password here 230 User logged in, proceed. ftp> ls 200 PORT Command successful. 150 Opening ASCII mode data connection for /bin/ls. cgi-bin default.htm meta.txt



226 Transfer complete. 43 bytes received in 0.02 seconds (2.15 Kbytes/sec) ftp> ftp> cd temp 250 Directory changed to /temp ftp> cd .. 250 Directory changed to / ftp> mkdir temp2 257 "/temp2" directory created. ftp> FTP Commands - Transfer and Rename Files Here are some examples of how to transfer and rename files using basic FTP or Command Prompt. Most Command Prompt will automatically be set in ascii format for transfers. Ascii format is used to transfer text files, this would include all text files and all htm/html files. If you are sending or receiving images or other files types you will need to set your transfer mode to binary. Binary transfer mode is for all other file types, GIFs JPGs, BMPs, .doc etc. Type bin to set the transfer mode to binary. Type asc to change back to ascii transfers. NOTE: The default transfer mode in FTP is ASCII Text. You must set the transfer mode to binary if the file is anything other than a standard ASCII text file (i.e. .gif or .jpg files) Password: 230 User logged in, proceed. ftp> bin 200 Type set to I. ftp> To rename a file that already exists in your FTP directory. In this case the file temp2 is being renamed to temp22. ftp> rename temp2 temp22 350 File exists, ready for destination name 250 RNTO command successful. ftp> You can delete file using command delete. To UPLOAD a file, type put C:\my-www\default2.htm, (Location of your file on your computer) and hit enter. This will transfer your file default2.htm from your computer: c:\my-www folder and place it in your root directory. ftp> put default2.htm 200 PORT Command successful. 150 Opening ASCII mode data connection for default2.htm. 226 Transfer complete. 2261 bytes sent in 0.00 seconds (2261000.00 Kbytes/sec) ftp> To DOWNLOAD a file, type get C:\my-www\default2.htm and hit enter. This will transfer your file default2.htm from your root directory to your computer: c:\my-www folder. ftp> get default2.htm 200 PORT Command successful.



550 Permission denied. ftp> When the transfer is complete type quit at the ftp> prompt. Other Commands Once you get to the ftp> prompt you can type help to see a list of commands available. ftp> help (list all of your commands) Commands may be abbreviated. Commands are: ! delete literal prompt send ? debug ls put status append dir mdelete pwd trace ascii disconnect mdir quit type bell get mget quote user binary glob mkdir recv verbose bye hash mls remotehelp cd help mput rename close lcd open rmdir ftp> You can have files and folders in your root directory. You will be able to create folders in your account and store files in those folders, they will be accessible by linking to them from a file in your root directory. The following commands may be helpful: lcd - change local directory. mkdir - make directory. rmdir - remove directory. pwd - print the current working directory. mget mput - mget and mput allow you to move multiple files at once. You can also use an '*' for matching filenames. prompt: Also helpful in use with mput or mget - mput/mget will normally ask you if you want to put/get each file that you select on the command line. You can turn this functionality on or off with the prompt command. Using Web Browswer For FTP For example: Open browser Firefox, enter the following string in address bar: ftp://ftp.princeton.edu/ hit return, then you can see something like: Index of ftp://ftp.princeton.edu/ Up to higher level directory Directory: psr 6/22/2006 12:00:00 AM Directory: pub 6/10/2008 8:17:00 PM Directory: redhat 3/22/2006 12:00:00 AM Please note, not every FTP site allows anonymous access. Usually, you will need a username and password to login.

chapter: the application layer - wordpress.com · • proxy: the local dns servers ack like a proxy...

Documents