What is a client?
A machine that requests data or services from a server. In the case of the web, browsers are clients that request HTML pages from servers.
Can a single machine be both a client and a server?
Yes, a machine can be both a client and a server at the same time. For instance, a single machine could act as a server for end users and as a client for a database.
What is a server?
A server is a machine that provides data or services for a client.
What is the client-server model?
The client-server model is a paradigm where clients request data or services from servers, and servers provide data or services to clients. (Request response cycle)
What happens when you go to www.google.com?
We run through the system of Domain Name System (DNS)
Your browser looks in local cache to see if website was visited before and is IP address is known. If the IP address can’t be found, we go through the rest of the Domain Name System process
- Goes to resolving name server, if it doesn’t know IP address it’s looking for (algoexpert.io),
it will then look in the root name server. - Root name server knows how to locate IP addresses of all top level domain servers (.io) (.com) etc.
- Root name server tells the resolving name server where the top-level domain server is
- Resolving name server then asks the top level domain name server, which tells it where to look in the authoritative name server
- The authoritative name server returns the IP address to the resolving name server, which then finally returns it back to our computer
Break down this url:
https://www.algoexpert.io:443/frontend
https: scheme/protocol
www: subdomain
algoexpert: domain
.io: top-level domain
443: port
/frontend: path
What is an IP address?
A unique identifier for a computer on the internet
How to find an IP address for a computer on the internet?
We use the Domain Name System (DNS)
- converts domain name to IP addresses:
- Example: algoexpert.io => 35.202.194.70
- Always checks local cache before making a network request, so we don’t need to make repeated network requests for an IP address.
What is TCP?
TCP stands for Transmission Control Protocol. It is a way for the client and server to make sure they’re on the same page on how they’re going to send information from one computer to the other.
TCP is a connection-oriented protocol, which means that it requires a connection to be established between two devices before data can be sent.
What is HTTP?
- In simplified terms, HTTP is an agreement that is made between clients and servers regarding how they are going to format their messages so they can understand each other
- A protocol for transmitting “hypermedia” (complex files) on the web
- Stateless protocol
- One message at a time without memory of previous requests
Common Status Codes:
200, 201
200 : OK
201: Created
Common Status Codes:
301, 302
301: Moved Permanently
302: Found (Moved Temporarily)
Common Status Codes:
400, 401, 403, 404
400: Bad Request
401: Unauthorized
403: Forbidden
Common Status Codes:
500, 503
500: Internal Server Error
503: Service Unavailable
What is HTTPS?
- A more secure version of HTTP
- Issue of HTTP is that everything is sent with plain text
- Uses TLS (or SSL) to encrypt requests/responses
What is an API?
Allows computers to communicate with each other
What is REST?
- Representational State Transfer
- An architectural style
- Set of architectural constraints:
**Remember first two!!!
- Client-server model (independent of each other)
- Stateless (each request must contain all of the information necessary to be understood by the server, rather than be dependent on the server remembering prior requests)
- Cacheable (An endpoint should define whether or not it is cacheable)
- Layered System (client should not need to know which server it is connected to)
- Uniform interface
What is Same-Origin Policy?
A policy limiting the ability of a page from reading resources from different origins. Two resources are from the same origin only if they have the same protocol, host, and port.
What is Same-Origin Policy?
A policy limiting the ability of a page from reading resources from different origins. Two resources are from the same origin only if they have the same protocol, host, and port.
What is an XSS attack?
XSS stands for cross-site scripting attack. It is An attack where an attacker is able to run code on a vulnerable site, thus circumventing the same-origin policy.
E.g: Attackers inject javascript code into UI
What is a CSRF attack?
CSRF stands for cross-site request forgery attack. An attack sends a request to a server and is able to convince the server its client sent it.
How to prevent a CSRF attack?
Utilizing a CSRF token, which is a unique token given to the client that a forged request would not be able to replicate.
What is CORS?
CORS stands for cross-origin resource sharing. A server can allow cross-origin requests by including the access-control-allow-origin header.
How to prevent an XSS attack?
- Always use textContent/innerText when adding dynamic text (avoid innerHTML)
- Sanitize/escaping user input *** (important!!!!)
- Add HTTP only flag to sensitive cookies
