Attach a copy of dry goods! A 700 + page backend interview notes covering common backend development topics.

Link: pan.baidu.com/s/1dsDmlcay…

Extraction code: 0DAS

Computer network interview questions the second issue is coming, words do not say, first collect again see ~

Take a look at this issue’s table of contents:

1. What are the common HTTP status codes?

Common status codes:

  • 200: The server has successfully processed the request. Typically, this means that the server has provided the requested web page.
  • 301: (Permanent move) The requested page has been permanently moved to a new location. When the server returns this response (a response to a GET or HEAD request), it automatically forwards the requester to the new location.
  • 302 :(temporary move) the server is currently responding to requests from pages in different locations, but the requester should continue to use the original location for future requests.
  • 400: The client request has a syntax error and cannot be understood by the server.
  • 403: The server received the request but refused to provide service.
  • 404 :(not found) the server could not find the requested page.
  • 500: (server internal error) The server encountered an error and could not complete the request.

The beginning of the status code represents the type:

2. What is the difference between status code 301 and 302?

Common ground: Both 301 and 302 status codes represent redirects, meaning that the browser, upon receiving the status code returned by the server, automatically redirects to A new URL, which can be retrieved from the Location header of the response (the user sees the effect that the address he typed in A suddenly becomes another address B). Differences: 301 indicates that the resource at the old address A has been permanently removed (the resource is no longer accessible), and the search engine will swap the old url for the redirected url while fetching new content. 302 means that the resource at the old address A is still there (still accessible). This redirection is only A temporary jump from the old address A to address B. The search engine will grab the new content and save the old url. 302 is better than 301 in SEO.

Added, redirection reason:

  1. Website adjustments (e.g. changes to the directory structure);
  2. The page is moved to a new address;
  3. Web page extension changes (e.g. application needs to change.php to. Html or. SHTML).

3. What are the common HTTP request modes?

methods role
GET Access to resources
POST Transport entity body
PUT Upload a file
DELETE Delete the file
HEAD Similar to GET, only the header of the packet is returned, but the body of the packet is not returned
PATCH Modify some resources
OPTIONS Queries methods supported by the specified URL
CONNECT A tunnel protocol is required to connect the agent
TRACE The server returns the communication path to the client

To facilitate memory, PUT, DELETE, POST, and GET can be interpreted as adding, deleting, modifying, and querying data from the client to the server.

  • PUT: uploads files and adds data to the server
  • DELETE: deletes a file
  • POST: transmits data, submits data to the server, and updates the server data.
  • GET: obtains resources and queries server resources

4. What is the difference between A GET request and a POST request?

Differences in use:

  • GET uses a URL or Cookie to pass parameters, while POST puts data in the BODY “because of the convention of HTTP protocol usage.

  • The data submitted by GET is limited in length, while the data submitted by POST can be very large. “This is due to differences in operating system and browser Settings.

  • POST is safer than GET because the data is not visible in the address bar. “That’s true, but it’s still not the difference between GET and POST per se.

The essential difference

The main difference between GET and POST is that GET requests are idempotent, while POST requests are not. That’s the essential difference.

Idempotent means that one and multiple requests for a resource should have the same side effects. This simply means that multiple requests to the same URL should return the same result.

5. Explain HTTP long and short connections.

In HTTP/1.0, short connections were used by default. That is, each time the browser and server perform an HTTP operation, a connection is established, but the connection is broken at the end of the task. If an HTML or other type of Web page accessed by the client browser contains other Web resources, such as JavaScript files, image files, CSS files, etc. Each time the browser encounters one of these Web resources, it establishes an HTTP session.

However, from HTTP/1.1 onwards, long connections are used by default to preserve the connection feature. If HTTP is used for long connections, this line of code will be added to the response header: Connection:keep-alive

In the case of a long connection, when a web page is opened, the TCP connection between the client and the server for the transmission of HTTP data is not closed. If the client accesses the web page on the server again, it continues to use the established connection. Keep-alive does not hold a connection forever, it has a hold time that can be set in different server software such as Apache. To implement long connections, both the client and server support long connections.

HTTP long connection and short connection are essentially TCP long connection and short connection.

6. What are the formats of HTTP request packets and response packets?

Format of request message:

  1. Request line (request method +URI protocol + version)
  2. The request header
  3. A blank line
  4. Request body
GET/sample. JspHTTP / 1.1 request Accept: image/GIF image/jpeg, Accept-language: zh-CN Connection: keep-alive Host:localhost user-agent :Mozila/4.0(compatible; MSIE5.01; Window NT5.0) accept-encoding :gzip,deflate username=jinqiao&password=1234 Request bodyCopy the code

Response message:

  1. Status line (version + status code + reason phrase)
  2. In response to the first
  3. A blank line
  4. In response to the body
HTTP/1.1 200 OK
Server:Apache Tomcat/5.0.12
Date:Mon,6Oct2003 13:23:42 GMT
Content-Length:112

<html>
    <head>
        <title>HTTP Response Example<title>
    </head>
    <body>
        Hello HTTP!
    </body>
</html>
Copy the code

What is the difference between HTTP1.0 and HTTP1.1?

  • Long connection: HTTP 1.1 supports Persistent Connection and Pipelining processing, which can transmit multiple HTTP requests and responses over a SINGLE TCP Connection, reducing the cost and latency of establishing and closing connections. Connection: keep-alive is enabled by default in HTTP1.1, somewhat compensating for the fact that HTTP1.0 creates a Connection on every request.

  • Cache-handling: HTTP1.0 used if-Modified-since and Expires as the main criteria for caching. HTTP1.1 introduces more cache-control policies.

  • Bandwidth optimization and network connection usage: HTTP1.0, there are some waste of bandwidth, such as the client only needs a part of an object, and the server will send the whole object, and does not support resumable breakpoint function, HTTP1.1 in the request header introduced in the range header field, which allows only a part of the resource request. The return code is 206 (Partial Content), which makes it easy for developers to make the most of bandwidth and connections.

  • Error notification management: add 24 error status response codes in HTTP1.1. For example, 409 (Conflict) indicates that the requested resource conflicts with the current state of the resource. 410 (Gone) Indicates that a resource on the server is permanently deleted.

  • Host header handling: HTTP1.0 assumes that each server is bound to a unique IP address, so the URL in the request message does not pass the hostname. However, with the development of virtual hosting technology, there can be multiple virtual hosts (multi-homed Web Servers) on a physical server, and they share the same IP address. HTTP1.1 both Request and response messages should support the Host header field, and an error (400 Bad Request) will be reported if there is no Host header field in the Request message.

What is the difference between HTTP1.1 and HTTP2.0?

Features supported by HTTP2.0 compared to HTTP1.1:

  • New binary format: HTTP1.1 parsing is text-based. There are natural defects in format parsing based on text protocol. There are various forms of text expression, and many scenarios must be considered in order to achieve robustness. Binary is different, only recognizing the combination of 0 and 1. Based on this consideration HTTP2.0 protocol parsing decision to adopt binary format, implementation is convenient and robust.

  • Multiplexing, or connection sharing, means that each request is used as a connection sharing mechanism. A request corresponds to an ID. In this way, a connection can have multiple requests. The requests of each connection can be randomly mixed together, and the receiver can assign the requests to different server requests according to the REQUEST ID.

  • Header compression. HTTP1.1’s headers carry a lot of information and are sent repeatedly each time. HTTP2.0 uses encoder to reduce the size of the headers that need to be transferred. The communication parties cache a header fields table to avoid duplicate header transmission and reduce the size of the headers that need to be transferred.

  • Server push: In addition to the server’s response to the initial request, the server can push additional resources to the client without the explicit request from the client.

9. What is the difference between HTTP and HTTPS?

HTTP HTTPS
port 80 443
security No encryption, poor security With encryption mechanism, high security
Resource consumption less More resources are consumed due to encryption processing
Whether certificate is required Don’t need Need to be
agreement It runs on top of TCP Runs on TOP of SSL, which runs on top of TCP

10. Advantages and disadvantages of HTTPS?

Advantages:

  • Security:

    • HTTPS authenticates users and servers to ensure that data is sent to the right clients and servers.

    • HTTPS is a network protocol that uses SSL and HTTP to encrypt transmission and authenticate identity. It is more secure than HTTP and protects data from theft and alteration during transmission, ensuring data integrity.

    • HTTPS is the most secure solution under the current architecture, and while it is not absolutely secure, it significantly increases the cost of man-in-the-middle attacks.

  • SEO: Google tweaked its search engine in August 2014, saying that “HTTPS encrypted sites will rank higher in search results than comparable HTTP sites.”

Disadvantages:

  • In the same network environment, HTTPS has significantly higher response time and power consumption than HTTP.
  • HTTPS security has a range and is almost useless in the case of hacking, server hijacking, etc.
  • Under the existing certificate mechanism, man-in-the-middle attack is still possible.
  • HTTPS requires more server resources, which can lead to higher costs.

11. Explain how HTTPS works.

Image: segmentfault.com/a/119000002…

The encryption process is divided into:

  1. The client requests an HTTPS url and then connects to port 443 of the server (the HTTPS default port, which is similar to HTTP port 80).

  2. The SERVER that uses HTTPS must have a digital Certification Authority (CA) certificate. A private key and a public key are generated when a certificate is issued. The private key is kept by the server itself and cannot be disclosed. The public key is attached to the information of the certificate and can be made public. The certificate itself also comes with a certificate electronic signature, which verifies the integrity and authenticity of the certificate and prevents the certificate from being tampered with.

  3. The server responds to the client’s request by passing the certificate to the client, which contains the public key and a lot of other information, such as certificate authority information, company information, and certificate validity period.

  4. The client parses the certificate and validates it. If the certificate is not issued by a trusted authority, or the domain name in the certificate is inconsistent with the actual domain name, or the certificate has expired, a warning is displayed to the visitor and he or she can choose whether to continue the communication.

    If there is nothing wrong with the certificate, the client retrieves the server’s public key A from the server certificate. The client also generates A random code KEY and encrypts it using the public KEY A.

  5. The client sends the encrypted random code KEY to the server as the symmetric encryption KEY.

  6. After receiving the random KEY, the server decrypts it using the private KEY B. After these steps, the client and server finally establish a secure connection, perfect solution to the symmetric encryption key leakage problem, then you can use symmetric encryption to communicate happily.

  7. The server uses the KEY (random KEY) to symmetrically encrypt data and send it to the client. The client uses the same KEY (random KEY) to decrypt data.

  8. Both parties happily transfer all data using symmetric encryption.

12. The entire process after entering www.baidu.com in the browser?

  1. Domain name resolution (the domain name www.baidu.com becomes an IP address).

    The browser searches its DNS cache (maintaining a mapping table of domain names and IP addresses); If not, search the OPERATING system’s DNS cache (maintain a mapping table between domain names and IP addresses). If no, search for the hosts file of the operating system (maintain a mapping table between domain names and IP addresses).

    If no, the local DNS server (recursive query) is selected as the preferred DNS server set in TCP/IP parameters. The local DNS server queries its DNS cache. If no, the DNS server performs iterative query. The local DNS server returns the IP address to the operating system and caches the IP address.

  2. Initiates a TCP three-way handshake to establish a TCP connection. The browser initiates a TCP connection to the server’s Web application port 80 on a random port (1024-65535).

  3. After a TCP connection is established, an HTTP request is sent.

  4. The server responds to the HTTP request, and the client gets the HTML code. When the server Web application receives the HTTP request, it begins processing the request and returns the HTML file to the browser.

  5. The browser parses the HTML code and requests resources in the HTML.

  6. The browser renders the page and renders it to the user.

Attach a graphic picture:

13. What are cookies and sessions?

What is a Cookie

An HTTP Cookie (also known as a Web Cookie or browser Cookie) is a small piece of data that a server sends to a user’s browser and keeps locally. It is carried and sent to the server the next time the browser makes a request to the same server. Typically, it is used to tell the server whether two requests are from the same browser, such as to keep the user logged in. Cookies make it possible to record stable state information over stateless HTTP protocols.

Cookies are mainly used for the following three aspects:

  • Session state management (such as user login status, shopping cart, game score, or other information that needs to be logged)
  • Personalization (such as user-defined Settings, themes, etc.)
  • Browser behavior tracking (e.g. tracking and analyzing user behavior, etc.)

What is a Session

Session represents a Session between the server and the client. The Session object stores properties and configuration information required for a specific user Session. This way, variables stored in the Session object will not be lost when the user jumps between Web pages of the application, but will persist throughout the user Session. The Session ends when the client closes the Session or the Session times out.

14. How do cookies and sessions work together?

When a user requests the server for the first time, the server creates a corresponding Session based on the information submitted by the user. When the request is returned, the server returns the unique SessionID to the browser. After the browser receives the SessionID from the server, This information is stored in the Cookie, and the Cookie records which domain name the SessionID belongs to.

When the user accesses the server for the second time, the request will automatically determine whether there is Cookie information under the domain name. If there is Cookie information, the server will automatically send the Cookie information to the server, and the server will obtain the SessionID from the Cookie. If the Session id is not found, the user is not logged in or the login is invalid. If the Session id is found, the user is logged in and you can perform the following operations.

According to the above process, SessionID is a bridge between Cookie and Session, and most systems also verify user login status based on this principle.

15. What is the difference between Cookie and Session?

  • The scope is different. Cookies are stored on the client (browser) and sessions are stored on the server.
  • Cookie can only store ASCII, Session can store any data type, generally we can keep some commonly used variable information in Session, such as UserId, etc.
  • Cookies can be set to hold for a long time. For example, the default login function we often use, Session expiration time is generally short, and the client is closed or Session timeout will be invalid.
  • The privacy policies are different. Cookies are stored on the client, so they are easy to be obtained illegally. In the early days, some people stored users’ login names and passwords in cookies, resulting in information theft. Session is stored on the server and is more secure than cookies.
  • The storage size is different. The data saved by a single Cookie cannot exceed 4K. The Session can store much more data than cookies.

16. How to consider distributed sessions?

In order to support more traffic, Internet companies often need multiple servers at the back end to support the front-end user requests. If the user logs in at server A, the login failure will occur when the second request is sent to service B.

Distributed sessions generally have the following solutions:

  • Client storage: Information is directly stored in cookies. Cookies are a small piece of data stored on the client. The client interacts with the server through HTTP to store insensitive information
  • Nginx IP_hash policy: The server uses the Nginx proxy to allocate each request based on the hash of the access IP address. In this way, the requests from the same IP address can access the same background server, avoiding the problem that A Session is created on server A and the second Session is sent to server B.
  • Session replication: When a Session changes on any server, the node serializes all the contents of that Session and broadcasts them to all other nodes.
  • Shared Session: Stateless on the server, users’ Session information is centrally managed by cache middleware (such as Redis) to ensure that the response results distributed to each server are consistent.

The shared Session scheme is recommended.

17. What are DDos attacks?

DDos: Distributed Denial of Service attacks. The basic DOS attack process is as follows:

  1. The client sends a request link packet to the server.
  2. The server sends an acknowledgement packet to the client.
  3. The client does not send an acknowledgement packet to the server, and the server waits for an acknowledgement from the client

DDoS is a distributed approach that attacks multiple computers by occupying multiple “chickens” on the network.

DOS attacks are almost useless now because the servers are performing well and multiple servers are working together, so 1V1 hackers can’t get the upper hand. You can prevent DDOS attacks by:

  • Reduce SYN timeout. During the third step of the handshake, the server waits between 30 and 120 seconds. Reducing the wait time frees up more resources.
  • Limits the number of SYN half-connections that can be opened at the same time.

18. What is XSS attack?

XSS is also called Cross-site Scripting. This attack is caused by the server showing the attacker’s stored data to other users. For example, a forum with an XSS vulnerability can introduce code with < script > tags when a user posts, leading to the execution of malicious code.

Preventive measures include:

  • Front end: filter.
  • Back end: Escape. For example, go’s built-in processor has escape function.

19. What is SQL injection and how can IT be avoided?

SQL injection is the insertion of SQL statements into a string entered by the user. If the checks are ignored in a poorly designed program, the injected SQL statements can be mistaken for normal SQL statements and run by the database server, allowing an attacker to execute unplanned commands or access unauthorized data.

The principles of SQL injection are as follows

  • Malicious splicing query
  • Using comments to execute illegal commands
  • Passed invalid parameter
  • Add extra conditions

Some ways to avoid SQL injection:

  • Restrict database permissions and give users only the minimum permissions needed to do their job.
  • For special characters that enter the database (‘ “\ Angle brackets &*; Etc.) escape processing.
  • Provide a parameterized query interface instead of using native SQL directly.

20. What are the load balancing algorithms?

Multiple servers form a server set in a symmetric manner. Each server has equal status and can share load with each other.

  • Polling: Requests are assigned to the server in turn. Big pot, can’t play some of the advantages of high-performance servers.
  • Random method: Randomly obtain one, and polling similar.
  • Hash: Determines the number of the server to be selected by hashing the IP address. The advantage is that each time the client accesses the same server, it can make good use of session or cookie.
  • Weighted polling: Weighted according to server performance.

End

I will continue to export dry goods and grow with you

Also, autumn recruitment communication group continues to open, scan code plus me, remarks autumn recruitment, pull you into the group.

Shoulders of giants

Juejin. Cn/post / 684490…

www.justdojava.com/2019/11/03/…

Juejin. Cn/post / 684490…

Segmentfault.com/a/119000002…

jiangren.work/2020/02/16/

www.cnblogs.com/ityouknow/p…

Juejin. Cn/post / 684490…

Here I also recommend a collection of computer books warehouse, the warehouse has hundreds of classic CS e-books, read the classic books will be deeper ~

Click this link to get you to the list of must-read books (PDF download included)

Github also has a repository at github.com/cosen1024/a… Welcome to star.