Glossary
Available Languages: | | |
This glossary defines some of the common terminology related to Apache in
particular, and web serving in general. More information on each concept is
provided in the links.
-
- The restriction of access to network realms. In an Apache context usually
the restriction of access to certain URLs.
See:
-
- An unambiguous formula or set of rules for solving a problem in a finite
number of steps. Algorithms for encryption are usually called
Ciphers.
# 注释 :所谓 Algorithm
就是一个不明确的公式或者一系列规则,用于解决一个问题。用于加密的的算法一般称之为 “Cipher”
-
-
- A perl script that aids in compiling → sources
into Dynamic Shared Objects (→ s) and helps
install them in the Apache Web server.
See: Manual Page:
-
- The positive identification of a network entity such as a server, a client,
or a user.
See:
# 注释 :所谓
"Authentication" 就是对一个网络实体(例如服务器、客户机、用户)的身份的正面肯定
-
- A data record used for authenticating network entities such as a server or a
client. A certificate contains X.509 information pieces about its owner (called
the subject) and the signing → (called the issuer), plus the owner's →
and the signature made by the CA. Network entities verify these signatures using
CA certificates.
See:
# 注释 :所谓 "Certificate"
,就是一个数据记录,用于认证一个网络实体(例如服务器、客户机)。一个证书含有关于它的持有人(称为 Subject)的 X.509 信息块,
# 加上所有者的公钥以及由 CA 的私钥的签名。如果要验证一份证书的真假,需要用对该证书进行签名的 CA
自己的证书
-
- An unsigned →
for submission to a → , which signs it with the →
of their CA Certificate. Once the CSR is signed, it becomes a real
certificate.
See:
# 注释 :所谓“证书签名请求(Certificate Signning
Request)”,就是把一份未签名的证书提交给一个 CA ,申请用该 CA 的私钥进行加密。
# 一旦几个 CSR 被签名,就立即变成一份真实的证书
-
- A trusted third party whose purpose is to sign certificates for network
entities it has authenticated using secure means. Other network entities can
check the signature to verify that a CA has authenticated the bearer of a
certificate.
See:
# 注释 :所谓 CA(certificate
authority)是一个受信任的第三方组织,它的目的是对某个网络实体的证书请求(CSR)使用自己的私钥进行签名。
#
其他网络实体如果想检验某份由该 CA 所签名的证书的真假,可以使用该 CA 的公钥对证书进行解密。如果能够解开,就说明这份证书的确是由该 CA
所签名的。
# 因为签名是由 CA 的私钥加密的,而私钥只有 CA
知道(假设它保管良好),而一个公钥只能和一个唯一的私钥对应,所以只要能够解密,就证明的确是该 CA
#
的私钥加密的,也就是等于承认了该证书的真实性。
-
- An algorithm or system for data encryption. Examples are DES, IDEA, RC4,
etc.
See:
# 注释 :Cipher 就是专门指对数据进行加密的算法,例如
DES、IDEA、RC4
-
- The result after → is
passed through a → .
See:
# 注释 :所谓 Cipertext 就是密文,也就是明文经过加密后的结果
-
- A standard definition for an interface between a web server and an external
program that allows the external program to service requests. The interface was
originally defined by but there is also
an .
See:
# 注释 :CGI 就是公共网关接口。是一个标准,用于 web
服务器和外部程序的接口,允许外部程序(不是 httpd)来服务器请求
-
- See: →
-
- A text file containing →
that control the configuration of Apache.
See:
-
- An HTTP → for
proxying raw data channels over HTTP. It can be used to encapsulate other
protocols, such as the SSL protocol.
# 注释 :CONNECT
是一种 HTTP method ,用于通过 HTTP 来代理原始数据通道。它可以用于封装其他的协议,例如 SSL 协议
-
- An area in the → where certain types of →
are allowed.
See:
-
- An encrypted text block that validates a certificate or other file. A → creates a signature by generating a hash of the Public
Key embedded in a Certificate, then encrypting the hash with its
own Private Key. Only the CA's public key can decrypt the signature,
verifying that the CA has authenticated the network entity that owns the
Certificate.
See:
# 注释 :所谓数字签名就是一个加密的文本块(text
block),用于验证一个证书或者其他文件(的真实性)。CA 建立一个证书的过程是对嵌入在证书签名请求(CSR)中的
# 公钥计算出一个 hash 值,然后用它的私钥进行加密,这个加密的 hash
值(摘要)就是数字签名。这样一来,只有该 CA 的公钥才能解开前面的签名,然后对证书中的公钥
# 计算出一个 hash 值,再和解密后得到的原始
hash 值比较,如果两者相等,就证明证书的真实性
-
- A configuration command that controls one or more aspects of Apache's
behavior. Directives are placed in the →
See:
-
- →
compiled separately from the Apache
See:
-
- Named variables managed by the operating system shell and used to store
information and communicate between programs. Apache also contains internal
variables that are referred to as environment variables, but are stored in
internal Apache structures, rather than in the shell environment.
See:
-
- Diminished in cryptographic strength (and security) in order to comply with
the United States' Export Administration Regulations (EAR). Export-crippled
cryptographic software is limited to a small key size, resulting in
Ciphertext which usually can be decrypted by brute force.
See:
# 注释 :所谓 Export-Crippled 就是指美国对于加密算法的出口的限制,只能出口那些
key 的长度较小的算法,这样的算法安全性降低了,相对容易破解
-
- A process that is applied to data that is sent or received by the server.
Input filters process data sent by the client to the server, while output
filters process documents on the server before they are sent to the client. For
example, the
INCLUDES output filter processes documents for → .
See:
-
- The unique name of a network entity, consisting of a hostname and a domain
name that can resolve to an IP address. For example,
www is a
hostname, example.com is a domain name, and
-
- An internal Apache representation of the action to be performed when a file
is called. Generally, files have implicit handlers, based on the file type.
Normally, all files are simply served by the server, but certain file types are
"handled" separately. For example, the
cgi-script handler
designates files to be processed as → .
See:
-
- A mathematical one-way, irreversable algorithm generating a string with
fixed-length from another string of any length. Different input strings will
usually produce different hashes (depending on the hash function).
# 注释 :Hash
是一种用于计算数字摘要的算法。是一种单向的、不可逆的算法,确保不能从摘要推算出原文。它的计算结果是一个固定长度的字符串,不管原文有多长。
# 而且它要确保不同的原文必须产生不同的输出,不可能相同。
-
- The part of the → request and
response that is sent before the actual content, and that contains
meta-information describing the content.
-
- A → that is placed inside the web tree and applies configuration →
to the directory where it is placed and all sub-directories. Despite its name,
this file can hold almost any type of directive, not just access-control
directives.
See:
-
- The main Apache → . The default location is
/usr/local/apache2/conf/httpd.conf, but it may be moved using
run-time or compile-time configuration.
See:
-
- The standard transmission protocol used on the World Wide Web. Apache
implements version 1.1 of the protocol, referred to as HTTP/1.1 and defined by
.
-
- The HyperText Transfer Protocol (Secure), the standard encrypted
communication mechanism on the World Wide Web. This is actually just HTTP over
→ .
See:
# 注释 :HTTPS 是安全超文本传输协议。用于Internet web
服务的标准的加密通信方案。实际上它是 HTTP over SSL 而已。
-
- In the context of → , an action
to perform on a resource, specified on the request line by the client. Some of
the methods available in HTTP are
GET, POST, and
PUT.
# 注释 :所谓 Method 就是在 HTTP
协议中,针对某个资源的一个动作,由客户机给出,例如 GET、POST、PUT
-
- A hash of a message, which can be used to verify that the contents of the
message have not been altered in transit.
See:
# 注释 :消息摘要就是前面提到的 Hash
算法的计算结果。可以用于检验消息是否在传输过程中被修改过,所以它是用于确保消息的完整性的。
-
- A way to describe the kind of document being transmitted. Its name comes
from that fact that its format is borrowed from the Multipurpose Internet Mail
Extensions. It consists of a major type and a minor type, separated by a slash.
Some examples are
text/html, image/gif, and
application/octet-stream. In HTTP, the MIME-type is transmitted in
the Content-Type → .
See:
# 注释 :
-
- An independent part of a program. Much of Apache's functionality is
contained in modules that you can choose to include or exclude. Modules that are
compiled into the Apache
See:
- ()
- Module Magic Number is a constant defined in the Apache source code that is
associated with binary compatibility of modules. It is changed when internal
Apache structures, function calls and other significant parts of API change in
such a way that binary compatibility cannot be guaranteed any more. On MMN
change, all third party modules have to be at least recompiled, sometimes even
slightly changed in order to work with the new version of Apache.
-
- The Open Source toolkit for SSL/TLS
See #
# 注释 :OpenSSL 是 SSL/TLS 的开源实现
-
- The word or phrase that protects private key files. It prevents unauthorized
users from encrypting them. Usually it's just the secret encryption/decryption
key used for → .
See:
# 注释 :口令句是用于加密 private key 的一个字符串,因为 private key
是文件的形式存在的,如果权限设置不当就有泄露的可能性,
# 所以建议使用口令句进行加密
-
- The unencrypted text.
# 注释
:明文(plaintext)就是未加密的原始消息内容
-
- The secret key in a → system, used to decrypt incoming messages and sign outgoing
ones.
See:
# 注释 :private key
用于解密由公钥加密的密文(CipherText)以及进行签名
-
- An intermediate server that sits between the client and the origin
server. It accepts requests from clients, transmits those requests on to
the origin server, and then returns the response from the origin server to the
client. If several clients request the same content, the proxy can deliver that
content from its cache, rather than requesting it from the origin server each
time, thereby reducing response time.
See:
-
- The publicly available key in a → system, used to encrypt messages bound for its owner and to
decrypt signatures made by its owner.
See:
# 注释 :public key
是用于加密要发送的消息,以及用于解密由私钥加密的数据(一般是数字签名)
-
- The study and application of asymmetric encryption systems, which use one
key for encryption and another for decryption. A corresponding pair of such keys
constitutes a key pair. Also called Asymmetric Cryptography.
See:
# 注释 :public key Cryptography
(公钥密码学)就是指非对称加密系统的研究和应用。
-
- A way of describing a pattern in text - for example, "all the words that
begin with the letter A" or "every 10-digit phone number" or even "Every
sentence with two commas in it, and no capital letter Q". Regular expressions
are useful in Apache because they let you apply certain attributes against
collections of files or resources in very flexible ways - for example, all .gif
and .jpg files under any "images" directory could be written as
"
/images/.*(jpg|gif)$". Apache uses Perl Compatible Regular
Expressions provided by the library.
-
- A → server
that appears to the client as if it is an origin server. This is useful
to hide the real origin server from the client for security reasons, or to load
balance.
- Secure
Sockets Layer
- A protocol created by Netscape Communications Corporation for general
communication authentication and encryption over TCP/IP networks. The most
popular usage is HTTPS, i.e. the HyperText Transfer Protocol (HTTP)
over SSL.
See:
# 注释 :所谓 SSL (secure socket
layer)就是一个 Netscape 公司建立的协议,用于基于 TCP/IP 网络的普通的通信认证和加密。最常见的用途就是 HTTPS,
#
也就是 HTTP over SSL
-
- A technique for embedding processing directives inside HTML files.
See:
# 注释 :所谓 SSI(Server Side
Include)就是一个用于嵌入处理指定到 HTML 文件中的技术
-
- The context information of a communication in general.
# 注释 :session(会话)就是泛指一个通信的上下文信息
-
- The original SSL/TLS implementation library developed by Eric A. Young
-
- The study and application of Ciphers that use a single secret key
for both encryption and decryption operations.
See:
# 注释 :对称密码学就是对只使用一个 share secret
,同时用于加密和解密的技术的研究和应用
-
- A package of files gathered together using the
tar utility.
Apache distributions are stored in compressed tar archives or using pkzip.
- Transport Layer Security
- The successor protocol to SSL, created by the Internet Engineering Task
Force (IETF) for general communication authentication and encryption over TCP/IP
networks. TLS version 1 is nearly identical with SSL version 3.
See:
# 注释 :TLS(传输层安全)是 SSL v3 的升级版,TLS v1 基本上 SSL v3
相同。
-
- The name/address of a resource on the Internet. This is the common informal
term for what is formally called a → . URLs are usually made up of a scheme, like
http or https, a hostname, and a path. A URL for this
page is
# 注释 :URL (统一资源定位符)是对 Internet
上一个资源的“位置”的标识。有一个相对正式的名称 URI(统一资源标识)。
-
- A compact string of characters for identifying an abstract or physical
resource. It is formally defined by . URIs used on the
world-wide web are commonly referred to as → .
# 注释 :URI 一般就是指 URL
-
- Serving multiple websites using a single instance of Apache. IP virtual
hosting differentiates between websites based on their IP address, while
name-based virtual hosting uses only the name of the host and can
therefore host many sites on the same IP address.
See: Apache Virtual Host
documentation
# 注释 :所谓虚拟主机就是指只运行一个 Apache
,但却可以服务于多个站点,可以有基于 ip 和基于名称的两种
-
- An authentication certificate scheme recommended by the International
Telecommunication Union (ITU-T) which is used for SSL/TLS
authentication.
See:
# 注释 :X.509
是一个证书标准的方案。
Available Languages: | | |
阅读(1422) | 评论(0) | 转发(1) |
