Web Systems Development (CSC-215)

Slides:



Advertisements
Similar presentations
Chapter 6 Server-side Programming: Java Servlets
Advertisements

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Multiple Tiers in Action
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!
Chapter 4 Mixing PHP and HTML  In this chapter, you’ll learn how to do the following: -Recognize and use the different kinds of PHP start and end tags.
Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:
NMED 3850 A Advanced Online Design January 12, 2010 V. Mahadevan.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Website Development with PHP and MySQL Saving Data.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Web Database Programming Week 7 Session Management & Authentication.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application.
PHP-based Authentication
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
הרצאה 4. עיבוד של דף אינטרנט דינמי מתוך Murach’s PHP and MySQL by Joel Murach and Ray Harris.  דף אינטרנט דינמי משתנה עפ " י הרצת קוד על השרת, יכול להשתנות.
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Various Notes on PHP Several useful tidbits not discussed in class.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
(Some from Chapter 11.9 – “Web” 4 th edition and
Preventing MySQL Injection Sonja Parson COSC 5010 Security Presentation April 26, 2005.
Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.
How Web Database Architectures Work CPS181s April 8, 2003.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
START Application Spencer Johnson Jonathan Barella Cohner Marker.
1-way String Encryption Rainbows (a.k.a. Spectrums) Public Private Key Encryption HTTPS Encryption.
Tonga Institute of Higher Education IT 141: Information Systems
Introduction to Dynamic Web Programming
Encryption 1-way String Encryption Rainbows (a.k.a. Spectrums)
Chapter 2 Client/Server Applications
Web Programming Language
Security.
Database Driven Websites
Web Systems Development (CSC-215)
Web Systems Development (CSC-215)
Web Systems Development (CSC-215)
PHP: Security issues FdSc Module 109 Server side scripting and
Tonga Institute of Higher Education IT 141: Information Systems
Web Systems Development (CSC-215)
Web Systems Development (CSC-215)
Tonga Institute of Higher Education IT 141: Information Systems
Security.
Web Programming Language
Back end Development CS Programming Languages for Web Applications
CS5220 Advanced Topics in Web Programming Secure REST API
Web Programming Language
Client-Server Model: Requesting a Web Page
Back end Development CS Programming Languages for Web Applications
Presentation transcript:

Web Systems Development (CSC-215) Lecture 13: HTTP Authentication

Class Test 3 Wednesday 4th April Lecture 12 & 13 Lab question (remember to bring laptops)

Saving State Query strings Cookies HTTP authentication Sessions

HTTP Authentication Uses web server to manage users and passwords for the application Adequate for simple applications that require logins – but not enough for specialized needs

How does it work? PHP sends header request asking to start an authentication dialog with the browser Server must have this feature turned on for it to work (setting is usually on in most cases)

On Cancel

After entry

Note After username & password have been entered, all browser instances need to be closed to run the script from scratch

Check for valid username and password

Storing User Names & Passwords Use databases, but even there, storing in plain text is not the best idea Use a one-way function Converts a string of text into a seemingly random string One way, so virtually impossible to reverse Output can therefore be saved in database Even if someone manages to access it, it will be unusable

Storing User Names & Passwords Algorithms no longer recommended for use: md5, sha1, sha2 Use PHP hash function with the ripemd algorithm Returns 32 character hexadecimal number

Hash function benefit Just update function when there are developments in security algorithms

Salting To overcome deficiencies in hashing (use brute force on database of known tokens) Simply addition of some text that only you (the programmer) know of

Create user table and add two accounts

Proper User Authentication

Practice Activity Create a database of three users via script Implement the authentication script (as give in the previous slides)

Lecture content adapted from chapter 13 of Learning PHP, MySQL, JavaScript, CSS & HTML5 & chapter 10 of Beginning PHP 5.3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.