Authentication Stepped Up Persistent User Data Protected Content.

Slides:



Advertisements
Similar presentations
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
Advertisements

The Collections Keeper A collections management system Brian J. Mullen.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
Advanced Web 2012 Lecture 12 Sean Costain Course Summary Sean Costain 2012 To develop skills in web design and authoring  Html 5 / CSS 3 / PHP.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:
Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.
Chapter 6: Authentications. Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
DataFlow Diagram – Level 0
Database Access Control IST2101. Why Implementing User Authentication? Remove a lot of redundancies in duplicate inputs of database information – Your.
Advanced Web 2012 Lecture 11 Sean Costain 2012.
IS2803 Developing Multimedia Applications for Business (Part 2) Lecture 1: Introduction to IS2803 Rob Gleasure
LOGIN FORMS.
DATABASE ACCESS CONTROL IST Question Almost every PHP page needs to interact with database, does that mean sqlUsername and sqlPassword need to be.
Brad N Greenwood, PhD MBA
Sessions and cookies MIS 3501 Jeremy Shafer Department of MIS
PHP 3.
Tonga Institute of Higher Education IT 141: Information Systems
Managing State Chapter 13.
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Organize your code with MVC
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
Microsoft WorkSpace Step by Step Guide January 2017.
Web Design and Development
A Technical Overview of Microsoft® SQL Server™ 2005 High Availability Beta 2 Matthew Stephen IT Pro Evangelist (SQL Server)
PHP & MySQL Introduction.
>> PHP: HTML Integration
Cross-Site Forgery
>> PHP: Form Processing
Easy Way to Export All WordPress URLs in Plain Text Guided By: - WPGLOBALSUPPORTWPGLOBALSUPPORT.
Cookies BIS1523 – Lecture 23.
* Lecture 26 Manifest Asynchrony
Server Side Programming Overview And file system basics
Introduction to Databases with MAMP/LAMP/WAMP thrown in!
Multifactor Authentication & First Time Login
CT Web Development, Colorado State University
* Lecture 12 Mapping, Map Reduction Summing integers,
HTML5 Drawing Canvas and Video
Web Systems Development (CSC-215)
Handling Files In particular, uploading files.
Tables from Arrays of Objects Exploding Strings
Content Management and WordPress
HTML Basics & Context & IDEs & Server Basics & Online Notes
* Lecture 22 Images * Course logo spider web photograph from Morguefile openstock photograph by Gabor Karpati, Hungary.
Organize your code with MVC
Introduction to AJAX and the migration toward applications
MySQL Tables and Relations 101
Tonga Institute of Higher Education IT 141: Information Systems
* Lecture 5 PHP Basics * Course logo spider web photograph from Morguefile openstock photograph by Gabor Karpati, Hungary.
Title: Tech Training Certificate: Ace of Initiative Program
Querying Client Information Forms and Passing Data,
* jQuery * Course logo spider web photograph from Morguefile openstock photograph by Gabor Karpati, Hungary.
Building Web Applications
Sessions and cookies (part 1)
Inside Module 3 Working with Eloquence Page
CSE 154 Lecture 21: Sessions.
Tonga Institute of Higher Education IT 141: Information Systems
Sessions and cookies MIS 3501 Jeremy Shafer Department of MIS
Server Side Programming Overview And file system basics
Requests and Server Response Codes
Handling Files In particular, uploading files.
MySQL Web Application Connecting to a MySQL database
Loops and Conditionals Generating , Reading files.
Alternatives to our approach
Security - Forms Authentication
Presentation transcript:

Authentication Stepped Up Persistent User Data Protected Content. * Lecture 15 Authentication Stepped Up Persistent User Data Protected Content. * Course logo spider web photograph from Morguefile openstock photograph by Gabor Karpati, Hungary.

First - Update on Hashing Previous Lecture covered md5 using explicit salt There is a better way The password hash and verify pair. Also, in this lecture A step toward databases Object information in spreadsheets Users in comma-separated-value files 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz A Better Way md5 is getting tired Today – password_hash() 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz Blowfish Hashing 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz 12/5/2018

Back to Authentication Where to store information? Up until now - hard coded info. This lecture we want info on disk. But how? Separate database server (not yet) Lightweight database system (not yet) In a plain file (yes!) But how to format the file? 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

Again – Learn by Example 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz Example 02: Learn Use of bcrypt in PHP Paired functions hash and verify Persistent store of user data (CSV) KISS principal sometimes applies. Protected pages, password control Protection through redirects The header command 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

Example 02: File Overview admin.php: when logged in, see hash of alternative passwords. control.php: always include, redirects to login unless login established. footer.php: common page footer with links. header.php: common header with title. index.php: represents protected site content. login.php: implement password login with redirect when successful. logout.php: destroy session, redirect to login. support.php: function library, mostly to support creation, reading, and writing of users file. users.csv: list of site users and hashed passwords. 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

Overview - Persistence Issue: Data Persistence 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz Two Faces RAM Store user information as an array of User Object Instances Disk Store user information as a comma separated variable spreadsheet writeUsers() readUsers() CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz 12/5/2018

CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz Define a User Take note that if no user.csv file exists then a new default file is created. This bootstraps the system and avoids the problem of formatting a file from scratch. 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

Step Away from PowerPoint Please study this example carefully! There is a lot to notice Try deleting the users.csv file Pay attention to redirects! Study password hashing and verification Ask yourself: Why no web interface to set password? 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.