Security: Authentication & Authorization

Slides:



Advertisements
Similar presentations
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
Advertisements

ASP Cookies Y.-H. Chen International College Ming-Chuan University Fall, 2004.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.
Postacademic Interuniversity Course in Information Technology – Module C1p1 Contents Data Communications Applications –File & print serving –Mail –Domain.
Web-based E-commerce Architecture
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
MACIASZEK, L.A. (2001): Requirements Analysis and System Design. Developing Information Systems with UML, Addison Wesley Chapter 6 - Tutorial Guided Tutorial.
MMTK Access control. Session overview Introduction to access control Passwords –Computers –Files –Online spaces and networks Firewalls.
Introduction to ASP.NET1. 2 Web applications in general Web applications are divided into two parts –The server part –The client part The server part.
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
Web Database Programming Week 7 Session Management & Authentication.
Qaforum Security Structure. What’s SSO Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a.
The Problem of State. We will look at… Sometimes web development is just plain weird! Internet / World Wide Web Aspects of their operation The role of.
CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.
Web Measurement. The Web is Different from other Commuication Media More precise measurement of activity on Web sites is available More precise measurement.
Display Page (HTML/CSS)
COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.
Cookies and Sessions in PHP. Arguments for the setcookie() Function There are several arguments you can use i.e. setcookie(‘name’, ‘value’, expiration,
COOKIES AND SESSIONS.
ASP.NET WEB Applications. ASP.NET  Web application framework developed by Microsoft  Build dynamic data driven web applications and web services  Subset.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
MVC Controllers TestsMigrations Ye Olde Internet Model DB Server Router View Browser Today’s focus Controller.
Understand User Authentication LESSON 2.1A Security Fundamentals.
Databases and the MVC Model
Cookies Tutorial Cavisson Systems Inc..
NodeJS Security Using PassportJS and HelmetJS:
Data security OCR Cambridge Nationals in ICT Level 1/2 © Hodder & Stoughton 2013.
Section 6.3 Server-side Scripting
Security: Exploits & Countermeasures
Security: Exploits & Countermeasures
Security Issues.
Chapter 8 Building the Transaction Database
SECURITY in IT ~Shikhar Agarwal.
Server Concepts Dr. Charles W. Kann.
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Web Programming Language
Web Server Design Assignment #4: Authentication
Cookies and Sessions in PHP
How to Check if a site's connection is secure ?
Cross-Site Request Forgeries: Exploitation and Prevention
WEB API.
CS122B: Projects in Databases and Web Applications Spring 2017
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Session Hijacking Tarun Lall.
CS122B: Projects in Databases and Web Applications Spring 2018
Strong Password Authentication Protocols
ASP.NET Module Subtitle.
CS122B: Projects in Databases and Web Applications Winter 2018
Web Programming Language
Cookies and sessions Saturday, February 23, 2019Saturday, February 23,
COSC-100 (Elements of Computer Science) Prof. Juola
Databases and the MVC Model
Databases and the MVC Model
Security: Exploits & Countermeasures
MVC Controllers.
MVC Controllers.
Security: Exploits & Countermeasures
Key Distribution Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, /18/2019 Ref: Pfleeger96, Ch.4.
Databases and the MVC Model
Security: Exploits & Countermeasures
Web Server Design Week 11 Old Dominion University
Web Programming Language
MVC Controllers.
Electronic Payment Security Technologies
Web Servers (IIS and Apache)
Security: Attacks & Countermeasures
CS122B: Projects in Databases and Web Applications Winter 2019
Presentation transcript:

Security: Authentication & Authorization http://flic.kr/p/9UQDPM Security: Authentication & Authorization

In the most general terms, what bad things does computer security aim to prevent?

In the most general terms, what bad things does computer security aim to prevent? Unauthorized access to data Unauthorized modification of data Unauthorized control

Two Key Security Concerns Authentication Who is the user? Authorization What is the user allowed to do/access?

What methods of authentication are there?

What methods of authentication are there? Passwords Biometrics SMS code Secret question USB key

Where should authentication/authorization go? Ye Olde Internet Browser Rails Router Controller View Model DB

Where should authentication/authorization go? Ye Olde Internet Browser Rails Router Controller View Model DB Around here!

Given stateless nature of HTTP, how to prevent user from re-authenticating with each HTTP request? Ye Olde Internet Browser Rails Router Controller View Model DB

Given stateless nature of HTTP, how to prevent user from re-authenticating with each HTTP request? Ye Olde Internet Browser Rails Router Controller View Model DB Sessions/Cookies

How Cookies Work From: http://en.wikipedia.org/wiki/HTTP_cookie

A session is a server-side object that stores “conversational state” Ye Olde Internet Browser Rails Router Controller View Model DB

How to do authorization?

Role-Based Access Control Taken from http://en.wikipedia.org/wiki/Role-based_access_control

Final Note About Authentication and Authorization in Rails Example time! See: https://github.com/sdflem/auth_skeleton Rails Tutorial (Hartl) does “by hand” Gems available as well Devise most popular?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.