Compiling Web Scripts for Apache Jacob Matthews Luke Hoban Robby Findler Rice University.

Slides:

Advertisements

Similar presentations

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.

Advertisements

JQuery MessageBoard. Lets use jQuery and AJAX in combination with a database to update and retrieve information without refreshing the page. Here we will.

Microsoft ® Office Word 2007 Training Table of Contents III: Use fields to create a TOC and create multiple TOCs Neeginan Institute of Applied Technology.

CIS 4004: Web Based Information Technology Spring 2013

George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.

DT211/3 Internet Application Development JSP: Processing User input.

J4www/jea Week 3 Version Slide edits: nas1 Format of lecture: Assignment context: CRUD - “update details” JSP models.

JavaScript Forms Form Validation Cookies CGI Programs.

Python and Web Programming

XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.

ASP.NET Programming with C# and SQL Server First Edition

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

CGI programming Using Apache. Concepts Browser prepares parameter list List is attached to name of program to run on server "submit" button sends string.

Creating Web Page Forms

 2004 Prentice Hall, Inc. All rights reserved. Chapter 25 – Perl and CGI (Common Gateway Interface) Outline 25.1 Introduction 25.2 Perl 25.3 String Processing.

PHP and SQL Server: Queries IST2101. Project Report 4 SQL Queries Due Sunday, 4/5 at 11:59pm Instructions on how to access team webspace and SQL database.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

PHP Programming. Topics Background and History of PHP Installation Comments in PHP Variables Conditions Loops Functions File Handling Database Handling.

M. Taimoor Khan * Java Server Pages (JSP) is a server-side programming technology that enables the creation of dynamic,

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

FALL 2005CSI 4118 – UNIVERSITY OF OTTAWA1 Part 4 Web technologies: HTTP, CGI, PHP,Java applets)

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

MIS 3200 – Unit 6.2 Learning Objectives How to move data between pages – Using Query Strings How to control errors on web pages – Using Try-catch.

INFM 603: Information Technology and Organizational Context Jimmy Lin The iSchool University of Maryland Thursday, October 18, 2012 Session 7: PHP.

JavaScript & jQuery the missing manual Chapter 11

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

9 Chapter Nine Compiled Web Server Programs. 9 Chapter Objectives Learn about Common Gateway Interface (CGI) Create CGI programs that generate dynamic.

Internet Browsing the world. Browse Internet Course contents Overview: Browsing the world Lesson 1: Internet Explorer Lesson 2: Save a link for future.

Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and check boxes using HTML Add a pull-down.

Lecture # 6 Forms, Widgets and Event Handling. Today Questions: From notes/reading/life? Share Personal Web Page (if not too personal) 1.Introduce: How.

Chapter 34 Java Technology for Active Web Documents methods used to provide continuous Web updates to browser – Server push – Active documents.

Tutorial 8 Programming with ActionScript 3.0. XP Objectives Review the basics of ActionScript programming Compare ActionScript 2.0 and ActionScript 3.0.

Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.

Extending HTML CPSC 120 Principles of Computer Science April 9, 2012.

20-753: Fundamentals of Web Programming 1 Lecture 12: Javascript I Fundamentals of Web Programming Lecture 12: Introduction to Javascript.

1 Nov 2001Yale1 Programming Interactive Web Scripts Matthias Felleisen Northeastern University.

Debugging in Java. Common Bugs Compilation or syntactical errors are the first that you will encounter and the easiest to debug They are usually the result.

Chapter 8 Collecting Data with Forms. Chapter 8 Lessons Introduction 1.Plan and create a form 2.Edit and format a form 3.Work with form objects 4.Test.

Website Development with PHP and MySQL Saving Data.

CS 320 Assignment 1 Rewriting the MISC Osystem class to support loading machine language programs at addresses other than 0 1.

Forms and Server Side Includes. What are Forms? Forms are used to get user input We’ve all used them before. For example, ever had to sign up for courses.

An Introduction to Designing and Executing Workflows with Taverna Aleksandra Pawlik materials by: Katy Wolstencroft University of Manchester.

Variables and ConstantstMyn1 Variables and Constants PHP stands for: ”PHP: Hypertext Preprocessor”, and it is a server-side programming language. Special.

CSC 2720 Building Web Applications Server-side Scripting with PHP.

Diagnostic Pathfinder for Instructors. Diagnostic Pathfinder Local File vs. Database Normal operations Expert operations Admin operations.

CS 4720 Dynamic Web Applications CS 4720 – Web & Mobile Systems.

HTML Form Widgets. Review: HTML Forms HTML forms are used to create web pages that accept user input Forms allow the user to communicate information back.

1 Building FORMS In When a visitor enters information into a web form displayed in a web browser and clicks the submit button, the information is sent.

Overview of Form and Javascript fundamentals. Brief matching exercise 1. This is the software that allows a user to access and view HTML documents 2.

Microsoft FrontPage 2003 Illustrated Complete Integrating a Database with a Web Site.

Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.

Creating a simple database This shows you how to set up a database using PHPMyAdmin (installed with WAMP)

HTML Forms. A form is simply an area that can contain form fields. Form fields are objects that allow the visitor to enter information - for example text.

Functions.  Assignment #2 is now due on Wednesday, Nov 25 th  (No Quiz)  Go over the midterm  Backtrack and re-cover the question about tracing the.

CSC 405: Web Application Engineering II8.1 Web programming using PHP What have we learnt? What have we learnt? Underlying technologies of database supported.

Web Programming Overview. Introduction HTML is limited - it cannot manipulate data How Web pages are extended (include): –Java: an object-oriented programming.

11 Debugging Programs Session Session Overview  Create and test a method to calculate percentages  Discover how to use Microsoft Visual Studio.

JavaScript Introduction and Background. 2 Web languages Three formal languages HTML JavaScript CSS Three different tasks Document description Client-side.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

HTML Structure II (Form) WEEK 2.2. Contents Table Form.

Unit 4 Working with data. Form Element HTML forms are used to pass data to a server. A form can contain input elements like text fields, checkboxes, radio-buttons,

Lesson 11. CGI CGI is the interface between a Web page or browser and a Web server that is running a certain program/script. The CGI (Common Gateway Interface)

Dan Grossman / Eric Mullen Autumn 2017

Presentation transcript:

Compiling Web Scripts for Apache Jacob Matthews Luke Hoban Robby Findler Rice University

The Goal (Version 1) Write a CGI program like this: (let ((n (read-from-web “Type a number: ”)) (m (read-from-web “and another: ”))) (display-to-web “The sum is: ” (+ n m)))

(let ((n (read-from-web “Type a number: ”)) (m (read-from-web “And another: ”))) (display-to-web “The sum is: ” (+ n m)))

(let ((n (read-from-web “Type a number: ”)) (m (read-from-web “And another: ”))) (display-to-web “The sum is: ” (+ n m)))

(let ((n (read-from-web “Type a number: ”)) (m (read-from-web “And another: ”))) (display-to-web “The sum is: ” (+ n m)))

(let ((n (read-from-web “Type a number: ”)) (m (read-from-web “And another: ”))) (display-to-web “The sum is: ” (+ n m)))

(let ((n (read-from-web “Type a number: ”)) (m (read-from-web “And another: ”))) (display-to-web “The sum is: ” (+ n m)))

(let ((n (read-from-web “Type a number: ”)) (m (read-from-web “And another: ”))) (display-to-web “The sum is: ” (+ n m)))

(let ((n (read-from-web “Type a number: ”)) (m (read-from-web “And another: ”))) (display-to-web “The sum is: ” (+ n m)))

An Observation (let ((n (read-from-web “Type a number: ”)) (m (read-from-web “and another: ”))) (display-to-web “The sum is: ” (+ n m)))

An Observation (let ((n (read-from-web “Type a number: ”)) (m (read-from-web “and another: ”))) (display-to-web “The sum is: ” (+ n m))) n = 4 If we have the red and the blue box, we can resume the program at that point as many times as we want.

CPS Form There’s already a standard transformation that does what we want! CPS conversion, lambda-lifting, and closure conversion give us red boxes at every point and arrows connecting them (let ((n (read-from-web “Type a number: ”)) (m (read-from-web “and another: ”))) (display-to-web “The sum is: ” (+ n m)))

Read-from-web (let ((n (read-from-web “Type a number: ”)) (m (read-from-web “and another: ”))) (display-to-web “The sum is: ” (+ n m))) n = 4 <INPUT TYPE=“hidden” NAME=“environment” VALUE=“n=4”> <INPUT TYPE=“hidden” NAME=“What’s Left?” VALUE=“A B C”>

So what can we handle? §Creating, invoking, and passing closures  Creating and passing other basic values (cons, vector, string, etc)  Basic control constructs ( if, let, cond, etc.) §call/cc

What can’t we handle? §variable assignment §mutable values §generative structures §exception handling §dynamic evaluation §input/output ports §threads §integration with native code §…§…

Plus … §… we have to be efficient! §… we have to be secure!

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop)))) sum = 9

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop))))

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop)))) sum = 12 But then, the user hits the ‘Back’ button...

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop)))) sum = 9 sum = 9, not 12!

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop)))) sum = 9

Variable Assignment (let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop)))) a = 9 sum = [a]

Variable Assignment (let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop)))) a = 9

Variable Assignment (let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop)))) a = 12

Variable Assignment (let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop)))) a = 12

Variable Assignment (let ((sum (box 0))) (let loop () (let ((i (read-from-web "Type a number"))) (set-box! sum (+ sum i)) (loop)))) a = 12

Variable Assignment (let ((sum 0)) (let loop () (let ((i (read-from-web "Type a number"))) (set! sum (+ sum i)) (loop)))) a = 12 If the user hits the back button now, everything still works! sum = [a]

So where does the purple box go? §We need some place that’s associated with a particular user, but not a particular web page §Browser cookies might work

Mutable Values H do we handle other mutable values like cons cells, hash tables, and vectors?

Mutable Values (let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop))))

Mutable Values (let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop)))) lst = (cons #f ‘()) Same problem, different primitive

Mutable Values (let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop)))) lst = (cons [a] [b]) a = #f b = ‘()

Mutable Values But if we add to the purple box every time we make a list, we’ll have problems: §Even lists that never need to be saved get added §The purple box is never garbage-collected §There are too many constructors anyway!

Mutable Values §So instead, we get lazy! §Only add or update the purple box when we actually call read-from-web

Mutable Values (let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop)))) lst = (cons #f ‘())

Mutable Values (let ([lst '(#f)]) (let loop () (let ((r (read-from-web "Type a value"))) (append! lst (list r)) (loop)))) lst = (cons [a] [b]) a = #f b = ‘() In fact, we add all new mutable values reachable from the environment

But Won’t the Store Still Be Too Big? §Yes! §Even worse: the store never shrinks! §Cookies aren’t feasible §For now, put (some of) the store on the server

Security As it stands, attackers can make up anything as the blue and purple information!

Security (if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page))

Security (if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page)) The attacker can’t choose the red boxes, but can choose where the arrows point …

Security (if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page)) … And that’s bad enough!

Security A solution: §Encrypt the contents of the hidden fields and the cookies §Keep a secret key only on the server

Efficiency §We’ve got too many red boxes! §They make the program larger §More arrows means larger values in the hidden fields and longer page download times

A Solution §“Full” CPS is too much - we don’t need all the red boxes!

Efficiency (let ((n (read-from-web “Type a number: ”)) (m (read-from-web “and another: ”))) (display-to-web “The sum is: ” (+ n m))) The program never reaches (+ n m) without going directly on to display-to-web …

Efficiency (let ((n (read-from-web “Type a number: ”)) (m (read-from-web “and another: ”))) (display-to-web “The sum is: ” (+ n m))) … so we can combine the two boxes!

Security (if (valid? (read-from-web "Password:”)) (display-secret-page) (display-error-page)) This also helps with security: No guarantees The attacker can’t name the display- secret-page box anymore

Conclusions §Even in a real language, we can compile direct-style programs into CGI style so they can run on Apache §It’s important to try out theories by scaling them to real-sized applications

Thank You!