Group Name: PNT Group Members: Prabin Joshi and Ngoc Vu.

Slides:

Advertisements

Similar presentations

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.

Advertisements

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

Introduction The concept of “SQL Injection”

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.

TikTok The Web-Based Punchclock E. Edge J. Vu. Introduction Introduce Team Describe Our Project Architecture User Manual.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

A complete web app using flex. You can use the flex builder to generate the php (server side) code for a flex-php application. As before, Php connects.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Team - CA CSCI 5234 Web Security.  Collect and document information of ecommerce security mechanisms.  Using: wiki engine for collaboration.

Hosting Packages, FTP, and other Hacks 14 February 2012.

Additional SugarCRM details for complete, functional, and portable deployment.

PHP-MySQL By Jonathan Foss. PHP and MySQL Server Web Browser Apache PHP file PHP MySQL Client Recall the PHP architecture PHP can communicate with a MySQL.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section PHP and MySQL.

Powerpoint Templates Page 1 Powerpoint Templates Web Programming PHP MySql Ikbal Jamaludin.

INFM 603: Information Technology and Organizational Context Jimmy Lin The iSchool University of Maryland Thursday, October 18, 2012 Session 7: PHP.

Penetration Testing Training Day Capture the Flag Training.

Membership in ASP.Net...if only Presented by: Patrick Hynds President, CriticalSites Microsoft Regional Director.

SQL HW1 Turn in as a hardcopy at the start of next class period. You may work this assignment in groups.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Module 14: WCF Send Adapters. Overview Lesson 1: Introduction to WCF Send Adapters Lesson 2: Consuming a Web Service Lesson 3: Consuming Services from.

Customer Relationship Management. Content CRM SugarCRM System Requirement Installation Process Configuration.

Architecture Planning and designing a successful system Use tried and tested techniques Easy to maintain Robust and long lasting.

Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

Multifarious Project A personal -system Team Members Abdullah Alghamdi Metaib Alenzai Mohammed Alshehri Hamd Alshamsi.

Database Concepts CPTE 212 3/19/2015 John Beckett.

Login to a Database (from a Webpage), Inserting data into a database from a form, getting data from database and display on Webpage Done by: Mashail Alsolamy.

DATABASE TOOLS CS 260 Database Systems. Overview  Database accounts  Oracle SQL Developer  MySQL Workbench.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

Web Architecture Introduction

Security Considerations Steve Perry

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 The SqlConnection Object ADO.NET - Lesson 02  Training time: 10 minutes 

WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.

Attention After changing your internet browser (proxy) settings, you can only access those web sites allowed/directed by KHU Library. In order to browse.

Database Access Using JDBC BCIS 3680 Enterprise Programming.

Windows 7 WampServer 2.1 MySQL PHP 5.3 Script Apache Server User Record or Select Media Upload to Internet Return URL Forward URL Create.

Preventing MySQL Injection Sonja Parson COSC 5010 Security Presentation April 26, 2005.

Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.

How Web Database Architectures Work CPS181s April 8, 2003.

1 Connecting to a Database Server. 2 We all have accounts, with a single database each, on a Microsoft SQL Server on the USF network: allman.forest.usf.edu.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

MySQL Security on the Web By Nicholas Frees. Why MySQL? It’s free It’s free Open source Open source Highly configurable Highly configurable High volume.

START Application Spencer Johnson Jonathan Barella Cohner Marker.

ID8 TEAM 2012 Caroline Amaba Ryan Gavin Mike Hegadorn Greg McLeod John Scire Nirmal Rajan.

Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."

Stuff to memorise… "A method tells an object to perform an action. A property allows us to read or change the settings of the object."

Christopher Seeley, Ralph Mattiaccio Ken Bodzak, Will Abeel, Danielle Maginnis.

Wordpress. What is Wordpress? Wordpress is a content management system. It is free and easy to use. It allows you to build dynamic websites It is built.

PHP is a server scripting language, and a powerful tool for making dynamic and interactive Web pages. PHP is a widely-used, free, and efficient alternative.

sTGC production database design

Introduction to Dynamic Web Programming

WEB APPLICATION TESTING

Performed by: Taha shashtari Mahmoud shaka’a

HW7: Database Application

Web Systems Development (CSC-215)

Web-based Console for Controlling a Wireless Sensor Network (WeConWSN)

PHP: Security issues FdSc Module 109 Server side scripting and

Web Systems Development (CSC-215)

Chapter 13 Security Methods Part 3.

MySQL Backup, Transfer and Restore

Create New User in Database. First Connect the System.

MySQL Web Application Connecting to a MySQL database

PHP Forms and Databases.

CS3220 Web and Internet Programming SQL and MySQL

Presentation transcript:

Group Name: PNT Group Members: Prabin Joshi and Ngoc Vu

Content Technology Used Functions Security Issues System Configuration SSH Configuration Database Schema Demo

Techology Three tier web application Web technology: PHP Web server: Apache Database: Mysql Server

Functions Users Post articles, write comment on particular article Create group and mange group permission (access control) Each user and article can be ranked Admin Manage groups and users on entire system Collect statistics about user behaviors (group activity, user activity …)

Security Issues Password hashing with salt User account activation code sending to Recaptcha Sql Injection prevention (using mysql_real_escape_string function) Secure connection between web browser and web server. Future work: support secure connection between web application and database (mysql) using ODBC driver and SSH

System Configuration

SSH Configuration (uhcl1) (uhcl2) – Forward port 3306 of uhcl1 to port 3307 of uhcl2 – Connection string for ODBC driver: localhost:3307, username, password

Database Schema UsersGroups ArticlesComments Permission s *1 ** create has 11 * **

DEMO