Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Systems Development (CSC-215)

Published byCorentin Durand Modified over 6 years ago

Similar presentations

Presentation on theme: "Web Systems Development (CSC-215)"— Presentation transcript:

1 Web Systems Development (CSC-215)
Lecture 13: HTTP Authentication

2 Class Test 3 Wednesday 4th April Lecture 12 & 13
Lab question (remember to bring laptops)

3 Saving State Query strings Cookies HTTP authentication Sessions

4 HTTP Authentication Uses web server to manage users and passwords for the application Adequate for simple applications that require logins – but not enough for specialized needs

5 How does it work? PHP sends header request asking to start an authentication dialog with the browser Server must have this feature turned on for it to work (setting is usually on in most cases)

6

7 On Cancel

8

9 After entry

10

11 Note After username & password have been entered, all browser instances need to be closed to run the script from scratch

12 Check for valid username and password

13 Storing User Names & Passwords
Use databases, but even there, storing in plain text is not the best idea Use a one-way function Converts a string of text into a seemingly random string One way, so virtually impossible to reverse Output can therefore be saved in database Even if someone manages to access it, it will be unusable

14 Storing User Names & Passwords
Algorithms no longer recommended for use: md5, sha1, sha2 Use PHP hash function with the ripemd algorithm Returns 32 character hexadecimal number

15

16 Hash function benefit Just update function when there are developments in security algorithms

17 Salting To overcome deficiencies in hashing (use brute force on database of known tokens) Simply addition of some text that only you (the programmer) know of

18

19 Create user table and add two accounts

20

21

22

23

24 Proper User Authentication

25

26

27

28 Practice Activity Create a database of three users via script
Implement the authentication script (as give in the previous slides)

29 Lecture content adapted from chapter 13 of Learning PHP, MySQL, JavaScript, CSS & HTML5 & chapter 10 of Beginning PHP 5.3

Download ppt "Web Systems Development (CSC-215)"

Similar presentations

Chapter 6 Server-side Programming: Java Servlets

Chapter 6 Server-side Programming: Java Servlets
Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK) Lecture 3 PHP (2) : Functions, User Defined Functions & Environment Variables.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.

IS 360 Course Introduction. Slide 2 What you will Learn (1) The role of Web servers and clients How to create HTML, XHTML, and HTML 5 pages suitable for.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Multiple Tiers in Action

Multiple Tiers in Action
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!

INTRO TO MAKING A WEBSITE Mark Zhang.  HTML  CSS  Javascript  PHP  MySQL  …That’s a lot of stuff!
Chapter 4 Mixing PHP and HTML  In this chapter, you’ll learn how to do the following: -Recognize and use the different kinds of PHP start and end tags.

Chapter 4 Mixing PHP and HTML  In this chapter, you’ll learn how to do the following: -Recognize and use the different kinds of PHP start and end tags.
Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.

Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.

About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.

© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.

Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.

David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.

Similar presentations

Ads by Google