Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Stepped Up Persistent User Data Protected Content.

Published byΙάνθη Λαιμός Modified over 5 years ago

Similar presentations

Presentation on theme: "Authentication Stepped Up Persistent User Data Protected Content."— Presentation transcript:

1 Authentication Stepped Up Persistent User Data Protected Content.
* Lecture 15 Authentication Stepped Up Persistent User Data Protected Content. * Course logo spider web photograph from Morguefile openstock photograph by Gabor Karpati, Hungary.

2 First - Update on Hashing
Previous Lecture covered md5 using explicit salt There is a better way The password hash and verify pair. Also, in this lecture A step toward databases Object information in spreadsheets Users in comma-separated-value files 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

3 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz
A Better Way md5 is getting tired Today – password_hash() 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

4 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz
Blowfish Hashing 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

5 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz
12/5/2018

6 Back to Authentication
Where to store information? Up until now - hard coded info. This lecture we want info on disk. But how? Separate database server (not yet) Lightweight database system (not yet) In a plain file (yes!) But how to format the file? 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

7 Again – Learn by Example
12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

8 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz
Example 02: Learn Use of bcrypt in PHP Paired functions hash and verify Persistent store of user data (CSV) KISS principal sometimes applies. Protected pages, password control Protection through redirects The header command 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

9 Example 02: File Overview
admin.php: when logged in, see hash of alternative passwords. control.php: always include, redirects to login unless login established. footer.php: common page footer with links. header.php: common header with title. index.php: represents protected site content. login.php: implement password login with redirect when successful. logout.php: destroy session, redirect to login. support.php: function library, mostly to support creation, reading, and writing of users file. users.csv: list of site users and hashed passwords. 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

10 Overview - Persistence
Issue: Data Persistence 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

11 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz
Two Faces RAM Store user information as an array of User Object Instances Disk Store user information as a comma separated variable spreadsheet writeUsers() readUsers() CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz 12/5/2018

12 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz
Define a User Take note that if no user.csv file exists then a new default file is created. This bootstraps the system and avoids the problem of formatting a file from scratch. 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

13 Step Away from PowerPoint
Please study this example carefully! There is a lot to notice Try deleting the users.csv file Pay attention to redirects! Study password hashing and verification Ask yourself: Why no web interface to set password? 12/5/2018 CSU CT 310 Web Development ©Ross Beveridge and Jaime Ruiz

Download ppt "Authentication Stepped Up Persistent User Data Protected Content."

Similar presentations

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
The Collections Keeper A collections management system Brian J. Mullen.

The Collections Keeper A collections management system Brian J. Mullen.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.

Lecture 7 Interaction. Topics Implementing data flows An internet solution Transactions in MySQL 4-tier systems – business rule/presentation separation.
Advanced Web 2012 Lecture 12 Sean Costain 2012. Course Summary Sean Costain 2012 To develop skills in web design and authoring  Html 5 / CSS 3 / PHP.

Advanced Web 2012 Lecture 12 Sean Costain Course Summary Sean Costain 2012 To develop skills in web design and authoring  Html 5 / CSS 3 / PHP.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Feedback #2 (under assignments) Lecture Code:

Feedback #2 (under assignments) Lecture Code:
Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.

Nic Shulver, Introduction to Sessions in PHP Sessions What is a session? Example Software Software Organisation The login HTML.
Chapter 6: Authentications. Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification.

Chapter 6: Authentications. Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification.
Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.

Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.
1. 2 3 GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.

GOAL User Interactive Web Interface Update Pages by Club Officers Two Level of Authentication.
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.

Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
DataFlow Diagram – Level 0

DataFlow Diagram – Level 0
Database Access Control IST2101. Why Implementing User Authentication? Remove a lot of redundancies in duplicate inputs of database information – Your.

Database Access Control IST2101. Why Implementing User Authentication? Remove a lot of redundancies in duplicate inputs of database information – Your.
Advanced Web 2012 Lecture 11 Sean Costain 2012.

Advanced Web 2012 Lecture 11 Sean Costain 2012.
IS2803 Developing Multimedia Applications for Business (Part 2) Lecture 1: Introduction to IS2803 Rob Gleasure

IS2803 Developing Multimedia Applications for Business (Part 2) Lecture 1: Introduction to IS2803 Rob Gleasure
LOGIN FORMS.

LOGIN FORMS.
DATABASE ACCESS CONTROL IST210 1. Question Almost every PHP page needs to interact with database, does that mean sqlUsername and sqlPassword need to be.

DATABASE ACCESS CONTROL IST Question Almost every PHP page needs to interact with database, does that mean sqlUsername and sqlPassword need to be.
Brad N Greenwood, PhD MBA

Brad N Greenwood, PhD MBA

Similar presentations

Ads by Google