Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Programming Language

Published byBrice Hill Modified over 5 years ago

Similar presentations

Presentation on theme: "Web Programming Language"— Presentation transcript:

1 Web Programming Language
Chapter 7

2 Cookies, Sessions & Security
PHP Login Script Online Security Threats

3 Security Last chapter we allowed PHP scripts to write data to a database, but gave very little consideration to security. Security is a constantly evolving field, so this isn’t a complete guide to security. Security threats include SQL injections, Brute Force attacks In a calendar, only the owner of the calendar should be able to create appointments – but how do you find out who it is? Login through passwords? Form Validation? HTTP is a stateless protocol – each request is treated independently, and the server doesn’t keep track of the state of any client.

4 Cookies Small pieces of data sent from a website and stored in the user’s browser. The cookie could store whether a user is logged in, and some data about which user it is. Cookies are key=>value pairs Cookies can contain up to 4,096 bytes of data, and each domain could store up to 50 cookies Note – later we will discuss Local Storage from HTML5, which changes Cookies…

5 PHP & Cookies PHP can set cookies, using the setcookie() function.
$name = “user”; $value = “John”; setcookie($name, $value, time() + (60*60*24)); Notice that the cookie is set for a time period in seconds The cookie is then sent to the server along with any page request within the superglobal array $_COOKIE Similar to the $_POST and $_GET arrays discussed previously

6 PHP and Cookies The server can then check if the cookie exists and access it. if(isset($_COOKIE[‘user’])) { $user = $_COOKIE[‘user’]; } echo “Welcome “ . $user; Cookies will naturally expire, but can be deleted by setting a timestamp in the past setcookie(“user”, “John”, time() -1);

7 Sessions Cookies are stored on the client machine, while sessions are stored on the server, with an identifying cookie on the client. A session is a period of time when a user is doing some tasks – logging in, doing some tasks and then leaving. PHP sessions are created using a call to ‘session_start()’, after which variables can be stored in the $_SESSION super global array <?php session_start(); $_SESSION[‘name’] = “John”; echo $_SESSION[‘name’]; ?>

8 Sessions Session variables can be removed using
session_unset() Sessions can be completely removed using session_destroy()

9 Secure PHP Login Script
The book contains a tutorial for setting up a Login Script… An alternative is here… But…

10 Online Security Threats
SQL Injections Consider this SQL Query <?php $sql = “SELECT * FROM users WHERE username = ‘” . $username . “’;”; ?> If the user was to submit this ‘ OR ‘1’=’1’; DROP TABLE users; Without carefully processing the input, the server would see the following query SELECT * FROM users WHERE username = ‘’ OR ‘1’=’1’; DROP TABLE users; It is important to use Prepared Statements, and to escape a SQL statement using mysqli_real_escape_string()

11 Online Security Threats
Session Hijacking What if I was to steal your session?

12 Key Points HTTP is a stateless protocol, so the server doesn’t store the state of each client that connects to it. Cookies can be used to store data in the user’s browser so that the server can identify which browser has made the request. However, as they are stored on the client machine, the server has limited control over them. A session stores data on the server, with an identifying cookie on the client machine. Sessions can be used to secure certain webpages, meaning a user has to login to access it. Passwords should be secured before being sent over the web. SQL injections and session hijacking are just 2 security threats that users need to be protected from.

Download ppt "Web Programming Language"

Similar presentations

LIS651 lecture 3 taming PHP Thomas Krichel 2007-04-15.

LIS651 lecture 3 taming PHP Thomas Krichel
UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Website Development Registering Users – Introducing Cookies.

Website Development Registering Users – Introducing Cookies.
Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.

Using Session Control in PHP tMyn1 Using Session Control in PHP HTTP is a stateless protocol, which means that the protocol has no built-in way of maintaining.
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
Chapter 10 Maintaining State Information Using Cookies.

Chapter 10 Maintaining State Information Using Cookies.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
CSE 154 LECTURE 12: COOKIES. Including files: include include(filename); PHP include(header.html); include(shared-code.php); PHP inserts the entire.

CSE 154 LECTURE 12: COOKIES. Including files: include include("filename"); PHP include("header.html"); include("shared-code.php"); PHP inserts the entire.
269200 Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.

Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
Chapter 6: Authentications. Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification.

Chapter 6: Authentications. Training Course, CS, NCTU 2 Overview  Getting Username and Password  Verifying Username and Password  Keeping The Verification.
1 Chapter 9 – Cookies, Sessions, FTP, Email and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.

1 Chapter 9 – Cookies, Sessions, FTP, and More spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information Science.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.

STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.

COOKIES and SESSIONS. COOKIES A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each.
Web Database Programming Week 7 Session Management & Authentication.

Web Database Programming Week 7 Session Management & Authentication.

Similar presentations

Ads by Google