Download presentation
Presentation is loading. Please wait.
Published byGeorgiana Davis Modified over 9 years ago
1
Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues.
2
Krerk Piromsopa. 2 Content Cookies Sessions Database connection Persistence connection HTTP header HTTP authentication File Uploading CGI Specification
3
Krerk Piromsopa. 3 Cookies PERSISTENT CLIENT STATE Set-Cookie HTTP Response Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure HTTP Request Header Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2...
4
Krerk Piromsopa. 4 Sessions Preserve certain data across subsequent accesses Cookies Mechanism
5
Krerk Piromsopa. 5 Database Connection CGI Application Interface to Database Each Web Connection with particular Database Connection
6
Krerk Piromsopa. 6 Persistent Database Connections links that do not close when the execution of your script ends same host, with the same username and the same password Require extra-ordinary Server Configuration.
7
Krerk Piromsopa. 7 HTTP Basic Access Authentication Header Part (Server). WWW-Authenticate: Basic realm=“Test Authentication System” HTTP/1.0 401 Unauthorized Header Part (Client) Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== userid ":" password (Base-64 Encoder) Whole Site Authentication. Base-64 Encoder
8
Krerk Piromsopa. 8 Base 64 Encoder 3x8bit to 4x6bit
9
Krerk Piromsopa. 9 HTTP Digest Access Authentication Header Part (Server). HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600 bfb0c093", opaque="5ccc069c403ebaf9f0171e951 7f40e41” Level Support MD5 Encoder (More Secure) Header Part(Client) Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f 600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a0539745097 8507c4ef1", opaque="5ccc069c403ebaf9f0171e951 7f40e41"
10
Krerk Piromsopa. 10 File Uploading PUT method (used by clients such as Netscape Composer and W3C Amaya) –PUT /path/filename.html HTTP/1.1 Form POST Method Send this file:
11
Krerk Piromsopa. 11 CGI 1.1 Specification Environment –SERVER_SOFTWARE –SERVER_NAME –GATEWAY_INTERFACE –SERVER_PROTOCOL –SERVER_PORT –REQUEST_METHOD –PATH_INFO –PATH_TRANSLATED –SCRIPT_NAME –QUERY_STRING –REMOTE_HOST –REMOTE_ADDR –AUTH_TYPE –REMOTE_USER –REMOTE_IDENT –CONTENT_TYPE –CONTENT_LENGTH –HTTP_ACCEPT –HTTP_USER_AGENT Command Line –http://www…./test?hello –Execute ‘test hello’
12
Krerk Piromsopa. 12 CGI 1.1 Specification (cont.) Standard Input –POST or PUT Standard Output (No server directives) –Content-type –Location –(status line) Example HTTP/1.0 200 OK Server: NCSA/1.0a6 Content-type: text/plain [Data] Simple CGI with Sheel Script #! /bin/sh echo "Content-type: text/plain" echo "" echo "Hello World"; set
13
Krerk Piromsopa. 13 Reference Ref : http://wp.netscape.com/newsref/std/cookie_spec.html http://www.w3c.org HTTP Authentication: Basic and Digest Access Authentication (RFC 2617) http://hoohoo.ncsa.uiuc.edu/cgi/interface.html
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.