Presentation is loading. Please wait.

Presentation is loading. Please wait.

Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues.

Published byGeorgiana Davis Modified over 9 years ago

Similar presentations

Presentation on theme: "Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues."— Presentation transcript:

1 Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues.

2 Krerk Piromsopa. 2 Content Cookies Sessions Database connection Persistence connection HTTP header HTTP authentication File Uploading CGI Specification

3 Krerk Piromsopa. 3 Cookies PERSISTENT CLIENT STATE Set-Cookie HTTP Response Set-Cookie: NAME=VALUE; expires=DATE;path=PATH; domain=DOMAIN_NAME; secure HTTP Request Header Cookie: NAME1=OPAQUE_STRING1; NAME2=OPAQUE_STRING2...

4 Krerk Piromsopa. 4 Sessions Preserve certain data across subsequent accesses Cookies Mechanism

5 Krerk Piromsopa. 5 Database Connection CGI Application Interface to Database Each Web Connection with particular Database Connection

6 Krerk Piromsopa. 6 Persistent Database Connections links that do not close when the execution of your script ends same host, with the same username and the same password Require extra-ordinary Server Configuration.

7 Krerk Piromsopa. 7 HTTP Basic Access Authentication Header Part (Server). WWW-Authenticate: Basic realm=“Test Authentication System” HTTP/1.0 401 Unauthorized Header Part (Client) Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== userid ":" password (Base-64 Encoder) Whole Site Authentication. Base-64 Encoder

8 Krerk Piromsopa. 8 Base 64 Encoder 3x8bit to 4x6bit

9 Krerk Piromsopa. 9 HTTP Digest Access Authentication Header Part (Server). HTTP/1.1 401 Unauthorized WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600 bfb0c093", opaque="5ccc069c403ebaf9f0171e951 7f40e41” Level Support MD5 Encoder (More Secure) Header Part(Client) Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f 600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a0539745097 8507c4ef1", opaque="5ccc069c403ebaf9f0171e951 7f40e41"

10 Krerk Piromsopa. 10 File Uploading PUT method (used by clients such as Netscape Composer and W3C Amaya) –PUT /path/filename.html HTTP/1.1 Form POST Method Send this file:

11 Krerk Piromsopa. 11 CGI 1.1 Specification Environment –SERVER_SOFTWARE –SERVER_NAME –GATEWAY_INTERFACE –SERVER_PROTOCOL –SERVER_PORT –REQUEST_METHOD –PATH_INFO –PATH_TRANSLATED –SCRIPT_NAME –QUERY_STRING –REMOTE_HOST –REMOTE_ADDR –AUTH_TYPE –REMOTE_USER –REMOTE_IDENT –CONTENT_TYPE –CONTENT_LENGTH –HTTP_ACCEPT –HTTP_USER_AGENT Command Line –http://www…./test?hello –Execute ‘test hello’

12 Krerk Piromsopa. 12 CGI 1.1 Specification (cont.) Standard Input –POST or PUT Standard Output (No server directives) –Content-type –Location –(status line) Example HTTP/1.0 200 OK Server: NCSA/1.0a6 Content-type: text/plain [Data] Simple CGI with Sheel Script #! /bin/sh echo "Content-type: text/plain" echo "" echo "Hello World"; set

13 Krerk Piromsopa. 13 Reference Ref : http://wp.netscape.com/newsref/std/cookie_spec.html http://www.w3c.org HTTP Authentication: Basic and Digest Access Authentication (RFC 2617) http://hoohoo.ncsa.uiuc.edu/cgi/interface.html

Download ppt "Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues."

Similar presentations

CGI Scripting and Vulnerabilities COEN 351: E-commerce Security  Thomas Schwarz, S.J. 2006.

CGI Scripting and Vulnerabilities COEN 351: E-commerce Security  Thomas Schwarz, S.J
HTTP Cookies. CPSC 441 - Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.

HTTP Cookies. CPSC Application Layer 2 User-server state: cookies Many major Web sites use cookies Four components: 1) cookie header line of HTTP.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
How does the server format the information it gives to the appln program? As environment variables and in standard input.

How does the server format the information it gives to the appln program? As environment variables and in standard input.
Configuring Apache Server and Perl for CGI T.A. Maisa Khudair Dr. Qusai Abu Ein.

Configuring Apache Server and Perl for CGI T.A. Maisa Khudair Dr. Qusai Abu Ein.
CGI. XML2 Common Gateway Interface n Georgia Tech 1995 Web Usage Survey –Perl - 46.7% –C - 12.5% –Shell Scripts - 8.1% –Tcl - Tool Commercial Language.

CGI. XML2 Common Gateway Interface n Georgia Tech 1995 Web Usage Survey –Perl % –C % –Shell Scripts - 8.1% –Tcl - Tool Commercial Language.
CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT 740 Class.

CPSC 441: FTP & SMTP1 Application Layer: FTP & Instructor: Carey Williamson Office: ICT Class.
Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.

Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
1 Web Servers Web Protocols and Practice Chapter 4.

1 Web Servers Web Protocols and Practice Chapter 4.
CGI Programming Languages Web Based Software Development July 21, 2005 Song, JaeHa.

CGI Programming Languages Web Based Software Development July 21, 2005 Song, JaeHa.
Common Gateway Interface

Common Gateway Interface
Ch27 - Common Gateway Interface (CGI) and Perl

Ch27 - Common Gateway Interface (CGI) and Perl
Cookies & Friends.

Cookies & Friends.
Overview A plain HTML document is static A CGI program is executed in real-time, so that it can output dynamic information. CGI (Common Gateway Interface)

Overview A plain HTML document is static A CGI program is executed in real-time, so that it can output dynamic information. CGI (Common Gateway Interface)
CP3024 Lecture 3 Server Side Facilities. Lecture contents  Server side includes  Common gateway interface (CGI)  PHP Hypertext Preprocessor (PHP) pages.

CP3024 Lecture 3 Server Side Facilities. Lecture contents  Server side includes  Common gateway interface (CGI)  PHP Hypertext Preprocessor (PHP) pages.
Server-Side Web Applications CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University Content.

Server-Side Web Applications CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University Content.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Similar presentations

Ads by Google