Presentation is loading. Please wait.

Presentation is loading. Please wait.

>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.

Published byAlbert Daniel Modified over 9 years ago

Similar presentations

Presentation on theme: ">> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the."— Presentation transcript:

1 >> PHP: Access Control & Security

2 Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the PHP page External Database The username and password information is stored on a file on the server. Stored in an external database TRY NOW 1.Open phpMyAdmin 2.Create a new table called user with fields: username, password 3.Add one row with the username and password for the admin 2 Web-Based Systems - Misbhauddin

3 Authentication: Prompt Authentication Prompt PHP Method (built-in) Use the header() function to send an "Authentication Required" message to the client browser User Designed The designer/developer implements the form that prompts the user for the username and password 3 Web-Based Systems - Misbhauddin

4 PHP Built-in Authentication 2. Authentication Required 2. return $_SERVER 3. Pop-up form 1. Parse the php file PHP_AUTH_PWPHP_AUTH_USER $_SERVER header('WWW-Authenticate: Basic realm="My Realm"'); header('HTTP/1.0 401 Unauthorized'); 4 Web-Based Systems - Misbhauddin

5 Authentication: Access User Recognition Cookies Returned and stored in the user's browser Sessions Session data is stored on your web server (often stored in a public temporary directory on the server) Life span of a cookie can be set to almost any duration Sessions have a predetermined short life (depends on php config) 5 Web-Based Systems - Misbhauddin

6 Cookies Steps Step 1: After checking if the username/password is correct, set the cookie setcookie (name, value, expire) Expire automatically when the user closes his/her web browser Step 2: On each secure page, retrieve and check whether the cookie is set $_COOKIE[name] Step 3: On logout, unset the cookie setcookie (name, value, expire) Set the value to “ “ Set to a value in past 6 Web-Based Systems - Misbhauddin

7 Sessions Steps Step 1: Before you can begin storing user information in your PHP session, you must first start the session session_start(); Step 2: After checking if the username/password is correct, set the session $_SESSION[name] = value; Step 3: On each secure page, retrieve and check whether the session variable is set Step 4: On logout, unset the session variable & destroy the session unset($_SESSION[name]); session_destroy(); 7 Web-Based Systems - Misbhauddin

8 ENCRYPTION PHP

9 MD5 MD5 (Message-Digest) takes as input a message of arbitrary length and produces as output a "fingerprint" or "message digest" of the input 32 hex digits (128-bit) Based on the RSA Algorithm 9 Web-Based Systems - Misbhauddin MD5(‘w3resource’) = b273cb2263eb88f61f7133cd308b4064 Storing in the database INSERT INTO users (username,password) VALUES (‘$user','md5(‘$password'))’ Using in PHP if (md5($pwd) == value returned from the DB)

10 AES AES (Advance Encryption Standard) function encodes the data with a 128 bits key length but it can be extended up to 256 bits key length 10 Web-Based Systems - Misbhauddin AES_ENCRYPT(str, key_str); Encryption INSERT INTO user VALUES (‘$user’, AES_ENCRYPT('mytext','passw')); Decryption if (AES_DECRYPT($pwd,key) == value returned from the DB) Encryption Key String Input AES_DECRYPT(crypt_str, key_str); Encryption Key Encrypted Text

Download ppt ">> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the."

Similar presentations

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)

UFCE8V-20-3 Information Systems Development 3 (SHAPE HK)
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.

V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
WEB2P security Java web application security Dr Jim Briggs.

WEB2P security Java web application security Dr Jim Briggs.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
Crawling The Web. Motivation By crawling the Web, data is retrieved from the Web and stored in local repositories Most common example: search engines,

Crawling The Web. Motivation By crawling the Web, data is retrieved from the Web and stored in local repositories Most common example: search engines,
CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie(name, value, expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.

CSE 154 LECTURE 13: SESSIONS. Expiration / persistent cookies setcookie("name", "value", expiration); PHP $expireTime = time() + 60*60*24*7; # 1 week.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
Sql Server Advanced Features MIS 424 Professor Sandvig.

Sql Server Advanced Features MIS 424 Professor Sandvig.
Electronic Mail Security

Electronic Mail Security
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.

Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.

CSC 2720 Building Web Applications Cookies, URL-Rewriting, Hidden Fields and Session Management.
269200 Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.

Web Programming Language Week 7 Dr. Ken Cosh Security, Sessions & Cookies.
Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada

Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada

Similar presentations

Ads by Google