img {border-radius: 15px; height: 40%; width: auto; border-style: solid; border-color: blue; }"> img {border-radius: 15px; height: 40%; width: auto; border-style: solid; border-color: blue; }">

Presentation is loading. Please wait.

Presentation is loading. Please wait.

Creating Databases CSS example. One-way encryption. Passwords. Security issues. Work session.. Homework: Making unique posting on encryption, passwords,

Published byLucy McKenzie Modified over 8 years ago

Similar presentations

Presentation on theme: "Creating Databases CSS example. One-way encryption. Passwords. Security issues. Work session.. Homework: Making unique posting on encryption, passwords,"— Presentation transcript:

1 Creating Databases CSS example. One-way encryption. Passwords. Security issues. Work session.. Homework: Making unique posting on encryption, passwords, security, Clinton email. Keep working on projects.

2 Stories problem A pesky user (namely me) uploaded a story referencing a big image. Challenge: without asking anything more from the user and also acting retroactively, create CSS to limit size of image.

3 @charset "utf-8"; /* CSS Document */ header {display:block; font-family: Garamond, serif; font-size: 30px; font-style:bold; } article {display:block; width: 80%; padding: 3px; font-family: Garamond, serif; font-size: 16px; border: 1px solid black; border-radius: 10px; } article > img {border-radius: 15px; height: 40%; width: auto; border-style: solid; border-color: blue; }

4 News stories? Big Data Behavioral marketing Privacy Net Neutrality ???

5 Passwords How can your security with respect to passwords be compromised?

6 Password advice Do what they force us (the faculty) to do at Purchase –change passwords often Don't put on paper that you leave around. Use different passwords. Monitor your bank, credit card, etc. ???

7 Password protection Over-the-shoulder: –use password type for input fields. –Use post and not get [use https connection. Needs cooperation of server.] Use one-way hash algorithm ???

8 Secure Hash Algorithm-256 Takes input and produces a digest (256 bits long) One-way: very difficult to decrypt it. Can be done on the server or on the client. –I will demonstrate on the client. Test is done digest vs digest. Protects against some inside jobs: someone may know the digest, but won't know the plain text to produce the digest.

9 Start of password system http://socialsoftware.purchase.edu/jeanine. meyer/research/register.htmlhttp://socialsoftware.purchase.edu/jeanine. meyer/research/register.html –probably never have this as part of a production application.

10 outline of register.html Register function encode() { …. }..

11 register.html User name Password Confirm password

12 function encode() { var pw1 = document.f.pw.value; if ((document.f.un.value.length<1) ||(pw1.length<1)) { alert("Need to enter User Name and Password. Please try again."); return false; } else if (pw1 == document.f.cpw.value) { document.f.pw.value = SHA256(pw1); document.f.cpw.value = ""; alert("document.f.pw.value now is "+document.f.pw.value); return true; } else { alert("passwords do not match. Please try again."); return false; }

13 Note After submitting the form, the encode function does [some] client side validation. It returns true if appropriate to continue to the action script It returns false if appropriate to return the form for the user to try again. Notice that the second password field is cleared if the two are the same Notice that the first password field is altered: document.f.pw.value = SHA256(pw1); So…only the encrypted (aka digest) is sent to server.

14 completereg.php Add song to database <?php require("opendbo.php"); $tname = "finders"; $finder = addslashes($_POST["un"]); $epw = $_POST["pw"]; $query = "INSERT INTO $tname values ('0','$finder','$epw')"; $result = mysqli_query($link,$query); if ($result) { print("The finder was successfully added. \n"); } else { print ("The finder was NOT successfully added. \n");} ?>

15 Remember computer systems are made up of –hardware –software –[networks] –people –procedures

16 Registration system Assign people passwords –Admin. does the registration just shown Provide way for users to change passwords Tradeoff: –randomly generated versus –one the player can remember

17 Change password scripts changepassword.html –show out of order, body first completechangepassword.php

18 User name Current password Password Confirm password Your browser does not recognize canvas

19 start of changepassword.html Change password

20 function encode() { var ctx= document.getElementById("canvas").getContext("2d"); ctx.clearRect(0,0,600,600); var pw1 = document.f.oldpw.value; var npw = document.f.newpw.value; if ((document.f.un.value.length<1) ||(pw1.length<1)) { alert("Need to enter User Name and Password. Please try again."); return false; } else if (npw == document.f.cpw.value) { document.f.oldpw.value = SHA256(pw1); document.f.newpw.value = SHA256(npw); document.f.cpw.value = document.f.newpw.value; return true; } else { drawroundedarrowbox(ctx,10,30,40,300,80,"Passwords do not match.",30,"black","pink"); return false; } }

21 Note Allows new email to be the same as current email. Many places do NOT allow this and some even go back in time.

22 completechangepw.php Complete change finder password <?php require("opendbo.php"); $tname = "finders"; $finder = $_POST["un"]; $epw1 = $_POST["oldpw"]; $epw2 = $_POST["newpw"]; $query = "UPDATE $tname SET epw = '$epw2' WHERE username = '$finder' AND epw = '$epw1'"; $result = mysqli_query($link, $query); if ($result) { print("The password was changed. \n"); } else { print ("The password was NOT successfully changed. \n"); } ?>

23 addsite scripts http://socialsoftware.purchase.edu/jeanine. meyer/research/addsite.htmlhttp://socialsoftware.purchase.edu/jeanine. meyer/research/addsite.html addsite.html –show body first addsite.php –tries to make addition and –presents new form for adding another site or going to one of the display scripts goes into and out of php

24 Site: Date: Site description: URL: Category: Username: Password: Save on this computer next time you invoke addsite?

25 addsite.html retrieves information from local Storage does the encoding: client side then server side handling Start of the file: Add website info, login

26 retrieveinfo function function retrieveinfo() { var savedun; var savedpw; try { savedun = localStorage.getItem("researchun"); savedpw = localStorage.getItem("researchpw"); if (savedun) { document.f.un.value = savedun; document.f.pw.value = savedpw; document.getElementById("greeting").innerHTML="Welcome Back."; document.f.saveok.value = "Yes"; } } catch(e) {} }

27 encode function function encode() { var pw1 = document.f.pw.value; if (document.f.saveok.value!="No") { try { localStorage.setItem("researchun",document.f.un.value); localStorage.setItem("researchpw",pw1); } catch(e) { alert("error on local storage "+e); } } else { //no saving, remove anything saved try { localStorage.removeItem("researchun"); localStorage.removeItem("researchpw"); } catch(e) { //alert("error on local storage "+e); } } if ((document.f.un.value.length<1) ||(pw1.length<1)) { alert("Need to enter User Name and Password. Please try again."); return false; } else { document.f.pw.value = SHA256(pw1); return true; } }

28 start of addsite.php Complete adding site to research table <?php require("opendbo.php"); $tname = "sitesfinders"; $stitle=addslashes($_POST["stitle"]); $sdate=$_POST["sdate"]; $sdesc=addslashes($_POST["sdesc"]); $surl=$_POST["surl"]; $scat = addslashes($_POST["scat"]); $un =$_POST['un']; $epw = $_POST['pw'];

29 $query = "SELECT * FROM finders WHERE username='$un' AND epw='$epw'"; $result = mysqli_query($link, $query); if ($row=mysqli_fetch_array($result)) { $fid = $row['finderid']; $query = "INSERT INTO $tname values ('0','$stitle','$sdate','$surl','$sdesc','$scat','$fid')"; $result = mysqli_query($link, $query); if ($result) { print("The site was successfully added. \n"); ?>

30 Add [another] web site? Site: Date: Site description: URL: Category:

31 <?php print ("Username: <input name='un' type='email' value='"); print ($un."' />"); print ("Password: "); ?>

32 Show all websites or Show sites for a category <?php } else { print ("The site was NOT successfully added. \n"); } else { print ("Problem with username and/or password and/or data."); } ?>

33 Where should (persistent) data go? localStorage (cookie) on client computer Database (s) Flat file on server –File with its own encoding XML file on server Decisions based on more than technical factors….

34 Fields of table Set up using php (or phpMyAdmin) in a certain order, set names, data types Two variations for INSERT –“INSERT INTO questions VALUES (‘0’,’$qtext’,’$atext’,$val)” Must use order used in creation step –“INSERT into questions (text,value,answer) VALUES (‘$qtext’, $val,’$atext’)”

35 Number of records After any SELECT, can query the number of records. $query = "SELECT * FROM tablename"; $result = mysqli_query($link,$query); $num_rows = mysqli_num_rows($result); echo $num_rows;

36 Homework Make unique posting on security, password, encryption, OR current kerfuffle involving Hillary Clinton’s use of private (vs.gov) email. –READ the reference and comment on it!!! Work on enhancement projects.

Download ppt "Creating Databases CSS example. One-way encryption. Passwords. Security issues. Work session.. Homework: Making unique posting on encryption, passwords,"

Similar presentations

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
PHP Scripts HTML Forms Two-tier Software Architecture PHP Tools.

PHP Scripts HTML Forms Two-tier Software Architecture PHP Tools.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Creating Databases applications for the Web Reprise. Basic HTML review, forms Preview: Server side vs client side Classwork: create HTML forms and check.

Creating Databases applications for the Web Reprise. Basic HTML review, forms Preview: Server side vs client side Classwork: create HTML forms and check.
Logins  You will need PHP to test this code, all modern web hosting companies will provide this, Lehigh does not.  I've given you an account on des170.com:

Logins  You will need PHP to test this code, all modern web hosting companies will provide this, Lehigh does not.  I've given you an account on des170.com:
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
Tutorial #9 – Creating Forms. Tutorial #8 Review – Tables Borders (table, gridlines), Border-collapse: collapse; empty-cells: show; and rowspan, colspan.

Tutorial #9 – Creating Forms. Tutorial #8 Review – Tables Borders (table, gridlines), Border-collapse: collapse; empty-cells: show; and rowspan, colspan.
SYST 10199 Web Development 2 SYST 10199 Web Development 2 Course Overview and Introduction Client/Server Overview.

SYST Web Development 2 SYST Web Development 2 Course Overview and Introduction Client/Server Overview.
1Computer Sciences Department Princess Nourah bint Abdulrahman University.

1Computer Sciences Department Princess Nourah bint Abdulrahman University.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Creating databases for web applications Walk before run? Songs with features example. Retrieve information from database. Recordsets. Arrays. Loops. Homework:

Creating databases for web applications Walk before run? Songs with features example. Retrieve information from database. Recordsets. Arrays. Loops. Homework:
Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.

Class 8Intro to Databases Authentication and Security Note: What we discuss in class today covers moderate to low security. Before you involve yourself.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.

CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
HTML II. Factors to consider in designing a website. Organizing your files. HTML Tables. Unordered Lists. Ordered Lists. HTML Forms. Learning Objectives.

HTML II. Factors to consider in designing a website. Organizing your files. HTML Tables. Unordered Lists. Ordered Lists. HTML Forms. Learning Objectives.
Creating a Web Site to Gather Data and Conduct Research.

Creating a Web Site to Gather Data and Conduct Research.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.

Similar presentations

Ads by Google