Presentation is loading. Please wait.

Presentation is loading. Please wait.

We will cover in this lecture A first look at issues related to Security Maintenance Scalability Simple Three Tier Architecture Module Road Map Assignment.

Published byRegina Scott Modified over 8 years ago

Similar presentations

Presentation on theme: "We will cover in this lecture A first look at issues related to Security Maintenance Scalability Simple Three Tier Architecture Module Road Map Assignment."— Presentation transcript:

1

2 We will cover in this lecture A first look at issues related to Security Maintenance Scalability Simple Three Tier Architecture Module Road Map Assignment 1 Road Map/Claims for Credit

3 Internet Software Not web sites! We experience the web as users there is much more behind the scenes we are interested in Some things we are interested in Security Maintenance Scalability

4 The DVD Swap Shop Used on the first year to teach programming Written in VB.NET Uses some of the concepts we teach in this module However it suffers from much poor design Available for download from the module web site / blackboard We shall look at a quick demo of what the program does

5 Security Issues The standard login for the program is User namemjdean@dmu.ac.uk Passwordpassword123 What happens if we use the following? User namehi' or '1'='1

6 SQL Injection Attacks SQL is a language designed for querying database It stands for Structured Query Language Most commonly abbreviated to SQL or Sequel (as in Sequel Server) We are going to use SQL later in this module and you will be learning it in a parallel module so it won’t do any harm to show you a little SQL now

7 The Offending SQL select * from Users where EMail = '" & EMail & "' and UserPassword = '" & Password & "'" With the following account mjdean@dmu.ac.uk password123 This concatenates to … select * from Users where EMail = 'mjdean@dmu.ac.uk' and UserPassword = 'password123'

8 The Injection Attack select * from Users where EMail = '" & EMail & "' and UserPassword = '" & Password & "'" With the following “account” hi' or '1'='1 This concatenates to … select * from Users where EMail = 'hi' or '1'='1' and UserPassword = 'hi' or '1'='1'

9 How it Works The single speech mark has terminated the string early Since 1 always equals 1 we return all of the records There are more than zero records so it logs the user in as the first account The first user on any system is often the administrator This is not a lesson on SQL injection attacks it does server to illustrate the vulnerabilities of poor architecture

10 Maintenance DVD Swap Shop built on Access Not the best choice for an internet application Change to another database e.g. SQL Server DVD.MDB becomes DVD.MDF

11 The Problem Web page 1 Database Name Web page 2 Database Name Web page 3 Database Name Web page 4 Database Name Conduit ClassDatabase 100 page site with ten references to the database per page = 1000 changes to the code!

12 Scalability How many of you have FaceBook or Twitter on your phone? How would we modify the DVD swap shop so there is a phone app that does the same? Re-design the pages However what do we do about the functionality?

13 Compare the Following Pages

14 Other Issues to Think About Dealing with International Markets Dealing with Different Computer Platforms

15 Dealing with International Markets

16 Amazon Search

17 Dealing with Different Computer Platforms Mobile Apps - Apple/Android/WinMo 7 Tablet computers e.g. iPad Windows Computers Linux machines Servers running Apache / IIS What is the technology that makes it possible to support such a range of platforms?

18 Simple Three Tier Architecture Presentation (Interface) Data Layer Database Middle Tier Business Logic (Objects/Classes)

19 Some Benfits The interface has no knowledge of the structure of the database Middle tier handles communication of data Database may be switched with no impact on interface All functionality in the middle tier This means we may bolt on many different interfaces

20 Multiple Interfaces Single System Presentation (Interface) Web browser Data Layer Database Middle Tier Business Logic (Objects/Classes) Presentation (Interface) Mobile phone app The big plus here is that if we change the functionality of the middle tier, any applications that are built on it instantly benefit.

21 Life is Never that Simple! Module Road Map

22 Assignment 1 Road Map

23 Claims for Credit One interesting aspect of this module is that you have the facility of claiming credit for work that is not complete. If I were you I would make a start ASAP on creating parts of the system and then claiming credits for them from your tutor. This will help you in two ways 1. You may start obtaining your module marks 2. You may get feedback on work even if it is half baked

Download ppt "We will cover in this lecture A first look at issues related to Security Maintenance Scalability Simple Three Tier Architecture Module Road Map Assignment."

Similar presentations

CS 4720 Mobile Device Architecture CS 4720 – Web & Mobile Systems.

CS 4720 Mobile Device Architecture CS 4720 – Web & Mobile Systems.
Web Forms and ASP.NET Programming Right from the Start with Visual Basic.NET 1/e 12.

Web Forms and ASP.NET Programming Right from the Start with Visual Basic.NET 1/e 12.
Objectives In this session, you will learn to:

Objectives In this session, you will learn to:
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
OPC WPFHMI.NET.

OPC WPFHMI.NET.
What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.

What is it? –Large Web sites that support commercial use cannot be written by hand What you’re going to learn –How a Web server and a database can be used.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.

Design Aspects. User Type the URL address on the cell phone or web browser Not required to login.
2/11/2004 Internet Services Overview February 11, 2004.

2/11/2004 Internet Services Overview February 11, 2004.
An Overview of Database Access on the Web An Overview of Database Access on the Web Using ASP and Microsoft Database Technology Sheffield Hallam University.

An Overview of Database Access on the Web An Overview of Database Access on the Web Using ASP and Microsoft Database Technology Sheffield Hallam University.
Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.

Asper School of Business University of Manitoba Systems Analysis & Design Instructor: Bob Travica System architectures Updated: November 2014.
Inventory Management System With Berkeley DB 1. What is Berkeley DB? Berkeley DB is an Open Source embedded database library that provides scalable, high-

Inventory Management System With Berkeley DB 1. What is Berkeley DB? Berkeley DB is an Open Source embedded database library that provides scalable, high-
Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.

Web-Enabling the Warehouse Chapter 16. Benefits of Web-Enabling a Data Warehouse Better-informed decision making Lower costs of deployment and management.
Client/Server Computing. Information processing is distributed among several workstations and servers on a network, with each function being assigned.

Client/Server Computing. Information processing is distributed among several workstations and servers on a network, with each function being assigned.
N-Tier Architecture.

N-Tier Architecture.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

CSCI 6962: Server-side Design and Programming Course Introduction and Overview.

Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.

Basics of Web Databases With the advent of Web database technology, Web pages are no longer static, but dynamic with connection to a back-end database.

Similar presentations

Ads by Google