Web Server Design Week 11 Old Dominion University

Slides:



Advertisements
Similar presentations
A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.
Advertisements

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Web Programming Week 10 Old Dominion University Department of Computer Science CS 418/518 Fall 2010 Martin Klein 11/02/10.
Web Server Design Week 5 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/10/10.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.
Set 13: Web Servers (configuration and security) (Chapter 21) IT452 Advanced Web and Internet Systems.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
Apache Security Travis Jeffries. Introduction Authentication and Authorization Strict Access Methods Defending against Attacks Bad CGI Programs Apache.
Web Server Design Week 4 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/03/10.
Web Server Design Assignment #1: Basic Operations Due: 02/03/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.
Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.
Web Server Design Assignment #2: Conditionals & Persistence Due: 02/24/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010.
Web Server Design Week 13 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/7/10.
Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein.
Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues.
Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.
How to maintain state in a stateless web Shirley Cohen
SlideSet #18: HTTP Authentication
Web Server Design Assignment #3: Transfer Encoding & Content Negotiation Due: 03/24/2010 Old Dominion University Department of Computer Science CS 495/595.
COEN 350: Network Security E-Commerce Issues. Table of Content HTTP Authentication Cookies.
Web Server Design Week 12 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/31/10.
Web Server Design Week 10 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/17/10.
Web Server Design Week 5 Old Dominion University Department of Computer Science CS 495/595 Spring 2012 Michael L. Nelson 02/07/12.
Web Server Design Week 15 Old Dominion University Department of Computer Science CS 495/595 Spring 2009 Michael L. Nelson 4/20/09.
CS520 Web Programming Declarative Security (I) Chengyu Sun California State University, Los Angeles.
Web Server Design Week 3 Old Dominion University Department of Computer Science CS 495/595 Spring 2006 Michael L. Nelson 1/23/06.
Web Server Design Week 6 Old Dominion University Department of Computer Science CS 495/595 Spring 2006 Michael L. Nelson 2/13/06.
Communication protocols 2. HTTP Hypertext Transfer Protocol, is the protocol of World Wide Web (www) Client web browser Web server Request files Respond.
Lecture # 1 By: Aftab Alam Department Of Computer Science University Of Peshawar Internet Programming.
Authentication & Authorisation Is the user allowed to access the site?
Authentication & .htaccess
Enhanced Web Site Design Stanford University Continuing Studies CS 22
Web Server Design Assignment #5: Unsafe Methods & CGI
Web Server Design Assignment #4: Authentication
Web Server Design Assignment #2: Conditionals & Persistence
Web Server Design Week 11 Old Dominion University
Web Server Design Assignment #5 Extra Credit
Web Server Design Week 4 Old Dominion University
Web Server Design Week 15 Old Dominion University
Web Server Design Week 5 Old Dominion University
Web Server Design Week 13 Old Dominion University
Web Server Design Assignment #2: Conditionals & Persistence
Web Server Design Week 16 Old Dominion University
Web Server Design Week 16 Old Dominion University
Web Server Design Assignment #2: Conditionals & Persistence
Old Dominion University Department of Computer Science
Web Server Design Week 6 Old Dominion University
Web Server Design Week 10 Old Dominion University
Web Server Design Week 13 Old Dominion University
Web Server Design Week 13 Old Dominion University
Web Server Design Week 11 Old Dominion University
Chinese wall model in the internet Environment
Web Server Design Week 5 Old Dominion University
Web Server Design Week 4 Old Dominion University
Web Server Design Week 16 Old Dominion University
Web Server Design Week 12 Old Dominion University
Web Server Design Week 12 Old Dominion University
Web Server Design Week 14 Old Dominion University
Web Server Design Assignment #1: Basic Operations
Information Retrieval and Web Design
Introduction to Digital Libraries Assignment #2
Web Server Design Assignment #5 Extra Credit
Introduction to Digital Libraries Assignment #1
Old Dominion University Department of Computer Science
Introduction to Digital Libraries Assignment #2
Presentation transcript:

Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2006 Michael L. Nelson <mln@cs.odu.edu> 3/20/06

Authentication: Basic & Digest Defined in RFC-2617 Basic very simple sends password in the clear (very bad) suitable for personalization; not real security Digest uses cryptographic hashes; password not sent in the clear stronger than Basic, but client support not as prevalent does not encrypt content… SSL, SHTTP or equivalent needed for that

Authentication Structure Both methods are structurally similar: when the server receives a request for a protected resource, it responds with: status code “401 Unauthorized” “WWW-Authenticate:” response header the client reissues the same request with the addition of: “Authorization:” request header

Basic “WWW-Authenticate:” response header: WWW-Authenticate: Basic realm=”ODU-CS-595-S06" auth type opaque string to differentiate auth files “Authorization:” request header: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== auth type Base64(username:password)

Scenario client server scenario 2: the client could have sent the GET foo HTTP/1.1 client server 401 Unauthorized WWW-Authenticate: Basic realm=“xyz” GET foo HTTP/1.1 Authorization: Basic mln:gohokies! 200 OK scenario 2: the client could have sent the Authorization string with the initial request mln:gohokies! would be base64’d

How Apache Does It… (Note: we’re not going to do it this way!) In either <Directory> entries in the config file, or “.htaccess” files in directories: AuthType Basic AuthName "Restricted Files" AuthUserFile /usr/local/apache/passwd/passwords Require user rbowen Many more options possible: http://httpd.apache.org/docs/2.0/howto/auth.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.