Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

Slides:



Advertisements
Similar presentations
Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.
Advertisements

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Maintenance Modifying the data –Add records –Delete records –Update records Modifying the design –Add fields into tables –Remove fields from a table –Change.
1 Chapter 12 Working With Access 2000 on the Internet.
Chapter 10 Managing State Information Using Sessions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 5 Database Application Security Models
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Database Application Security Models
Working with Workgroups and Domains
Using Data Active Server Pages Objectives In this chapter, you will: Learn about variables and constants Explore application and session variables Learn.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Session 11: Security with ASP.NET
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
IT533 Lectures Session Management in ASP.NET. Session Tracking 2 Personalization Personalization makes it possible for e-businesses to communicate effectively.
5.1 © 2004 Pearson Education, Inc. Lesson 5: Administering User Accounts Exam Microsoft® Windows® 2000 Directory Services Infrastructure Goals 
5 Chapter Five Web Servers. 5 Chapter Objectives Learn about the Microsoft Personal Web Server Software Learn how to improve Web site performance Learn.
CIS 375—Web App Dev II ASP II. 2 ASP Session: Introduction The Session _______ is used to store information about, or change settings for a user session.
Session 10: Managing State. Overview State Management Types of State Management Server-Side State Management Client-Side State Management The Global.asax.
State Management. What is State management Why State management ViewState QueryString Cookies.
ASP The Global.asa file Y.-H. Chen International College Ming-Chuan University Fall, 2004.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
1 Maryland ColdFusion User Group Session Management December 2001 Michael Schuler
Discovering Computers Fundamentals Fifth Edition Chapter 9 Database Management.
Cookies Web Browser and Server use HTTP protocol to communicate and HTTP is a stateless protocol. But for a commercial website it is required to maintain.
Dr. Azeddine Chikh IS444: Modern tools for applications development.
Christopher M. Pascucci Basic Structural Concepts of.NET Managing State & Scope.
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
PHP Workshop ‹#› Maintaining State in PHP Part II - Sessions.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
SessionsPHPApril 2010 : [‹#›] Maintaining State in PHP Part II - Sessions.
Module 11: Securing a Microsoft ASP.NET Web Application.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
Sessions in PHP – Page 1 of 13CSCI 2910 – Client/Server-Side Programming CSCI 2910 Client/Server-Side Programming Topic: Sessions in PHP Reading: Williams.
CSCI 6962: Server-side Design and Programming Java Server Faces Scoping and Session Handling.
MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.
Lecture Note 8: ASP Including Files and The Global.asa file.
CIS 451: Cookies Dr. Ralph D. Westfall February, 2009.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Session 1 Module 1: Introduction to Data Integrity
1 State and Session Management HTTP is a stateless protocol – it has no memory of prior connections and cannot distinguish one request from another. The.
How to maintain state in a stateless web Shirley Cohen
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Maintaining State in ASP. Problem - How do I maintain state information about the user  Several Methods –Cookies –Session variables –Hidden fields 
ITM © Port,Kazman 1 ITM 352 Cookies. ITM © Port,Kazman 2 Problem… r How do you identify a particular user when they visit your site (or any.
Application Object Controlling the Application Application Object Controlling the Application.
Active Server Pages Session - 3. Response Request ApplicationObjectContext Server Session Error ASP Objects.
Module 5: Managing Content. Overview Publishing Content Executing Reports Creating Cached Instances Creating Snapshots and Report History Creating Subscriptions.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
ASP – Web Programming Class  Ravi Anand. ASP – Active Server Pages What is ASP? - Microsoft Technology - Can Run using IIS/PWS/Others - Helps us create.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Architecture Review 10/11/2004
Cookies Tutorial Cavisson Systems Inc..
Y.-H. Chen International College Ming-Chuan University Fall, 2004
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Maintaining State in PHP Part II - Sessions
ASP.
MIS Professor Sandvig MIS 324 Professor Sandvig
Sessions Many interactive Web sites spread user data entry out over several pages: Ex: add items to cart, enter shipping information, enter billing information.
Maintaining State in PHP Part II - Sessions
Cookies A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer.
Presentation transcript:

Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach  A Multi-level Security Example

Client State Management & Application Security  Each request from a browser is regarded as an new request  Web servers have no memory of the state of each browser (client)  Stateless problems:  No concept of client identities  Cannot track client’s identities  Stateless is not acceptable for web applications that requires client identities Stateless Characteristics of Web

Client State Management & Application Security Persistence Levels of Client States

Client State Management & Application Security  A client session starts when the first web page is requested by a browser (client)  A client session ends when the client is inactive beyond specified time out period  A client session is specific to each client  Client session variables  Used to store information shared by all pages of a specific client  Undefined after time out  Can be introduced as needed  Each client session is identified by a unique session ID Client Session Definition

Client State Management & Application Security  An application is a collection of dynamic web pages stored in a directory tree  An application session starts when the first page of the application is requested by any client  An application session ends after time out or web server is shut down  Application variables  Store information shared by all clients  Can be defined as needed Application Definition

Client State Management & Application Security  Defined by a special page named as global.asa  Provides two events  application_onStart -- occurs when the application is visited first time by a client  application_onEnd -- occurs when the application is shut down ASP Application Sessions

Client State Management & Application Security  More than one client may modify an application variable concurrently  To allow only one client to change the application variable, locks can be used application.Lock application(“accountID”) = “ ” application(“clientName”) = “John Smith”> application.unlock Application Variable Changes

Client State Management & Application Security  Global.asa can contains two additional events:  Session_onStart -- when a session starts  Session_onEnd -- when a session is timed out  Session object properties  session.sessionID  session.timeout  seesion.codePage  session.LCID  Session object methods:  sessesion.abandon - stops a session ASP Session Variables

Client State Management & Application Security  Client sessions rely on cookies to work properly  When cookies are disabled, client sessions are lost  Web applications must  Detect whether cookies are set correctly  If cookies are not set correctly, should either stop the process and request the user to accept the cookies  If cookies are not acceptable solution, web applications must manage their own client sessions  Database can be used to store persistent client information Pros and Cons

Client State Management & Application Security  Requires no cookies  Use a database to  Keep user ID and password  Maintain a client session log table to track each page access by each client  At the first access  User enters assigned ID and password  System validate the ID and password  If no match, asks the user to log in again  If matches, create a client session log entry to include:  A system generated session key  User ID A Client State Management Example

Client State Management & Application Security  Access time  Pass the session key to the initial page  Subsequence visits:  Obtain the session key  Query the session log table to see if any entry matches the session key  If not found, request the user to log in first  If found, update the log table on the last access time  Pass the session key to the page The Example (Continued)

Client State Management & Application Security Client State Management Processes

Client State Management & Application Security A Multiple-Level Security Example  Different users have different access authorization  Need a centralized client session and security management

Client State Management & Application Security An Solution  Need an administration page for each type of users  Create a capability table to define the pages each user is allowed to access  Validate user’s log in and determine the user’s capability  Dynamically create the administration page based on the capability to include only links to pages the user is allowed to access

Client State Management & Application Security The Security Database Model

Client State Management & Application Security Summary  Client state management is an important task  Persistence of client state information is different from the type of client sessions  Client state management provided by application servers usually relies on cookies  Cookies-less approach should be used if cookies are not acceptable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.