Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Server Design Week 11 Old Dominion University

Published byたみえ えんの Modified over 5 years ago

Similar presentations

Presentation on theme: "Web Server Design Week 11 Old Dominion University"— Presentation transcript:

1 Web Server Design Week 11 Old Dominion University
Department of Computer Science CS 495/595 Spring 2006 Michael L. Nelson 3/20/06

2 Authentication: Basic & Digest
Defined in RFC-2617 Basic very simple sends password in the clear (very bad) suitable for personalization; not real security Digest uses cryptographic hashes; password not sent in the clear stronger than Basic, but client support not as prevalent does not encrypt content… SSL, SHTTP or equivalent needed for that

3 Authentication Structure
Both methods are structurally similar: when the server receives a request for a protected resource, it responds with: status code “401 Unauthorized” “WWW-Authenticate:” response header the client reissues the same request with the addition of: “Authorization:” request header

4 Basic “WWW-Authenticate:” response header:
WWW-Authenticate: Basic realm=”ODU-CS-595-S06" auth type opaque string to differentiate auth files “Authorization:” request header: Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== auth type Base64(username:password)

5 Scenario client server scenario 2: the client could have sent the
GET foo HTTP/1.1 client server 401 Unauthorized WWW-Authenticate: Basic realm=“xyz” GET foo HTTP/1.1 Authorization: Basic mln:gohokies! 200 OK scenario 2: the client could have sent the Authorization string with the initial request mln:gohokies! would be base64’d

6 How Apache Does It… (Note: we’re not going to do it this way!)
In either <Directory> entries in the config file, or “.htaccess” files in directories: AuthType Basic AuthName "Restricted Files" AuthUserFile /usr/local/apache/passwd/passwords Require user rbowen Many more options possible:

Download ppt "Web Server Design Week 11 Old Dominion University"

Similar presentations

A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.

A digression The next feature of programming HTTP clients that we will consider is user authentication Before considering that, however, we will digress.
The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.

The Basic Authentication Scheme of HTTP. Access Restriction Sometimes, we want to restrict access to certain Web pages to certain users A user is identified.
Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.

Apache Access Controls. Ways to control Allow/Deny access control –By IP –By domain name Password –Apache managed passwords –Realms.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Web Programming Week 10 Old Dominion University Department of Computer Science CS 418/518 Fall 2010 Martin Klein 11/02/10.

Web Programming Week 10 Old Dominion University Department of Computer Science CS 418/518 Fall 2010 Martin Klein 11/02/10.
Web Server Design Week 5 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/10/10.

Web Server Design Week 5 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/10/10.
An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.

An introduction to Apache. Different Types of Web Servers Apache is the default web server for may Unix servers. IIS is Microsoft’s default web server.
IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.

IT:Network:Apps.  Microsoft Web Server ◦ Used by ~ 50% of Fortune 500 companies  Comes with Server OS  Expandable  Easy to use.
Set 13: Web Servers (configuration and security) (Chapter 21) IT452 Advanced Web and Internet Systems.

Set 13: Web Servers (configuration and security) (Chapter 21) IT452 Advanced Web and Internet Systems.
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.

Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
Apache Security Travis Jeffries. Introduction Authentication and Authorization Strict Access Methods Defending against Attacks Bad CGI Programs Apache.

Apache Security Travis Jeffries. Introduction Authentication and Authorization Strict Access Methods Defending against Attacks Bad CGI Programs Apache.
Web Server Design Week 4 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/03/10.

Web Server Design Week 4 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 2/03/10.
Web Server Design Assignment #1: Basic Operations Due: 02/03/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.

Web Server Design Assignment #1: Basic Operations Due: 02/03/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin.
Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.

Web Server Design Week 11 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 3/24/10.
Web Server Design Assignment #2: Conditionals & Persistence Due: 02/24/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010.

Web Server Design Assignment #2: Conditionals & Persistence Due: 02/24/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010.
Web Server Design Week 13 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/7/10.

Web Server Design Week 13 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/7/10.
Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein.

Web Server Design Assignment #4: Authentication Due: 04/14/2010 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein.
Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues.

Krerk Piromsopa. 1 Department of Computer Engineering. Chulalongkorn University. Web Application Generic Issues.

Similar presentations

Ads by Google