Presentation is loading. Please wait.

Presentation is loading. Please wait.

Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach 

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach "— Presentation transcript:

1 Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach  A Multi-level Security Example

2 Client State Management & Application Security  Each request from a browser is regarded as an new request  Web servers have no memory of the state of each browser (client)  Stateless problems:  No concept of client identities  Cannot track client’s identities  Stateless is not acceptable for web applications that requires client identities Stateless Characteristics of Web

3 Client State Management & Application Security Persistence Levels of Client States

4 Client State Management & Application Security  A client session starts when the first web page is requested by a browser (client)  A client session ends when the client is inactive beyond specified time out period  A client session is specific to each client  Client session variables  Used to store information shared by all pages of a specific client  Undefined after time out  Can be introduced as needed  Each client session is identified by a unique session ID Client Session Definition

5 Client State Management & Application Security  An application is a collection of dynamic web pages stored in a directory tree  An application session starts when the first page of the application is requested by any client  An application session ends after time out or web server is shut down  Application variables  Store information shared by all clients  Can be defined as needed Application Definition

6 Client State Management & Application Security  Defined by a special page named as global.asa  Provides two events  application_onStart -- occurs when the application is visited first time by a client  application_onEnd -- occurs when the application is shut down ASP Application Sessions

7 Client State Management & Application Security  More than one client may modify an application variable concurrently  To allow only one client to change the application variable, locks can be used application.Lock application(“accountID”) = “123-876” application(“clientName”) = “John Smith”> application.unlock Application Variable Changes

8 Client State Management & Application Security  Global.asa can contains two additional events:  Session_onStart -- when a session starts  Session_onEnd -- when a session is timed out  Session object properties  session.sessionID  session.timeout  seesion.codePage  session.LCID  Session object methods:  sessesion.abandon - stops a session ASP Session Variables

9 Client State Management & Application Security  Client sessions rely on cookies to work properly  When cookies are disabled, client sessions are lost  Web applications must  Detect whether cookies are set correctly  If cookies are not set correctly, should either stop the process and request the user to accept the cookies  If cookies are not acceptable solution, web applications must manage their own client sessions  Database can be used to store persistent client information Pros and Cons

10 Client State Management & Application Security  Requires no cookies  Use a database to  Keep user ID and password  Maintain a client session log table to track each page access by each client  At the first access  User enters assigned ID and password  System validate the ID and password  If no match, asks the user to log in again  If matches, create a client session log entry to include:  A system generated session key  User ID A Client State Management Example

11 Client State Management & Application Security  Access time  Pass the session key to the initial page  Subsequence visits:  Obtain the session key  Query the session log table to see if any entry matches the session key  If not found, request the user to log in first  If found, update the log table on the last access time  Pass the session key to the page The Example (Continued)

12 Client State Management & Application Security Client State Management Processes

13 Client State Management & Application Security A Multiple-Level Security Example  Different users have different access authorization  Need a centralized client session and security management

14 Client State Management & Application Security An Solution  Need an administration page for each type of users  Create a capability table to define the pages each user is allowed to access  Validate user’s log in and determine the user’s capability  Dynamically create the administration page based on the capability to include only links to pages the user is allowed to access

15 Client State Management & Application Security The Security Database Model

16 Client State Management & Application Security Summary  Client state management is an important task  Persistence of client state information is different from the type of client sessions  Client state management provided by application servers usually relies on cookies  Cookies-less approach should be used if cookies are not acceptable

Download ppt "Client State Management & Application Security  Client State Management  Concept  ASP Examples  Application Security  Database Based Approach "

Similar presentations

Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.

Maintaining State Between the Client and Server Internet Programming Using VBScript and JavaScript 9.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.

Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.

CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 5 Database Application Security Models.
Maintenance Modifying the data –Add records –Delete records –Update records Modifying the design –Add fields into tables –Remove fields from a table –Change.

Maintenance Modifying the data –Add records –Delete records –Update records Modifying the design –Add fields into tables –Remove fields from a table –Change.
1 Chapter 12 Working With Access 2000 on the Internet.

1 Chapter 12 Working With Access 2000 on the Internet.
Chapter 10 Managing State Information Using Sessions.

Chapter 10 Managing State Information Using Sessions.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 11: Monitoring Server Performance.
An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.

An Authorization Service using.NET Passport ™ as underlying Authentication Scheme Bar-Hen Ron Hochberger Daniel Winter 2002 Technion – Israel Institute.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 5 Database Application Security Models

Chapter 5 Database Application Security Models
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.

Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
Delivering Excellence in Software Engineering ® 2006. EPAM Systems. All rights reserved. ASP.NET Authentication.

Delivering Excellence in Software Engineering ® EPAM Systems. All rights reserved. ASP.NET Authentication.
Database Application Security Models

Database Application Security Models
Working with Workgroups and Domains

Working with Workgroups and Domains
Using Data Active Server Pages Objectives In this chapter, you will: Learn about variables and constants Explore application and session variables Learn.

Using Data Active Server Pages Objectives In this chapter, you will: Learn about variables and constants Explore application and session variables Learn.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.

8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Similar presentations

Ads by Google