Presentation is loading. Please wait.

Presentation is loading. Please wait.

Putting it all together Dynamic Data Base Access and Authentication Norman White Stern School of Business.

Published byJayson Cunningham Modified over 8 years ago

Similar presentations

Presentation on theme: "Putting it all together Dynamic Data Base Access and Authentication Norman White Stern School of Business."— Presentation transcript:

1 Putting it all together Dynamic Data Base Access and Authentication Norman White Stern School of Business

2 Advanced Web Solutions Question – How do I add the capability to query/update a data base from a WEB page Answers – Need a Client/Server data base Oracle, SQL Server tec. – Need tools to access data base Active Server pages PERL JAVA (JDBC) Java Servlets Cold Fusion Etc…

3 Data Driven WEB Pages Many business applications depend on knowledge of the current environment which is often available in a database somewhere Need to “WEB-Enable” applications, so customer, supplier etc. can interact directly with a companies database. Database changes are automatically immediately available on web site

4 Example Active Server Pages ASP files are Visual Basic or Java programs which can be mixed with HTML The WEB server executes the ASP code as it generates the WEB page. – Code runs on the Server side, client never sees it – Code can dynamically access/update one or more databases Only runs on Microsoft web servers, but similar applications run cross platform (PHP, Cold Fusion, Java Servlets etc.)

5 Simple ASP Example Hello.asp – What Day is it? – Hello, Today is Bye

6 ASP Database Access Results <% SQL = “SELECT * FROM CUSTOMERS;” Set DBOBJ = server.createobject(“adodb.connection”) Dbobj.open=“dsn=nwind;uid=;pid=;” Set oRS = DBOBJ.execute(SQL) %>

7 Continued Customers

8 Output Customers – Id1, Company1 – Id2, Company2 – … – Idn, CompanyN

9 How do we handle FORMs in ASP GET form – Var = REQUEST.QUERYSTRING(“field”); Eg <% userid = request.querystring(“userid”) Response.write( “Your userid is “ & userid %> REQUEST.FORM returns POST parameters – Retrieves the userid field from the form for usage in the ASP program

10 But what good is all this? Things get interesting if some of the fields in my database contain links to URLs Now I can have a database that maintains information about web objects I can allow user to select certain search characteristics To update info, I update the database, and the links are automatically generated

11 example You have a music collection of a bunch of mp3 files which you keep adding to. You maintain information about your collection in a database Your database – Song Table Artist Id, album name, record label, date of release, type of music,name of song, link to MP3 file – Artist Table Artist name, bio, link to picture

12 Your application Web page with form that allows users to choose selection criteria ASP file processes form and retrieves a list of links that point to songs that satisfy selection User clicks on link and song plays

13 Additional Applications Add a song Add an artist Delete a song Delete an artist Update a song

14 Conclusion Simple ASP files can be very powerful WEB code doesn’t grow as data grows Once built, no maintenance (except for updating the database, which in many cases is already being done) Easy to “web enable” existing database applications

15 Server Side Scripting Languages Which support DB Access ASP (Visual Basic, JavaScript) C++ and C# coming soon. Cold Fusion (CFM files) PhP (Free open source solution, runs on Unix, Linux, NT) Supports all major databases PERL DBI (Data Base Interface) Java, Javascript Servlets

16 How do you identify server side scripting In most cases, the language processors become PART of the WEB browser. Dramatically reduces overhead involved with running a separate program (ala CGI)

17 Other Alternative JDBC – Java Data Base Connectivity – Allow Java applet to directly connect to a remote database – Problems …. Security (java can only connect back to server its code came from) Overhead for connection(s) across internet Depends on users browser being able to handle java – Best use is within an intranet….

18 PHP PHP is more powerful than ASP, and has direct support for a number of major databases PHP runs on almost all web servers PHP is free! Downside is documentation is weak, and the programming environment complex. Better for big, complex projects

19 Simple PHP Program PHP Test "; ?> OR –

20 Cold Fusion Cold Fusion is a platform independent development system similar to ASP Runs on Windows or Unix Includes Custom IDE (integrated development environment) Some extra features include replication and rollover – You can replicate cold fusion sites for better performance, and you can have one site back up another site in case one fails.

21 Other development environments Java Servlets Java Server Pages They allow reusable components and a write once run anywhere environment.

22 Advanced Features Authentication State maintenance Reusability Application integration – Email – …

23 Authentication How does web application control user access? Some methods –.htaccess files These are files located in a folder that are used to control access to the folder by the web server – LDAP server (Lightweight Directory Access Protocol) Uses separate servers for authentication, and maintenance of global information to be shared across many applications and systems – ADS Active Directory Service Microsoft supported directory information, cam integrate with LDAP and Novell – NDS Novell Directory Service Originally designed for Novell LAN directory access, now used for enterprise-wide directory services

24 Authentication.htaccess files – Pro Can be supported by individual web developers with any centralized overhead. – Con May end up with users have many different userids and passwords. Not really suitable for an intranet environment

25 .htaccess example Assume a directory structure of restricted content that you want to restrict to “authenticated” users. Have users fill out form with their email address, and desired userid. Email password to them with a link to a cgi script that allows them to change password.

26 .htaccess example AuthUserFile /export/grad/a/aab211/public_html/websys/.htpasswd AuthGroupFile /dev/null AuthName Somewhere.com's Secret Section AuthType Basic require valid-user

27 Example.htaccess file describes authentication details and location of htpasswd file.htaccess file placed in the directory it controls, by default controls all lower level directories also. Htpasswd file can be anywhere Htpasswd program used to updated htpasswd file Htpasswd file encrypted

28 Maintaining htpasswd file htpasswd –c passwordfile username – Creates a new htpasswd file and adds a username to it, prompting for the password – Htpasswd passwordfile username adds a user – Htpasswd –b passwordfile username password Creates or updates username password

29 CGI Script to add user Script one – htadduser.sh User fills out form with desired username and email address Shell script adduser.sh –grep.htpasswd file for username If username exists, issue error Else, generate random password –Issue htpaaasswd –b username passwd –Email emailadrees with username and password and link to files. –Add username and email address to userid file

30 Changepass.sh Allows user to change password This script should be restricted directory Logic: – Display form with userid, desired password – Take form input (using POST … Why) – Issue htpasswd –b passwordfile username newpassword

31 Requestnewpassword What if user forgets the userid, password? Requestpass.sh – grep userid file for email address, username – Cut userid and email – Generate new random password, email to user – Watch out, since web server is creating.htpasswd file, anyone can read it (but it is encrypted) – Solution don’t allow users to request.htaccess or.htpasswd

32 LDAP LDAP servers allow different types of authentication and tools LDAP server can be viewed as a hierarchical or relational data base which can be updated, queried etc. Can be used to handle a variety of global info like userids, passwords, home directories, phone numbers, majors etc. Supported by both Novell and Microsoft as well as Unix, Linux etc. One of the best approaches to Enterprise-wide authentication for web, email, LAN etc.

33 NDS Probably first major directory service, due to the fact that many organizations had very large user populations that needed to be authenticated enterprise-wide. (Stern has > 12,000 users) Recent additions allow Novell to authenticate to LDAP.

34 ADS Active Directory Services Microsoft “replacement” for NDS Microsoft did not have a scalable, reliable method for handling 1000s of users. Main reason they couldn’t displace Novell in large organizations. Like NDS, ADS will also interoperate with LDAP, but still buggy.

35 Management Takeaway Many approaches to authentication and security Need an enterprise-wide solution to avoid “userid hangover” 3 major enterprise wide solutions – LDAP, NDS, ADS LDAP only open solution

Download ppt "Putting it all together Dynamic Data Base Access and Authentication Norman White Stern School of Business."

Similar presentations

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.

Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.

Browsers and Servers CGI Processing Model ( Common Gateway Interface ) © Norman White, 2013.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
Kashif Jalal CA-240 (072) Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 2 of…

Kashif Jalal CA-240 (072) Web Development Using ASP.NET CA – 240 Kashif Jalal Welcome to week – 2 of…
Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.

Outline IS400: Development of Business Applications on the Internet Fall 2004 Instructor: Dr. Boris Jukic Server Side Web Technologies: Part 2.
Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.

Week 2 IBS 685. Static Page Architecture The user requests the page by typing a URL in a browser The Browser requests the page from the Web Server The.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.

2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.
Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.

Part or all of this lesson was adapted from the University of Washington’s “Web Design & Development I” Course materials.
Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.

Slide 1 of 9 Presenting 24x7 Scheduler The art of computer automation Press PageDown key or click to advance.
Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.

Server Side Scripting Norman White. Where do we do processing? Client side – Javascript (embed code in html) – Java applets (send java program to run.
Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Sys Prog & Scripting - HW Univ1 Systems Programming & Scripting Lecture 15: PHP Introduction.

Similar presentations

Ads by Google