Presentation is loading. Please wait.

Presentation is loading. Please wait.

Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application.

Published byLorin Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application."— Presentation transcript:

1 Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application

2 Tonight ✤ DB Review PHP User RegistrationPHP User Login PHP User Password ResetLab

3 Lab Preview ✤ Continue CRUD on Final ✤ Create Single Survey ✤ Create, Update and Delete Questions ✤ Create Responses, View Responses ✤ Build a User Auth System for Final ✤ Build Registration Page ✤ Build Login Script ✤ Build Password Reset

4 Final Project Review ✤ Final Project - Web App (link) ✤ registration feature ✤ login logout ✤ admin ability to create\read\update\delete (CRUD) ✤ Maintain State throughout app (cookies\sessions) ✤ XML and RSS feeds ✤ Valid HTML and CSS design

5 PHP Output Control ✤ Output Control allows you to tell PHP when to submit information to the browser. ✤ Great: ✤ Working with header(), avoid errors ✤ Controlling Browser Output ✤ Cons: ✤ Buffer Limits (default bite size of 4096kb) ✤ Memory Limits

6 Output Buffering ✤ ob_start(); ✤ Turns on output buffering ✤ data is held within internal “buffer” waiting to be published to the browser. ✤ Call at start of script ✤ Can have a callback function ✤ Can nest buffers

7 Output Buffering ✤ ob_end_flush() ✤ Sends the data in the buffer to the browser ✤ Turns off output buffer. ✤ Loop through ob_end_flush() to close all jobs

8 Output Buffering ✤ ob_end_clean() ✤ //removes data from the buffer (doesn’t go to browser) ✤ ob_flush() ✤ //send data to the browser but buffer remains on ✤ ob_get_contents() ✤ //get the content of the buffer (no browser or erase)

9 String Encryption ✤ Add additional security by using string encryption on secure data. ✤ Passwords. Credit Cards, etc. ✤ md5() //creates a 32 hex-dex char ✤ apple = 1f3870be274f6c49b3e31a0c6728957f ✤ Good for one way matching ✤ Cannot “reverse”

10 String Encryption ✤ The sha1() function calculates the SHA-1 hash of a string. ✤ Stronger encryption that md5. ✤ Hackers and Rainbow Tables ✤ $str = 'Hello'; ✤ echo sha1($str); //f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0

11 Salts ✤ In cryptography, a salt consists of random bits that are used as one of the inputs to a key derivation function.cryptographyrandombitskey derivation function ✤ $str = 'Hello'; ✤ $salt = “World”; ✤ $storage = $str. $salt; ✤ echo sha1($storage); //fwd8s23jd9sfjk9sdfljk3jsd8kdwv

12 Lab & Next Week ✤ Lab ✤ Create Login system ✤ Properly Encrypt Password. ✤ Add Security and Authorization into your app. ✤ Reading: Chapter 11 See you Tuesday!

Download ppt "Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application."

Similar presentations

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.

V 1.0 OE NIK 2013 PHP+SQL 5. Password management (password hashing) Stateless HTTP, storage methods Login form 1.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.

Web Application Security An Introduction. OWASP Top Ten Exploits *Unvalidated Input Broken Access Control Broken Authentication and Session Management.
FlexForm Login form integration Copyright ©2008 Collective Software, LLC.

FlexForm Login form integration Copyright ©2008 Collective Software, LLC.
Nikolay Kostov Telerik Corporation www.telerik.com.

Nikolay Kostov Telerik Corporation
STOCKDOC Advanced Stock Management System

STOCKDOC Advanced Stock Management System
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.

Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.

PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.

Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Sofia, Bulgaria | 9-10 October Writing Secure Code for ASP.NET Stephen Forte CTO, Corzen Inc Microsoft Regional Director NY/NJ (USA) Stephen Forte CTO,

Sofia, Bulgaria | 9-10 October Writing Secure Code for ASP.NET Stephen Forte CTO, Corzen Inc Microsoft Regional Director NY/NJ (USA) Stephen Forte CTO,
Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada

Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada
Goals One ASP.NET Membership story – Web APIs and Web Apps Profile. Extensibility allows for non SQL persistence model. Improve unit testability of.

Goals One ASP.NET Membership story – Web APIs and Web Apps Profile. Extensibility allows for non SQL persistence model. Improve unit testability of.
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)

Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

12/3/2012ISC329 Isabelle Bichindaritz1 PHP and MySQL Advanced Features.

Similar presentations

Ads by Google