Post on 28-Nov-2014
description
WWW ARCHITECTURE , CGI, CLIENT SERVER SECURITY, PROTECTION METHODS
GROUP 3Austina FrancisAnju BabuAbhraham EasoVinil SteephenJomon J Joseph
WWW ARCHITECTURE
WWW The WWW service in which a client using
a browser can access the service through the server.
The service provided is distributed over many locations called sites.
It was initially developed in 1989 by Tim Berners Lee at the CERN lab , in Switzerland.
It has a unique combination of probability ,flexibility , and user friendly features provided by the internet.
CLIENT-SERVER ARCHITECTURE OF WORLD WIDE WEB
FUNCTIONAL COMPONENTS OF WWW
Web browsersWeb serversHyper Text Markup LanguageHTTPURL(Uniform Resource Locator)
WORKING OF WWWThe system begins bigins by
resolving the server name part of the URL in the IP address using internet database.
Browser send an HTTP request to web server at that particular page and further forming a par of that page like images.
After receiving the requested files the browser displays the page on the screen.
In order to view a web page on the WWW one has to type the URL.
INTERNET VS. WWWInternet is the
infrastructure that makes the WWW work.
Packet Switching TCP/IP Protocol Physical
Infrastructure Fiber-optics lines, wires Satellites, Cable Modems Routers, Hubs, Network
Cards, WiFi systems, etc.
WWW is just one of many “virtual networks” built on the Internet.
Websites: http, https, etc.
Email: pop, imap, etc. Other systems: ftp,
instant messaging, etc. Note: Even to this day
companies have “private virtual networks” that use the Internet, but are proprietary, locked-down.
INTRODUCTION TO CGI CGI stands for Common Gateway
Interface. CGI is a standard programming interface
to Web servers that gives us a way to make our sites dynamic and interactive.
CGI is not a programming language. It is just a set of standards (protocols.)
CGI can be implemented in an interpreted language such as PERL or in a compiled language such as C.
INTRODUCTION TO CGI
An HTTP server is often used as a gateway to a legacy information system; for example, an existing body of documents or an existing database application. The Common Gateway Interface is an agreement between HTTP server implementors about how to integrate such gateway scripts and programs.
It is typically used in conjunction with HTML forms to build database applications.
Netp
rog 2
00
2 C
GI P
rogra
mm
ing
9
CGI PROGRAMMING
CLIENT
HTTPSERVER
CGI Program
http request
http response
setenv(), dup(),
fork(), exec(), ...
CGI- WORKING
CGI programs work as follows:STEP 1 (On the client side): Get
Information from the user (using HTML forms, SSI, Java Applet, …,etc).
STEP 2 (On the server side): Process the data, connect to DATABASE, search for PATTERNS, …,etc.
STEP 3 (On the server side): Send the result of computation back to the client.
HTTP HEADER FIELDS ARE COMPONENTS OF THE MESSAGE HEADER OF REQUESTS AND RESPONSES IN THE HYPERTEXT TRANSFERVPROTOCOL THEY DEFINE THE OPERATING PARAMETERS OF AN HTTP TRANSACTION
Multipurpose Internet Mail Extensions (MIME)
is an Internet standard that extends the format of email to support:
Text in character sets other than ASCII Non-text attachmentsa) Message bodies with multiple partsb) Header information in non-ASCII character
sets
ADVANTAGES OF CGI Provides user interface Stores some settings Can do some data processing Little to no application data storage
Same view of data no matter where you login
CLIENT SERVER SECURITY
keeps a check on the flow of information and it also helps in the smooth functioning of the computers.
The Client server Security works on the basis of authority, first it has to have the authority to identify and then identify the hindrance in the security pathway.
It have the Discretionary control to set things back to their normal place
and then another check is done which can called as an audit.
CLIENT SERVER SECURITY
The object can be re-used or the data can be send all over again..
The major disadvantage is that
Tere is no single security system which can handle all the problems related to the Client server security, so there are many which has to be installed and checkpoints have to be maintained at every point
WORKING LAY OUT
The security measures of online retailers vary immensely.
The methods used to gather, store, and distribute information is implemented differently across the web.
Many companies and corporations that collect sensitive data do not have proper security protocols put into place, which may compromise personal information.
Common errors that online businesses make when processing transactions will be analyzed and critiqued..
This includes information security and the protocols that they should put into place both in terms of their computer infrastructure, data collection and the establishment of personnel protocols, such as the handling of sensitive information and password changes.
The transactions between the client and server will be examined along with the protocols used in the sharing of information, such as secure socket layers and their different certificates, encryption and security measures that are utilized.
. E-commerce firms must ensure that they control access to their information assets and the use of their networks by designing and implementing controls that will diminish the dissemination of sensitive information.
There are possible vulnerabilities on a client’s machine that can lead to data being compromised before it is uploaded to the server.
MAIN SECURITY THREATS
Unauthorized data access - kind of threat when unauthorized person gets access to confidential information. It can lead to situation when such information becomes public or is used against its owner.
Unauthorized data modifications - kind of threat when data can be changed or deleted accidentally or intentionally by the person that has no permissions for such actions.
SECURING YOUR CLIENT-SERVER
Data encoding and encryption: MAIN goal of encryption is to hide the data
from being visible and accessible without having the key.
o Symmetric encryption algorithms: Special algorithm and key are used for
encryption. The same algorithm and key are used for information decryption.Another name is also used - secret-key cryptograph.
Block and stream encryption in symmetric algorithms
Public key algorithm security Certificates Secure transport protocols analyse security of data storage and
data transfer channels; check if there are times when data is
not encrypted; if the data is not encrypted, check if
they are freely accessible; if the is encrypted, check if the attacker
can obtain something useable for recovery of the encryption keys
THANK YOU