Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your...
-
Upload
lorin-owens -
Category
Documents
-
view
214 -
download
1
Transcript of Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your...
Date : 2/12/2010
Web Technology SolutionsClass: Adding Security and Authentication Features to Your Application
Tonight
✤ DB Review PHP User RegistrationPHP User
Login PHP User Password ResetLab
Lab Preview
✤ Continue CRUD on Final
✤ Create Single Survey
✤ Create, Update and Delete Questions
✤ Create Responses, View Responses
✤ Build a User Auth System for Final
✤ Build Registration Page
✤ Build Login Script
✤ Build Password Reset
Final Project Review
✤ Final Project - Web App (link)
✤ registration feature
✤ login logout
✤ admin ability to create\read\update\delete (CRUD)
✤ Maintain State throughout app (cookies\sessions)
✤ XML and RSS feeds
✤ Valid HTML and CSS design
PHP Output Control
✤ Output Control allows you to tell PHP when to submit information to the browser.
✤ Great:
✤ Working with header(), avoid errors
✤ Controlling Browser Output
✤ Cons:
✤ Buffer Limits (default bite size of 4096kb)
✤ Memory Limits
Output Buffering
ob_start();
Turns on output buffering
data is held within internal “buffer” waiting to be published to the browser.
Call at start of script
Can have a callback function
Can nest buffers
Output Buffering
ob_end_flush()
Sends the data in the buffer to the browser
Turns off output buffer.
Loop through ob_end_flush() to close all jobs
Output Buffering
ob_end_clean()
//removes data from the buffer (doesn’t go to browser)
ob_flush()
//send data to the browser but buffer remains on
ob_get_contents()
//get the content of the buffer (no browser or erase)
String Encryption
✤ Add additional security by using string encryption on secure data.
✤ Passwords. Credit Cards, etc.
md5() //creates a 32 hex-dex char
apple = 1f3870be274f6c49b3e31a0c6728957f
Good for one way matching
Cannot “reverse”
String Encryption
✤ The sha1() function calculates the SHA-1 hash of a string.
✤ Stronger encryption that md5.
✤ Hackers and Rainbow Tables
$str = 'Hello';
echo sha1($str); //f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0
Salts
✤ In cryptography, a salt consists of random bits that are used as one of the inputs to a key derivation function.
✤ $str = 'Hello';
✤ $salt = “World”;
✤ $storage = $str . $salt;
echo sha1($storage); //fwd8s23jd9sfjk9sdfljk3jsd8kdwv
Lab & Next Week
✤ Lab
✤ Create Login system
✤ Properly Encrypt Password.
✤ Add Security and Authorization into your app.
✤ Reading: Chapter 11
See you Tuesday!