WWW ARCHITECTURE , CGI, CLIENT SERVER SECURITY, PROTECTION METHODS

GROUP 3Austina FrancisAnju BabuAbhraham EasoVinil SteephenJomon J Joseph

WWW ARCHITECTURE

WWW The WWW service in which a client using

a browser can access the service through the server.

The service provided is distributed over many locations called sites.

It was initially developed in 1989 by Tim Berners Lee at the CERN lab , in Switzerland.

It has a unique combination of probability ,flexibility , and user friendly features provided by the internet.

CLIENT-SERVER ARCHITECTURE OF WORLD WIDE WEB

FUNCTIONAL COMPONENTS OF WWW

Web browsersWeb serversHyper Text Markup LanguageHTTPURL(Uniform Resource Locator)

WORKING OF WWWThe system begins bigins by

resolving the server name part of the URL in the IP address using internet database.

Browser send an HTTP request to web server at that particular page and further forming a par of that page like images.

After receiving the requested files the browser displays the page on the screen.

In order to view a web page on the WWW one has to type the URL.

INTERNET VS. WWWInternet is the

infrastructure that makes the WWW work.

Packet Switching TCP/IP Protocol Physical

Infrastructure Fiber-optics lines, wires Satellites, Cable Modems Routers, Hubs, Network

Cards, WiFi systems, etc.

WWW is just one of many “virtual networks” built on the Internet.

Websites: http, https, etc.

Email: pop, imap, etc. Other systems: ftp,

instant messaging, etc. Note: Even to this day

companies have “private virtual networks” that use the Internet, but are proprietary, locked-down.

INTRODUCTION TO CGI CGI stands for Common Gateway

Interface. CGI is a standard programming interface

to Web servers that gives us a way to make our sites dynamic and interactive.

CGI is not a programming language. It is just a set of standards (protocols.)

CGI can be implemented in an interpreted language such as PERL or in a compiled language such as C.

INTRODUCTION TO CGI

An HTTP server is often used as a gateway to a legacy information system; for example, an existing body of documents or an existing database application. The Common Gateway Interface is an agreement between HTTP server implementors about how to integrate such gateway scripts and programs.

It is typically used in conjunction with HTML forms to build database applications.

Netp

rog 2

00

2 C

GI P

rogra

mm

ing

9

CGI PROGRAMMING

CLIENT

HTTPSERVER

CGI Program

http request

http response

setenv(), dup(),

fork(), exec(), ...

CGI- WORKING

CGI programs work as follows:STEP 1 (On the client side): Get

Information from the user (using HTML forms, SSI, Java Applet, …,etc).

STEP 2 (On the server side): Process the data, connect to DATABASE, search for PATTERNS, …,etc.

STEP 3 (On the server side): Send the result of computation back to the client.

HTTP HEADER FIELDS ARE COMPONENTS OF THE MESSAGE HEADER OF REQUESTS AND RESPONSES IN THE HYPERTEXT TRANSFERVPROTOCOL THEY DEFINE THE OPERATING PARAMETERS OF AN HTTP TRANSACTION

Multipurpose Internet Mail Extensions (MIME)

is an Internet standard that extends the format of email to support:

Text in character sets other than ASCII Non-text attachmentsa) Message bodies with multiple partsb) Header information in non-ASCII character

sets

ADVANTAGES OF CGI Provides user interface Stores some settings Can do some data processing Little to no application data storage

Same view of data no matter where you login

CLIENT SERVER SECURITY 

keeps a check on the flow of information and it also helps in the smooth functioning of the computers.

The Client server Security works on the basis of authority, first it has to have the authority to identify and then identify the hindrance in the security pathway.

It have the Discretionary control to set things back to their normal place

and then another check is done which can called as an audit.

CLIENT SERVER SECURITY

The object can be re-used or the data can be send all over again..

The major disadvantage is that

Tere is no single security system which can handle all the problems related to the Client server security, so there are many which has to be installed and checkpoints have to be maintained at every point

WORKING LAY OUT

The security measures of online retailers vary immensely.

The methods used to gather, store, and distribute information is implemented differently across the web.

Many companies and corporations that collect sensitive data do not have proper security protocols put into place, which may compromise personal information.

Common errors that online businesses make when processing transactions will be analyzed and critiqued..

This includes information security and the protocols that they should put into place both in terms of their computer infrastructure, data collection and the establishment of personnel protocols, such as the handling of sensitive information and password changes.

The transactions between the client and server will be examined along with the protocols used in the sharing of information, such as secure socket layers and their different certificates, encryption and security measures that are utilized.

. E-commerce firms must ensure that they control access to their information assets and the use of their networks by designing and implementing controls that will diminish the dissemination of sensitive information.

There are possible vulnerabilities on a client’s machine that can lead to data being compromised before it is uploaded to the server.

MAIN SECURITY THREATS

Unauthorized data access - kind of threat when unauthorized person gets access to confidential information. It can lead to situation when such information becomes public or is used against its owner.

Unauthorized data modifications - kind of threat when data can be changed or deleted accidentally or intentionally by the person that has no permissions for such actions.

SECURING YOUR CLIENT-SERVER

Data encoding and encryption:  MAIN goal of encryption is to hide the data

from being visible and accessible without having the key.

o Symmetric encryption algorithms: Special algorithm and key are used for

encryption. The same algorithm and key are used for information decryption.Another name is also used - secret-key cryptograph.

Block and stream encryption in symmetric algorithms

Public key algorithm security Certificates Secure transport protocols analyse security of data storage and

data transfer channels; check if there are times when data is

not encrypted; if the data is not encrypted, check if

they are freely accessible; if the is encrypted, check if the attacker

can obtain something useable for recovery of the encryption keys

THANK YOU