Web Programming
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
On the Incoherencies in Web Browser Access Control Policies
On the Incoherencies in Web Browser Access Control Policies Kapil Singh∗, Alexander Moshchuk†, Helen J. Wang† and Wenke Lee∗ ∗Georgia Institute of Technology, Atlanta, GA Email: {ksingh, wenke}@cc.gatech.edu †Microsoft Research, Redmond, WA Email: {alexmos, helenw}@microsoft.com Abstract—Web browsers’ access control policies have evolved Inconsistent principal labeling. Today’s browsers do piecemeal in an ad-hoc fashion with the introduction of new not have the same principal definition for all browser re- browser features. This has resulted in numerous incoherencies. sources (which include the Document Object Model (DOM), In this paper, we analyze three major access control flaws in today’s browsers: (1) principal labeling is different for different network, cookies, other persistent state, and display). For resources, raising problems when resources interplay, (2) run- example, for the DOM (memory) resource, a principal is time changes to principal identities are handled inconsistently, labeled by the origin defined in the same origin policy and (3) browsers mismanage resources belonging to the user (SOP) in the form of <protocol, domain, port> [4]; but principal. We show that such mishandling of principals leads for the cookie resource, a principal is labeled by <domain, to many access control incoherencies, presenting hurdles for > web developers to construct secure web applications. path . Different principal definitions for two resources are A unique contribution of this paper is to identify the com- benign as long as the two resources do not interplay with patibility cost of removing these unsafe browser features. To do each other. However, when they do, incoherencies arise. For this, we have built WebAnalyzer, a crawler-based framework example, when cookies became accessible through DOM’s for measuring real-world usage of browser features, and used “document” object, DOM’s access control policy, namely the it to study the top 100,000 popular web sites ranked by Alexa. -
BOROUGH of MANHATTAN COMMUNITY COLLEGE City University of New York Department of Computer Information Systems Office S150/Phone: 212-220-1476
BOROUGH OF MANHATTAN COMMUNITY COLLEGE City University of New York Department of Computer Information Systems Office S150/Phone: 212-220-1476 Web Programming II Class hours: 2 CIS 485 Lab hours: 2 Spring 2012 Credits: 3 Course Description: This course will introduce students to server-side web programming. Emphasis is placed on database connectivity in order to solve intermediate level application problems. Students will be tasked with web projects that facilitate understanding of tier design and programming concepts. The overall goal of this course is to create a shopping cart application with a login and database component. Prerequisites/Co-requisite: Basic Skills: ENG 088, ESL 062, ACR 094, MAT 012/051; CIS 385 Web Programming I Learning Outcomes and Assessment After completing this course, students will be able to: Outcome: Demonstrate the use of a database with server-side scripting Assessment: Lab exercises and exam questions Outcome: Demonstrate the use a Cookie and Session manager with server-side scripting Assessment: Final project, lab exercises and exam questions Outcome: Develop a database-driven website Assessment: Lab exercises Outcome: Design and develop a shopping-cart application with a login and database component Assessment: Final Project General Education Outcomes and Assessment Quantitative Skills – Students will use quantitative skills and concepts and methods of mathematics to solve problems Assessment: Use formulas and concepts of mathematics to solve problems in programming assignments Information and Technology -
DLCGI Advanced Uses
DLCGI Advanced Uses Using DLCGI to achieve single sign-on with The Diver Solution In situations where authentication to DiveLine needs to be integrated with an existing authentication scheme, we provide "DLCGI", the DiveLine-Common Gateway Interface interfacing module. The "Common Gateway Interface" is a standard for interfacing external scripts and programs with a web server. How DLCGI works When dlcgi.exe is executed by the webserver, in the context of a user that the web server has already authenticated, it obtains a limited-lifetime one-time password from DiveLine. This password can be passed, via web page redirects, custom web page scripting, etc., to DivePort, NetDiver, or even ProDiver to allow the user to login. The typical strategy for using DLCGI is: 1. Configure DiveLine to accept DLCGI requests from your webserver. 2. Install dlcgi.exe in a scripts directory (e.g. /cgi-bin/) on your CGI-compliant webserver (e.g. IIS, Apache). You configure the name of your DiveLine server and other parameters using dlcgi.cfg in the same directory as the executable. 3. Restrict access to this script so that the webserver will only execute it when the user has already authenticated (e.g. Domain account). Typical uses • DivePort: Users go to the DivePort site, and are redirected to another URL for authentication. That URL, which runs dlcgi.exe, redirects the user back to the DivePort URL with a one-use authentication token. • ProDiver: When ProDiver connects to DiveLine, if configured with a DLCGI URL, it will access the URL in "raw" mode (see below) to obtain a parse-able result file containing a one-use DiveLine authentication token. -
Leukemia Medical Application with Security Features
Journal of Software Leukemia Medical Application with Security Features Radhi Rafiee Afandi1, Waidah Ismail1*, Azlan Husin2, Rosline Hassan3 1 Faculty Science and Technology, Universiti Sains Islam Malaysia, Negeri Sembilan, Malaysia. 2 Department of Internal Medicine, School of Medicine, Universiti Sains Malaysia, Kota Bahru, Malaysia. 3 Department of Hematology, School of Medicine, Universiti Sains Malaysia, Kota Bahru, Malaysia. * Corresponding author. Tel.: +6 06 7988056; email: [email protected]. Manuscript submitted January 27, 2015; accepted April 28, 2015 doi: 10.17706/jsw.10.5.577-598 Abstract: Information on the Leukemia patients is very crucial by keep track medical history and to know the current status of the patient’s. This paper explains on development of Hematology Information System (HIS) in Hospital Universiti Sains Malaysia (HUSM). HIS is the web application, which is the enhancement of the standalone application system that used previously. The previous system lack of the implementation of security framework and triple ‘A’ elements which are authentication, authorization and accounting. Therefore, the objective of this project is to ensure the security features are implemented and the information safely kept in the server. We are using agile methodology to develop the HIS which the involvement from the user at the beginning until end of the project. The user involvement at the beginning user requirement until implemented. As stated above, HIS is web application that used JSP technology. It can only be access within the HUSM only by using the local Internet Protocol (IP). HIS ease medical doctor and nurse to manage the Leukemia patients. For the security purpose HIS provided password to login, three different user access levels and activity log that recorded from each user that entered the system Key words: Hematology information system, security feature, agile methodology. -
Cross-Domain Embedding for Vaadin Applications
Cross-Domain Embedding for Vaadin Applications Janne Lautamäki and Tommi Mikkonen Department of Software Systems, Tampere University of Technology, Korkeakoulunkatu 1, FI-33720 Tampere, Finland {janne.lautamaki,tommi.mikkonen}@tut.fi Abstract. Although the design goals of the browser were originally not at running applications or at displaying a number of small widgets on a single web page, today many web pages considerably benefit from being able to host small embedded applications as components. While the web is full such applications, they cannot be easily reused because of the same origin policy restrictions that were introduced to protect web content from potentially malicious use. In this paper, we describe a generic design for cross domain embedding of web applications in a fashion that enables loading of applications from different domains as well as communication between the client and server. As the proof- of-concept implementation environment, we use web development framework Vaadin, a Google Web Toolkit based system that uses Java for application development. Keywords: Vaadin, JSONP, cross-domain applications. 1 Introduction Web applications – systems that resemble desktop applications in their behavior but are run inside the browser – are becoming increasingly common. The current trend is that web pages have dynamic components side by side with the traditional web content, such as static text and images. These dynamic components can be small widgets that for instance display current weather information or stock exchange data, or even full-fledged web applications that offer a service related to the theme of the web page where they are located [1]. Creating dynamic web pages is much more complex than building plain old web pages. -
Chapter 1 Web Basics and Overview
Chapter 1 Web Basics and Overview The Web is an Internet-based distributed information system. Anyone with a computer connected to the Internet can easily retrieve information by giving a Web address or by simply clicking a mouse button. The Web is a great way to disseminate information and making it available 24/7. Information can also be collected from Web users and customers through online forms. Maintainers and administrators can control and update Web content from anywhere on the Web. All these make the Web a powerful tool for mass communication, e-business and e-commerce. Compared with TV, radio, news papers, and magazines, putting the word out on the Web is relatively simple and inexpensive. But a website is much more than such one-way communication media. It can be a virtual o±ce or store that is always open and supported by workers from anywhere. Web service companies o®er free Web space and tools to generate simple personal or even business Web pages. But, well-designed and professionally implemented websites are much more involved. Even then, expertly produced websites are still much more cost-e®ective than other means of mass communication. For business and commerce, the cost of a website is negligible when compared to building and operating a brick-and-mortar o±ce or store. Once in-place, a website is a store that never closes and that is very attractive. People take great pains in building an o±ce or store to project the right image and to serve the needs 7 8 CHAPTER 1. -
Getting Started Guide with Wiz550web Getting Started Guide with Wiz550web
2015/02/09 17:48 1/21 Getting Started Guide with WIZ550web Getting Started Guide with WIZ550web WIZ550web is an embedded Web server module based on WIZnet’s W5500 hardwired TCP/IP chip, Users can control & monitor the 16-configurable digital I/O and 4-ADC inputs on module via web pages. WIZ550web provides the firmware & web page examples for user’s customization. This page describes the following topics: ● Product Preview ● Hello world ❍ Product contents ❍ SD card initialization ❍ Data flash initialization ❍ Serial debug message ● WIZ550web Basic operations and CGI ● Basic Demo Webpage ● Examples for WIZ550web customization Users can download the following source codes from the 'WIZ550web GitHub Repository' ● Firmware source code (The projects for Eclipse IDE) ❍ Application / Boot ● Demo webpage WIZ550web GitHub Repository https://github.com/Wiznet/WIZ550web WIZ550web GitHub Page http://wiznet.github.io/WIZ550web Develop Environment - http://wizwiki.net/wiki/ Last update: 2015/02/09 products:wiz550web:wiz550webgsg_en http://wizwiki.net/wiki/doku.php?id=products:wiz550web:wiz550webgsg_en 13:05 ● Eclipse IDE for C/C++ Developers, Kepler Service Release 2 ● ARM GCC 4.8.3 (2014q1) Product Preview Hello World Product Contents Ordering Part No: WIZ550web ● WIZ550web module x 1 Ordering Part No: WIZ550web-EVB ● WIZ550web module x 1 ● WIZ550web baseboard x 1 http://wizwiki.net/wiki/ Printed on 2015/02/09 17:48 2015/02/09 17:48 3/21 Getting Started Guide with WIZ550web ● LAN cable x 1 ● Serial cable x 1 ● 12V Power adapter x 1 SD card is option for both WIZ550web and WIZ550web-EVB Refer to recommended lists of SD card. Vendor Capacity(Bytes) Type Class 2G SD n/a Sandisk 4G SDHC 4 8G SDHC 4 Samsung 4G SDHC 6 Transcend 4G SDHC 4,10 SD card Initialization WIZ550web uses Micro SD card as a storage for web content and SD card is not included as default. -
Web Pages Are Stored on Web Server and Can Be Viewed Using a Web Browser
WWEEBB PPAAGGEESS http://www.tutorialspoint.com/internet_technologies/web_pages.htm Copyright © tutorialspoint.com Web Page web page is a document available on world wide web. Web Pages are stored on web server and can be viewed using a web browser. A web page can cotain huge information including text, graphics, audio, video and hyper links. These hyper links are the link to other web pages. Collection of linked web pages on a web server is known as website. There is unique Uniform Resource Locator URL is associated with each web page. Static Web page Static web pages are also known as flat or stationary web page. They are loaded on the client’s browser as exactly they are stored on the web server. Such web pages contain only static information. User can only read the information but can’t do any modification or interact with the information. Static web pages are created using only HTML. Static web pages are only used when the information is no more required to be modified. Dynamic Web page Dynamic web page shows different information at different point of time. It is possible to change a portaion of a web page without loading the entire web page. It has been made possible using Ajax technology. Server-side dynamic web page It is created by using server-side scripting. There are server-side scripting parameters that determine how to assemble a new web page which also include setting up of more client-side processing. Client-side dynamic web page It is processed using client side scripting such as JavaScript. -
CGI Scripts: Gateways to World-Wide Web Power
Behavior Research Methods. Instruments. & Computers 1996,28 (2), 165-169 CGI scripts: Gateways to World-Wide Web power JAMES M. KIELEY Miyazaki International CoUege, Miyazaki, Japan The power of the hypertext-based information presentation system known as the World-Wide Web can be enhanced by scripts based on the common gateway interface (CG!) protocol. CG! scripts re siding on a Webserver permit the execution of computer programs that can perform a wide variety of functions that maybe useful to psychologists. Example applications are presented here, along with ref erence information for potential script developers. The majority ofinformation that people access via the permit users to input data by clicking on checkboxes, hypertext-based information presentation system known radio buttons, menus, reset buttons, and submit buttons, as the World-Wide Web (WWW) is actually stored in the and also by typing into text fields (Lemay, 1995). form of static files-that is, text and graphics files that COl was developed by the original programmers ofthe appear a certain way when viewed from a Web browser, UNIX-based CERN and NCSA HTTP Web servers to such as Netscape or Mosaic, because ofa command lan supersede a prior scripting environment called HTBIN. guage known as HTML. HTML, by its original design, is Other Web servers that support scripting, including those a simple command set used to present multimedia infor based on other operating systems, mayor may not use mation that can be accessed asynchronously. The capa the COl protocol. Early applications of COl scripts in bilities ofHTML, and, therefore, the WWW, can be im cluded using them to serve information to a browser that proved with scripts conforming to the common gateway is in a format that is otherwise unreadable, such as an SQL interface (COl) protocol. -
How Web Browsers Work HTTP: “Definition: HTTP
How web browsers work http://www.webdevelopersnotes.com/basics/how_do_web_browser_work.php HTTP: HTTP 1.0 document from 1990 http://www.w3.org/Protocols/HTTP/1.0/spec.html “Definition: HTTP - the Hypertext Transfer Protocol - provides a standard for Web browsers and servers to communicate. The definition of HTTP is a technical specification of a network protocol that software must implement. HTTP is an application layer network protocol built on top of TCP. HTTP clients (such as Web browsers) and servers communicate via HTTP request and response messages. The three main HTTP message types are GET, POST, and HEAD. HTTP utilizes TCP port 80 by default, though other ports such as 8080 can alternatively be used……. “ http://compnetworking.about.com/od/networkprotocols/g/bldef_http.htm HTTPS The secure hypertext transfer protocol (HTTPS) is a communications protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is http using a Secure Socket Layer (SSL). A secure socket layer is an encryption protocol invoked on a Web server that uses HTTPS. Most implementations of the HTTPS protocol involve online purchasing or the exchange of private information. Accessing a secure server often requires some sort of registration, login, or purchase. The successful use of the HTTPS protocol requires a secure server to handle the request. http://msdn.microsoft.com/en-us/library/aa767735(v=vs.85).aspx HTML HyperText Markup Language is used for describing web documents (web pages) so that they can be correctly displayed. A markup language is a set of markup tags HTML documents are described by HTML tags Each HTML tag describes different document content http://www.w3schools.com/html/html_intro.asp Static Web Page A web page that uses only HTML does not change its appearance or its data and is therefore always a static webpage URI and URL In computing, a uniform resource identifier (URI) is a string of characters used to identify a name of a resource. -
The Common Gateway Interface and Server-Side Programming
WebWeb MasterMaster 11 IFIIFI Andrea G. B. Tettamanzi Université de Nice Sophia Antipolis Département Informatique [email protected] Andrea G. B. Tettamanzi, 2019 1 Unit 3 The Common Gateway Interface and Server-side Programming Andrea G. B. Tettamanzi, 2019 2 Agenda • The Common Gateway Interface • Server-Side Programming Andrea G. B. Tettamanzi, 2019 3 Introduction • An HTTP server is often used as a gateway to a different information system (legacy or not), for example – an existing body of documents – an existing database application • The Common Gateway Interface (CGI) is an agreement between HTTP server implementors about how to integrate such gateway scripts and programs • It was typically (but not exclusively) used in conjunction with HTML forms to build database applications • Nowadays largely superseded by dynamic Web content technologies such as PHP, ASP.NET, Java Servlets, and Node.js Andrea G. B. Tettamanzi, 2019 4 The Common Gateway Interface • The Common Gateway Interface (CGI) is a de facto standard protocol for Web servers to execute an external program that generates a Web page dynamically • The external program executes like a console application running on the same machine as the Web server (the host) • Such program is known as a CGI script or simply as a CGI Andrea G. B. Tettamanzi, 2019 5 How Does That Work? • Each time a client requests the URL corresponding to a CGI program, the server will execute it in real-time – E.g.: GET http://www.example.org/cgi-bin/add?x=2&y=2 • The output of the program will go more or less directly to the client • Strictly speaking, the “input” to the program is the HTTP request • Environment variables are used to pass data about the request from the server to the program – They are accessed by the script in a system-defined manner – Missing environment variable = NULL value – Character encoding is system-defined Andrea G. -
Common Gateway Interface Reference Guide
COMMON GATEWAY INTERFACE REFERENCE GUIDE Copyright © 1998 The President and Fellows of Harvard College All rights reserved Common Gateway Interface (CGI) Reference Guide The Harvard Computer Society Table of Contents Introduction...............................................................................................................................................................1 How the Web Really Works ...................................................................................................................................1 GET and POST ......................................................................................................................................................1 Perl and CGI ..............................................................................................................................................................2 Here Document Quoting ........................................................................................................................................2 The CGI.pm Module...............................................................................................................................................2 Returning a Web Page...........................................................................................................................................3 Sending Mail ..........................................................................................................................................................4 Maintaining State......................................................................................................................................................5