Security in Computing (3rd Edition)

Info icon This preview shows pages 1–5. Sign up to view the full content.

1 Web Security CS 161/194-1 Anthony D. Joseph November 21, 2005 November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 2 Outline Web Servers – Static and Dynamic Content Firewall review – Adding a DMZ Secure Topologies
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

2 November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 3 Polls How many people have set up a personal web server? How many people have set up a business web server? November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 4 Web Servers Web server serves up static, read-only content from file server Scales up by replicating web servers – Can use DNS round-robin or load balancer Web Server Internet User User User User User File Server Web Server File Server Web Server File Server
Image of page 2
3 November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 5 Web Servers Add a database server for dynamic content – DB used to store per-user info or site content – Also, used for authentication, read/write actions, e-commerce, … Software connector to DB server – Object/Java DataBase Connectivity Web Server File Server DB Server Internet User User User User November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 6 Web Servers Static content model: – Web server uses file server for static content, templates, … Dynamic content model: – Web server uses database server to retrieve/store dynamic content Can have mixtures – Ex: Storing dynamic content in FS – Ex: Storing static content in DB What are the security issues?
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.