Security - CS 580 Client-Server Programming Spring...

Info iconThis preview shows pages 1–13. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 580 Client-Server Programming Spring Semester, 2010 Doc 18 Security April 13, 2009 Copyright ©, All rights reserved. 2010 SDSU & Roger Whitney, 5500 Campanile Drive, San Diego, CA 92182-7700 USA. OpenContent ( http:// www.opencontent.org/opl.shtml ) license defines the copyright on this document.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
References 2 2009 CWE/SANS Top 25 Most Dangerous Programming Errors, March 10, 2009, http:// cwe.mitre.org/top25/ SQL Injection - http://en.wikipedia.org/wiki/SQL_injection Buffer Overflow - http://en.wikipedia.org/wiki/Buffer_overflow NIH Security Web Site http://www.alw.nih.gov/Security/security.html Applied Cryptography Second Edition, Bruce Schneier, John Wiley & Sons, 1996 Secrets and Lies: Digital Security in a Networked World, Bruce Schneier, John Wiley & Sons, 2000
Background image of page 2
3 Http Authentication
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Basic Http Authentication 4
Background image of page 4
Sample Interaction 5 GET /private/index.html HTTP/1.0 Host: localhost HTTP/1.0 401 Authorization Required Server: HTTPd/1.0 Date: Sat, 27 Nov 2004 10:18:15 GMT WWW-Authenticate: Basic realm="Secure Area" Content-Type: text/html Content-Length: 311 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML> <HEAD> <TITLE>Error</TITLE> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"> </HEAD> <BODY><H1>401 Unauthorised.</H1></BODY> </HTML> Client Request Server Response Example from http://en.wikipedia.org/wiki/Basic_access_authentication
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Sample Interaction 6 GET /private/index.html HTTP/1.0 Host: localhost Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ== HTTP/1.0 200 OK Server: HTTPd/1.0 Date: Sat, 27 Nov 2004 10:19:07 GMT Content-Type: text/html Content-Length: 10476 Client request (user name "Aladdin", password "open sesame") Server response:
Background image of page 6
Base64 Encoding 7 Encodes any byte sequence into sequence of printable characters Encoded sequence can be decoded Used to encode MIME contents for transport Email Attachments
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Base 64 Algorithm 8 Divide input into parts each part 24 bits long (3 bytes) Convert each 24 bit sequence as follows: Divide the 24 bits into four groups of 6 bits Use the table to convert each 6 bits Value Encoding 0 A 1 B ... ... 25 Z Value Encoding 26 a 27 b ... ... 51 z Value Encoding 52 0 53 1 ... ... 61 9 Value Encoding 62 + 63 / pad with =
Background image of page 8
Example 9 cats text 001111111 00111101 01001010 01001001 001111 111001 111010 100101 001001 001 001111 111001 111010 100101 001001 001000 15 57 58 37 9 8 P 5 6 l J I = = binary 6 bit groups 6 bit groups padded As decimal Converted
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 Use Base64 encoding for user name and password QWxhZGRpbjpvcGVuIHNlc2FtZQ== user name "Aladdin" password "open sesame" Aladdin:open sesame Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Background image of page 10
11 Security
Background image of page 11

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Top 25 Programming Security Errors 12 Selected based on: How common the error is Consequences of error 2009 CWE/SANS Top 25 Most Dangerous Programming Errors March 10, 2009 http://cwe.mitre.org/top25/
Background image of page 12
Image of page 13
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 10/16/2011 for the course CS 580 taught by Professor Rogerwhitney during the Spring '11 term at Community college of RI.

Page1 / 53

Security - CS 580 Client-Server Programming Spring...

This preview shows document pages 1 - 13. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online