Scribd Logo
Upload

Welcome to Scribd!

  • Introduction to Web Application Servers and Security

    Uploaded by

    MOHAMAD FIRDAUS BIN CHE ABDUL RANI
    27 views24 pages
    This document discusses web application servers and security. It introduces common web development platforms like ASP.NET, J2EE, and PHP. It also describes popular web servers like IIS and Apache, noting that IIS is required for ASP.NET. The document outlines the basic request/response process for static and dynamic content. It then discusses web application security, including the need for authentication, authorization, and implementing a user security model with anonymous, registered, and administrator users.

    Original Description:

    Original Title

    07 CT050-3-2 Introduction to Servers and Security

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses web application servers and security. It introduces common web development platforms like ASP.NET, J2EE, and PHP. It also describes popular web servers like IIS and Apache, noting that IIS is required for ASP.NET. The document outlines the basic request/response process for static and dynamic content. It then discusses web application security, including the need for authentication, authorization, and implementing a user security model with anonymous, registered, and administrator users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    27 views24 pages

    Introduction to Web Application Servers and Security

    Uploaded by

    MOHAMAD FIRDAUS BIN CHE ABDUL RANI
    This document discusses web application servers and security. It introduces common web development platforms like ASP.NET, J2EE, and PHP. It also describes popular web servers like IIS and Apache, noting that IIS is required for ASP.NET. The document outlines the basic request/response process for static and dynamic content. It then discusses web application security, including the need for authentication, authorization, and implementing a user security model with anonymous, registered, and administrator users.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    CT050-3-2 Web Applications

    Introduction to Servers and Security


    Web Application

    CT050-3-2-WAPP Introduction to Servers and Security


    CT050-3-2-WAPP Introduction to Servers and Security
    Common Platform Stacks

    CT050-3-2-WAPP Introduction to Servers and Security


    Web Development Platforms

    CT050-3-2-WAPP Introduction to Servers and Security


    ASP.NET vs. J2EE vs. PHP

    • All are excellent choices for Web Application


    Development
    • J2EE has a proven track record over years of
    being scalable and reliable
    • J2EE and PHP available on multiple platforms
    – Greater choice of hardware & software solutions
    – Makes support more complicated due to permutations
    • ASP.NET is available on Microsoft Systems
    – Limiting hardware and software choices
    – Makes support easier

    CT050-3-2-WAPP Introduction to Servers and Security


    Web Servers

    • A web server is a software application that


    manages web pages
    – The hardware on which the web server runs is often
    referred to as a web server also
    • Makes web resources available over a network
    – Resources such as HTML, ASPX, JPEG, GIF
    – Local Intranet
    – Shared Extranet
    – Public Internet

    CT050-3-2-WAPP Introduction to Servers and Security


    Web Servers

    • Over the public Internet, browser and web server are on


    separate machines
    • In a local environment, it is possible for the web server
    and browser to be on the same hardware
    – Not always in development groups
    – Shared internal server

    CT050-3-2-WAPP Introduction to Servers and Security


    Web Servers

    • Web servers make resources available


    – Regardless of setup
    – Local machines may only allow local access
    – Principle remains the same
    • There are many popular web servers available
    – Including but not limited to:
    – Microsoft Internet Information Services (IIS)
    – Apache / Tomcat
    • Focus is on Microsoft servers as it is a
    requirement of ASP.NET (all versions)

    CT050-3-2-WAPP Introduction to Servers and Security


    Internet Information Services

    • Heavy duty web server


    – Available on Windows OS (including Windows
    Server)
    • Requires the .NET Framework to run
    ASP.NET applications
    • Stores ASPX and related files, compiling
    when necessary and serving them to
    browsers

    CT050-3-2-WAPP Introduction to Servers and Security


    3 minutes Pop Quiz

    To answer the questions,

    Please scan the QR Code

    OR

    Click the hyperlink at the


    chat section

    CT050-3-2-WAPP Introduction to Servers and Security


    Requesting Documents

    • We mainly focus on 1. HTML files are


    created and stored
    dynamic web 3. Locate page and create
    applications HTML stream. Send to client.

    • The static request / Server

    response model is
    useful to know
    • Consists of a basic 2. User requests page

    request / response
    using plain text and
    other resources 4. Browser renders
    the HTML
    (JPEG, GIF etc.) Client

    CT050-3-2-WAPP Introduction to Servers and Security


    Requesting Documents

    • Dynamic
    1. Web author creates 3. Web server locates, compiles if
    Content delivery ASPX files and other
    application logic.
    necessary, and executes code

    includes 4. Web server creates a stream of


    HTML

    additional
    stages Server 5. Web server sends HTML stream
    to browser

    • ASP.NET
    includes a
    compilation
    check and 2. User requests page

    execution with a browser, request is


    passed to the server
    6. Browser renders the
    HTML

    Client

    CT050-3-2-WAPP Introduction to Servers and Security


    Web Servers - Applications

    • All code is executed on the server


    – HTML stream is returned to the browser
    • Code is compiled when needed
    – Change in source code
    – Refresh prompted by server admin
    • Compiled code is faster than previous ASP
    incarnations
    – Classic ASP interprets code on each request
    – ASP.NET compiles code on first use
    – Compiled code does not require interpreting

    CT050-3-2-WAPP Introduction to Servers and Security


    Web Application Security

    • Web Applications
    – Tend to keep sensitive data
    – Financial, personal
    • Web Applications must consider security
    – Hardware – Physical location, Access
    – Network – Firewalls, Proxy, DNS
    – Application Level – Security Model
    • Authentication
    • Authorisation

    CT050-3-2-WAPP Introduction to Servers and Security


    Security Model

    • The idea of user level security is very


    simple
    – Grant access to groups of users on your site
    – No need to give them access to everything
    • Many sites on the web today utilise a
    levelled user security model
    – Anonymous users
    – Registered users
    – Administrators

    CT050-3-2-WAPP Introduction to Servers and Security


    Anonymous Users

    • Users that do not have to divulge anything about


    themselves
    • Controlling access to resources is useful
    – Business model – E.g. news subscription
    – Resource use – keep network fast for subscribers
    – Protect sensitive / secret info
    • It is not prudent to always deny access to
    anonymous users
    – Many commercial sites allow anonymous users to
    browse products and create a shopping cart
    – Anonymous users must ‘register’ to purchase the
    items

    CT050-3-2-WAPP Introduction to Servers and Security


    Registered Users

    • Allow you to develop a level of trust with the user


    – Not complete trust though
    – Information and credit card details
    • Necessary for doing business
    • Registration could be performed in a number of
    ways
    – Depends on the application
    – Music video subscriptions may require credit card
    details on sign up or merely personal details at first

    CT050-3-2-WAPP Introduction to Servers and Security


    Administrators

    • Depending on security model


    – Have freedom or authority to do anything they like
    within the boundaries of the system
    – Have the ability to modify global data
    • Add/Edit/Update products for example
    – Manage user accounts
    • Administrative function do not have to be all
    encompassing
    – Admin of online-banking system should not be able to
    adjust account balances
    • Out of the realms of the job

    CT050-3-2-WAPP Introduction to Servers and Security


    Security Model – ASP.NET

    • ASP.NET separates the process into two


    parts
    – Authentication
    – Authorisation

    CT050-3-2-WAPP Introduction to Servers and Security


    Authentication

    • A process that checks if a user is who they say


    they are
    • May involve a username and password
    • Secret question / answer
    • Details submitted need to be checked against a
    functional and valid authority
    – Database
    – Domain server

    CT050-3-2-WAPP Introduction to Servers and Security


    Authorisation

    • The process of granting and giving the


    user access to the resources that they are
    permitted to have
    • This is not authentication!

    CT050-3-2-WAPP Introduction to Servers and Security


    Which part is the authorization process?

    CT050-3-2-WAPP Introduction to Servers and Security


    Question and Answer Session

    Q&A

    CT050-3-2-WAPP Introduction to Servers and Security

    You might also like