Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Www architecture,cgi, client server security, protection
1. WWW ARCHITECTURE
, CGI, CLIENT SERVER
SECURITY, PROTECTION
METHODS
GROUP 3
Austina Francis
Anju Babu
Abhraham Easo
Vinil Steephen
Jomon J Joseph
2. WWW ARCHITECTURE
WWW
The WWW service in which a client using a
browser can access the service through the
server.
The service provided is distributed over
many locations called sites.
It was initially developed in 1989 by Tim
Berners Lee at the CERN lab , in
Switzerland.
It has a unique combination of probability
,flexibility , and user friendly features
provided by the internet.
4. FUNCTIONAL COMPONENTS OF
WWW
Web browsers
Web servers
Hyper Text Markup Language
HTTP
URL(Uniform Resource Locator)
5. WORKING OF WWW
The system begins bigins by resolving
the server name part of the URL in the IP
address using internet database.
Browser send an HTTP request to web
server at that particular page and further
forming a par of that page like images.
After receiving the requested files the
browser displays the page on the screen.
In order to view a web page on the
WWW one has to type the URL.
6. INTERNET VS. WWW
Internet is the infrastructure WWW is just one of many
that makes the WWW “virtual networks” built on
work. the Internet.
Packet Switching Websites: http, https, etc.
TCP/IP Protocol Email: pop, imap, etc.
Physical Infrastructure Other systems: ftp, instant
Fiber-optics lines, wires messaging, etc.
Satellites, Cable Modems Note: Even to this day
Routers, Hubs, Network companies have “private virtual
Cards, WiFi systems, etc. networks” that use the
Internet, but are
proprietary, locked-down.
7. INTRODUCTION TO CGI
CGI stands for Common Gateway Interface.
CGI is a standard programming interface to
Web servers that gives us a way to make our
sites dynamic and interactive.
CGI is not a programming language. It is just
a set of standards (protocols.)
CGI can be implemented in an interpreted
language such as PERL or in a compiled
language such as C.
8. INTRODUCTION TO CGI
An HTTP server is often used as a gateway to a
legacy information system; for example, an existing
body of documents or an existing database
application. The Common Gateway Interface is an
agreement between HTTP server implementors
about how to integrate such gateway scripts and
programs.
It is typically used in conjunction with HTML forms
to build database applications.
9. CGI PROGRAMMING
Netprog 2002 CGI Programming
HTTP
SERVER
CLIENT CGI Program
9
10. CGI- WORKING
CGI programs work as follows:
STEP 1 (On the client side): Get
Information from the user (using HTML
forms, SSI, Java Applet, …,etc).
STEP 2 (On the server side): Process the
data, connect to DATABASE, search for
PATTERNS, …,etc.
STEP 3 (On the server side): Send the
result of computation back to the client.
11. HTTP HEADER FIELDS ARE COMPONENTS OF THE
MESSAGE HEADER OF REQUESTS AND RESPONSES IN
THE HYPERTEXT TRANSFERVPROTOCOL THEY DEFINE THE
OPERATING PARAMETERS OF AN HTTP TRANSACTION
Multipurpose Internet Mail Extensions (MIME)
is an Internet standard that extends the format
of email to support:
Text in character sets other than ASCII
Non-text attachments
a) Message bodies with multiple parts
b) Header information in non-ASCII character sets
12. ADVANTAGES OF CGI
Provides user interface
Stores some settings
Can do some data processing
Little to no application data storage
Same view of data no matter where you login
13. CLIENT SERVER SECURITY
keeps a check on the flow of information and it also
helps in the smooth functioning of the computers.
The Client server Security works on the basis of
authority, first it has to have the authority to identify
and then identify the hindrance in the security
pathway.
It have the Discretionary control to set things back
to their normal place
and then another check is done which can called as
an audit.
14. CLIENT SERVER SECURITY
The object can be re-used or the data can be send
all over again..
The major disadvantage is that
Tere is no single security system which can handle
all the problems related to the Client server
security, so there are many which has to be
installed and checkpoints have to be maintained at
every point
16. The security measures of online retailers vary
immensely.
The methods used to gather, store, and distribute
information is implemented differently across the
web.
Many companies and corporations that collect
sensitive data do not have proper security protocols
put into place, which may compromise personal
information.
Common errors that online businesses make when
processing transactions will be analyzed and
critiqued..
17. This includes information security and the protocols
that they should put into place both in terms of their
computer infrastructure, data collection and the
establishment of personnel protocols, such as the
handling of sensitive information and password
changes.
The transactions between the client and server will
be examined along with the protocols used in the
sharing of information, such as secure socket
layers and their different certificates, encryption and
security measures that are utilized.
18. . E-commerce firms must ensure that they control
access to their information assets and the use of
their networks by designing and implementing
controls that will diminish the dissemination of
sensitive information.
There are possible vulnerabilities on a client’s
machine that can lead to data being compromised
before it is uploaded to the server.
19. MAIN SECURITY THREATS
Unauthorized data access - kind of threat when
unauthorized person gets access to confidential
information. It can lead to situation when such
information becomes public or is used against its
owner.
Unauthorized data modifications - kind of threat
when data can be changed or deleted accidentally
or intentionally by the person that has no
permissions for such actions.
20. SECURING YOUR CLIENT-SERVER
Data encoding and encryption:
MAIN goal of encryption is to hide the data from
being visible and accessible without having the key.
o Symmetric encryption algorithms:
Special algorithm and key are used for encryption.
The same algorithm and key are used for
information decryption.Another name is also used -
secret-key cryptograph.
21.
22. Block and stream encryption in symmetric
algorithms
Public key algorithm security
Certificates
Secure transport protocols
analyse security of data storage and data
transfer channels;
check if there are times when data is not
encrypted;
if the data is not encrypted, check if they are
freely accessible;
if the is encrypted, check if the attacker can
obtain something useable for recovery of the
encryption keys