improve cookie based session with decorator pattern
play

Improve Cookie- based Session with Decorator Pattern @ ConFoo - PowerPoint PPT Presentation

Apr 12, 2023 •150 likes •1.06k views

Improve Cookie- based Session with Decorator Pattern @ ConFoo Montreal 2018-03-08 by Jian Weihang Improve Cookie-based Session with Decorator Pattern 1 Bonjour! Improve Cookie-based Session with Decorator Pattern 2 Jian Weihang

  1. Improve Cookie- based Session with Decorator Pattern @ ConFoo Montreal 2018-03-08 by Jian Weihang Improve Cookie-based Session with Decorator Pattern 1

  2. Bonjour! Improve Cookie-based Session with Decorator Pattern 2

  3. ��� Jian Weihang Improve Cookie-based Session with Decorator Pattern 3

  4. @tonytonyjan Improve Cookie-based Session with Decorator Pattern 4

  5. Taiwan Improve Cookie-based Session with Decorator Pattern 5

  6. Improve Cookie-based Session with Decorator Pattern 6

  7. Improve Cookie-based Session with Decorator Pattern 7

  8. Improve Cookie-based Session with Decorator Pattern 8

  9. $ gem install taiwan Improve Cookie-based Session with Decorator Pattern 9

  10. Tech Leader Improve Cookie-based Session with Decorator Pattern 10

  11. Ruby Developer since 2010 Improve Cookie-based Session with Decorator Pattern 11

  12. Maintainer of exif and jaro_winkler Improve Cookie-based Session with Decorator Pattern 12

  13. Published a book in 2015 Improve Cookie-based Session with Decorator Pattern 13

  14. Improve Cookie- based Session with Decorator Pattern Improve Cookie-based Session with Decorator Pattern 14

  15. Outline • Introduction of Decorator Pattern • Security of Rack::Session::Cookie • Encryption of Rack::Session::Cookie Improve Cookie-based Session with Decorator Pattern 15

  16. Decorator Pattern Improve Cookie-based Session with Decorator Pattern 16

  17. Decorator Pattern Attach additional responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassing for extending functionality. — Design Patterns by the Gang of Four Improve Cookie-based Session with Decorator Pattern 17

  18. Using Inheritance class CoffeeWithSugar < Coffee def cost super + 0.2 end end class CoffeeWithMilkAndSugar < Coffee def cost super + 0.4 + 0.2 end end Improve Cookie-based Session with Decorator Pattern 18

  19. What's the problem? • Cannot customize during runtime. • Cannot control how and when to decorate a component. • ex. double milk? • It is tightly coupled. Improve Cookie-based Session with Decorator Pattern 19

  20. What's the problem? • Cannot customize during runtime. • Cannot control how and when to decorate a component. • ex. double milk? • It is tightly coupled. Improve Cookie-based Session with Decorator Pattern 20

  21. What's the problem? • Cannot customize during runtime. • Cannot control how and when to decorate a component. • ex. double milk? • It is tightly coupled. Improve Cookie-based Session with Decorator Pattern 21

  22. Decorator Pattern in Ruby class Milk def initialize(coffee); @coffee = coffee end def cost; @coffee.cost + 0.4 end end class Sugar def initialize(coffee); @coffee = coffee end def cost; @coffee.cost + 0.2 end end coffee = Coffee.new # coffee.cost = 2.0 Sugar.new(Milk.new(coffee)).cost # 2.6 Sugar.new(Sugar.new(coffee)).cost # 2.4 Improve Cookie-based Session with Decorator Pattern 22

  23. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 23

  24. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 24

  25. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 25

  26. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 26

  27. class Additive def initialize(coffee) @coffee = coffee end def cost raise NotImplementedError end end class Salt < Additive def cost @coffee.cost + 0.1 end end Improve Cookie-based Session with Decorator Pattern 27

  28. Rack Improve Cookie-based Session with Decorator Pattern 28

  29. Is Rack::Session::Cookie secure? Improve Cookie-based Session with Decorator Pattern 29

  30. Simple HTTP Server require 'rack' app = lambda do |env| session = env['rack.session'] session[:name] = 'tonytonyjan' session[:age] = 28 [200, {}, ['it works']] end app = Rack::Builder.app(app) do use Rack::Session::Cookie, secret: 'secret' end Rack::Handler::WEBrick.run app, Port: ARGV[0] Improve Cookie-based Session with Decorator Pattern 30

  31. Experiment Improve Cookie-based Session with Decorator Pattern 31

  32. Decode Marshal.load( Base64.decode64( URI.decode_www_form_component(cookie) .split('--') .first ) ) Improve Cookie-based Session with Decorator Pattern 32

  33. Structure of Rack Cookie Session +------------- uri encode --------------+ | +------ base64 ------+ +- hex -+ | | | +- Marshal.dump -+ | | | | | | | object | | "--" | mac | | | | +----------------+ | | | | | +--------------------+ +-------+ | +---------------------------------------+ Improve Cookie-based Session with Decorator Pattern 33

  34. Decode and Verify def decode_cookie(cookie, secret) cookie = URI.decode_www_form_component(cookie) data, hmac = cookie.split('--') computed_hmac = OpenSSL::HMAC.hexdigest( OpenSSL::Digest::SHA1.new, secret, data ) raise 'invalid hmac' unless computed_hmac == hmac Marshal.load(Base64.decode64(data)) end Improve Cookie-based Session with Decorator Pattern 34

  35. Is Rack::Session::Cookie secure? Improve Cookie-based Session with Decorator Pattern 35

  36. Not Exactly Improve Cookie-based Session with Decorator Pattern 36

  37. Rack::Session::Cookie • Sign with HMAC-SHA1. • No encryption. Improve Cookie-based Session with Decorator Pattern 37

  38. Rack::Session::Cookie • Sign with HMAC-SHA1. • No encryption. Improve Cookie-based Session with Decorator Pattern 38

  39. Rack::Session::Cookie • Sign with HMAC-SHA1. • No encryption. Improve Cookie-based Session with Decorator Pattern 39

  40. Sinatra Improve Cookie-based Session with Decorator Pattern 40

  41. Sinatra Official Document Improve Cookie-based Session with Decorator Pattern 41

  42. require 'sinatra' set :sessions, true set :session_secret, 'set secret' get '/' do session = env['rack.session'] session[:name] = 'tonytonyjan' session[:age] = 28 'Hello world!' end Improve Cookie-based Session with Decorator Pattern 42

  43. Experiment Improve Cookie-based Session with Decorator Pattern 43

  44. Improve Cookie-based Session with Decorator Pattern 44

  45. Improve Cookie-based Session with Decorator Pattern 45

  46. Rails Improve Cookie-based Session with Decorator Pattern 46

  47. Convention over Configuration Improve Cookie-based Session with Decorator Pattern 47

  48. Structure of Rails Cookie +-------------------- uri encode -------------------+ | +------------ base64 ------------+ +- hex -+ | | | +- base64 -+ +- base64 -+ | | | | | | | JSON | "--" | iv | | "--" | mac | | | | +----------+ +----------+ | | | | | +--------------------------------+ +-------+ | +---------------------------------------------------+ Improve Cookie-based Session with Decorator Pattern 48

  49. Decode with ActiveSupport require 'uri' require 'json' require 'active_support' def verify_and_decrypt_session_cookie(cookie, secret_key_base) cookie = URI.decode_www_form_component(cookie) salt = 'encrypted cookie' signed_salt = 'signed encrypted cookie' key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000) secret = key_generator.generate_key(salt)[0, ActiveSupport::MessageEncryptor.key_len] sign_secret = key_generator.generate_key(signed_salt) encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON) encryptor.decrypt_and_verify(cookie) end Pure Ruby Version: https://goo.gl/vuQPkr Improve Cookie-based Session with Decorator Pattern 49

  50. Encryption in Rack::Session::Cookie Improve Cookie-based Session with Decorator Pattern 50

  51. require 'rack' require 'action_dispatch' secret_key_base = '...secret_key_base...' key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000) app = lambda do |env| env['action_dispatch.secret_key_base'] = secret_key_base env['action_dispatch.cookies_serializer'] = :json env['action_dispatch.signed_cookie_salt'] = 'signed cookie' env['action_dispatch.encrypted_cookie_salt'] = 'encrypted cookie' env['action_dispatch.encrypted_signed_cookie_salt'] = 'signed encrypted cookie' env['action_dispatch.key_generator'] = key_generator session = env['rack.session'] session[:name] = 'tonytonyjan' session[:age] = 28 [200, {}, ['it works']] end app = Rack::Builder.app(app) do use ActionDispatch::Cookies use ActionDispatch::Session::CookieStore, key: '_myapp_session' end Improve Cookie-based Session with Decorator Pattern 51

  52. Cons • ActionDispatch is fat. • Stack too deep. Improve Cookie-based Session with Decorator Pattern 52

  53. Cons • ActionDispatch is fat. • Stack too deep. Improve Cookie-based Session with Decorator Pattern 53

Recommend

The Decorator Pattern Or: a lesson in the Open/Closed principle How many times have we heard this

The Decorator Pattern Or: a lesson in the Open/Closed principle How many times have we heard this

The Decorator Pattern Or: a lesson in the Open/Closed principle How many times have we heard this phrase: Favor composition over inheritance ~some OOP guy who is smarter than I am The decorator pattern is another example of how composition

556 views • 17 slides
Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f; Expires=Wed, 09 Jun 2012 10:18:14 GMT Name Value Expiration Time Browser returns cookies in headers of later requests: Cookie: session=0x4137fd6a CS

701 views • 4 slides
The Decorator Pattern also known as: Wrapper in German: Dekorierer The Problem A bar serves

The Decorator Pattern also known as: Wrapper in German: Dekorierer The Problem A bar serves

The Decorator Pattern also known as: Wrapper in German: Dekorierer The Problem A bar serves several drinks: Coffee Espresso Every drink can be modified using: Whip Milk So there are a lot of

286 views • 18 slides
Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me David Johansson (@securitybits) Security consultant since 2007 Helping clients design and build secure software Security training Based in

821 views • 25 slides
SWEN 262 Engineering of Software Subsystems Decorator Pattern Pizza POS System 1. The Point of

SWEN 262 Engineering of Software Subsystems Decorator Pattern Pizza POS System 1. The Point of

SWEN 262 Engineering of Software Subsystems Decorator Pattern Pizza POS System 1. The Point of Sale (POS) system for a pizzeria must allow employees to prepare a pizza order. a. The order includes pizza size, crust, &amp; toppings. b. The

401 views • 16 slides
Decorator Intent Dynamically attach additional responsibilities to an object

Decorator Intent Dynamically attach additional responsibilities to an object

Decorator Pattern CS356 Object-Oriented Design and Programming http://cs356.yusun.io November 7, 2014 Yu Sun, Ph.D. http://yusun.io yusun@csupomona.edu Decorator Intent Dynamically attach additional responsibilities to an object

734 views • 32 slides
Third to Fifth Grade Interpreting Student Work Task: Cookie Dough Chocolate Chip Cookie Dough

Third to Fifth Grade Interpreting Student Work Task: Cookie Dough Chocolate Chip Cookie Dough

Third to Fifth Grade Interpreting Student Work Task: Cookie Dough Chocolate Chip Cookie Dough Grade Level: 3 $5 a tub Subject: Math Peanut Butter Source: NYC Clear Creek School is fundraising. They Cookie Dough Department of $4 a tub

104 views • 6 slides
41. Composition Filters - A Filter-Based Grey-Box Component Model Lecturer : Dr. Sebastian Gtz

41. Composition Filters - A Filter-Based Grey-Box Component Model Lecturer : Dr. Sebastian Gtz

Fakultt Informatik - Institut Software- und Multimediatechnik 41. Composition Filters - A Filter-Based Grey-Box Component Model Lecturer : Dr. Sebastian Gtz 1. Inheritance Anomaly Prof. Dr. Uwe Amann 2. Design Pattern Decorator

782 views • 33 slides
COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS What does it take to create a new ?

COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS What does it take to create a new ?

COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS What does it take to create a new ? Girl Scout Cookie? COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS Theres a science that goes into every cookie food and nutrition

160 views • 12 slides
Session 4C Escape Routing of Mixed-Pattern Signals Based on Staggered-Pin-Array PCBs Kan Wang,

Session 4C Escape Routing of Mixed-Pattern Signals Based on Staggered-Pin-Array PCBs Kan Wang,

Session 4C Escape Routing of Mixed-Pattern Signals Based on Staggered-Pin-Array PCBs Kan Wang, Huaxi Wang, Sheqin Dong Tsinghua University, Beijing, P.R.China E-mail: wangkan09@mails.thu.edu.cn Moores Law Outline Introduction

573 views • 46 slides
and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

The Case for a General and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 ICSI &amp; UC Berkeley Sample Web Page Content Optimized with Ad web

855 views • 28 slides
Programs Can Improve Your Patient Outcomes MAC, Inc. Living Well Center of Excellence Session

Programs Can Improve Your Patient Outcomes MAC, Inc. Living Well Center of Excellence Session

Appendix E How Evidence-Based Self-Management Programs Can Improve Your Patient Outcomes MAC, Inc. Living Well Center of Excellence Session Discussion Topics Why refer clients/patients, especially older adults, to evidence-based

717 views • 30 slides
Third to Fifth Grade Planning Instruction to Support Students Chocolate Chip Task: Cookie Dough

Third to Fifth Grade Planning Instruction to Support Students Chocolate Chip Task: Cookie Dough

Third to Fifth Grade Planning Instruction to Support Students Chocolate Chip Task: Cookie Dough Cookie Dough Grade Level: 3 $5 a tub Subject: Math Peanut Butter Source: NYC Clear Creek School is fundraising. They Cookie Dough Department

527 views • 8 slides
C -&gt; S: GET http://www.example.com/ S -&gt; C: page, including a login form C -&gt; S: GET

C -&gt; S: GET http://www.example.com/ S -&gt; C: page, including a login form C -&gt; S: GET

C -&gt; S: GET http://www.example.com/ S -&gt; C: page, including a login form C -&gt; S: GET http://www.example.com/login? u=USER&amp;p=PASSWD [server marks this session as authenticated] S -&gt; C: Set-Cookie: sessionid= NONCE (Cookie is an

686 views • 19 slides
Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I: Introduction to Programming Local variables, scopes, and complexity Autumn 2019 October 31, 2019 Example Cookie Calculator Cookie Calculator

685 views • 13 slides
A Pattern Pattern Taxonomy Creational Behavioral Structural Pattern Pattern Pattern

A Pattern Pattern Taxonomy Creational Behavioral Structural Pattern Pattern Pattern

Podcast Ch08-15 Title : Template Design Pattern Description : Generic class diagram; examples; template vs. inheritance Participants : Barry Kurtz (instructor); Brandon Winters, Sara Hyde, Cheng Vue, Dan Baehr (students) Textbook

315 views • 3 slides
HammingNN Neural network based nearest neighbour pattern classifier Outline Introduction

HammingNN Neural network based nearest neighbour pattern classifier Outline Introduction

HammingNN Neural network based nearest neighbour pattern classifier Outline Introduction Biological neuron basics Application to musical interval recognition Time-based (serial) pattern classification Weeding out noisy attributes

424 views • 21 slides
Team Training Welcome to the 2019 Cookie Program Service Unit Product Program Team Get to

Team Training Welcome to the 2019 Cookie Program Service Unit Product Program Team Get to

Troop Cookie Team Training Welcome to the 2019 Cookie Program Service Unit Product Program Team Get to know your Service Unit Cookie Team! They are your mentors though the season and are a wealth of information. They can help

914 views • 75 slides
Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide

Stealing Web Browser Cookies ben-holland.com Whats a cookie? Web 2.0 Cookies provide state Examples: Items in shopping cart AuthenFcaFon! Cookies Passwords! Username + Password = Cookie If I know your authenFcaFon

712 views • 7 slides
A design pattern for component oriented development of agent-based multithreaded applications A

A design pattern for component oriented development of agent-based multithreaded applications A

Dpto. Ingeniera y Tecnologa de Computadores 1 Dpto. Informtica y Sistemas 2 University of Murcia (Spain) Artificial Perception and Pattern Recognition Research Group (PARP) A design pattern for component oriented development of agent-based

529 views • 23 slides
A Pattern-Based Core Ontology for Product Lifecycle Management based on DUL Falko Schnteich,

A Pattern-Based Core Ontology for Product Lifecycle Management based on DUL Falko Schnteich,

A Pattern-Based Core Ontology for Product Lifecycle Management based on DUL Falko Schnteich, Andreas Kasten and Ansgar Scherp Pattern-based Core Ont. for PLM Falko Schnteich falko.schoenteich@stu.uni-kiel.de 1/13 Problem

423 views • 13 slides
Cookie Time Overview Business Framework BHAG Our Guiding Principles Our Values The Cookie Time

Cookie Time Overview Business Framework BHAG Our Guiding Principles Our Values The Cookie Time

Cookie Time Overview Business Framework BHAG Our Guiding Principles Our Values The Cookie Time Way Team Purpose / Rules Team Purpose Rule 1 Rule 2 Rule 3 The Board Making Big

343 views • 18 slides
Optimizing Pattern Weights with a Genetic Algorithm to Improve Automatic Working Memory Capacity

Optimizing Pattern Weights with a Genetic Algorithm to Improve Automatic Working Memory Capacity

Optimizing Pattern Weights with a Genetic Algorithm to Improve Automatic Working Memory Capacity Identification Jason Bernard (Athabasca University, Canada) Ting-Wen Chang (Beijing Normal University, China) Elvira Popescu (University of Craiova,

424 views • 17 slides
Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern

CSC209 Fall 2001 What is AWK? Awk, Awk Pattern matching and processing language Looks for pattern in file If pattern matches, do something Many details handled automatically very easy to one off (write and throw away)

673 views • 12 slides

More recommend