SY306 Web and Databases for Cyber Operations Set #16: Sessions - PDF document

Sep 09, 2023 •448 likes •492 views

SY306 Web and Databases for Cyber Operations Set #16: Sessions http://cgi.tutorial.codepoint.net/session Logging In Correctly Unique session IDs identify your client No other client who has connected to the website should have the same

SY306 Web and Databases for Cyber Operations Set #16: Sessions http://cgi.tutorial.codepoint.net/session Logging In Correctly • Unique session IDs identify your client • No other client who has connected to the website should have the same ID • With proper encryption, nobody else knows your ID. 1
Sessions • Server-side version of cookies • Keep track of a user’s state on website • Session data – stored in file or db • Session id – use cookies, hidden field or URL Authentication • Get username/password from user • Check in file/db that correct combination – Never store plain text passwords • Hash • Salt • Iterate hashing • Set session variable • Later see if session variable is set – if yes, it means “authenticated” user 2
Implementing Sessions – Create sid = readCookie (‘ sid ’) if not sid: sid = createUniqueSid() createCookie (‘ sid ’, sid,secondstoexpiration) session_file = '/tmp/sess_' + sid session = shelve.open(session_file) Sessions – Session Variables session [‘ lastvisit ’]= repr(time.time()) lastvisit = session [‘ lastvisit ’] if lastvisit: #print welcome back message del session[‘ lastvisit ’] session.clear() 3
Sessions – Save and Destroy session.close() deleteCookie (‘ sid ’) session.clear() session.close() session_file = '/tmp/sess_' + sid os.remove(session_file) Session management • Session token should be random • Cookie – No expiration date set - so expires at end of browsing session – secure – only send over https – HttpOnly – cannot be accessed from JS 4

Recommend

SY306 Web and Databases for Cyber Operations Slide Set #3: CSS

SY306 Web and Databases for Cyber Operations Slide Set #3: CSS http://www.w3schools.com/css/default.asp Style! 1 ClickJacking Attack! Past Clickjacking attacks By loading Adobe Flash plugin settings page into an invisible iframe, an

211 views • 18 slides

Web Architecture SY306 Web and Databases for Cyber Operations Set #13: Databases - The Relational

Web Architecture SY306 Web and Databases for Cyber Operations Set #13: Databases - The Relational Model and SQL https://www.w3schools.com/sql/default.asp https://www.tutorialspoint.com/sql/ 1 Relational Model - Tables Keys UserName Gender

241 views • 9 slides

SY306 Web and Databases for Cyber Operations Cascading Style Sheets JavaScript, Dynamic

2 Things well learn and do HTML5 basics, tables, forms SY306 Web and Databases for Cyber Operations Cascading Style Sheets JavaScript, Dynamic HTML CGI / Python Slide Set #9: CGI with Python Databases Relational

359 views • 6 slides

SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication

SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication http://www.httpwatch.com/httpgallery/authentication/ http://httpd.apache.org/docs/2.2/howto/auth.html Outline HTTP Basic Authentication HTTP Digest

226 views • 8 slides

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python

SY306 Web and Databases for Cyber Operations Set #10: Cookies in JavaScript and Python https://www.w3schools.com/js/js_cookies.asp https://docs.python.org/3/library/http.cookies.html

138 views • 9 slides

SY306 Web and Databases for Cyber Operations SlideSet #7: Regular expressions (JavaScript and

SY306 Web and Databases for Cyber Operations SlideSet #7: Regular expressions (JavaScript and Python) http://www.w3schools.com/jsref/jsref_obj_regexp.asp Regular Expressions Describe a pattern of characters JS: /pattern/modifiers Is

389 views • 5 slides

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from

SY306 Web and Databases for Cyber Operations Slide Set # 8: Cookies and Web tracking Some from https://www.httpwatch.com/httpgallery/cookies/ and https://www.httpwatch.com/httpgallery/headers/ HTTP client-server interaction review 1 Cookies

181 views • 4 slides

SY306 Web and Databases for Cyber Operations Slide Set #6: Dynamic HTML W3schools HTML DOM Intro,

SY306 Web and Databases for Cyber Operations Slide Set #6: Dynamic HTML W3schools HTML DOM Intro, DOM Methods, DOM Document, DOM HTML, DOM CSS What is Dynamic HTML The combination of 1. HTML 2. CSS 3. Javascript 4. DOM Used together

551 views • 8 slides

SQL - The Language of Databases Developed by IBM in the 1970s Create and process database

SY306 Web and Databases for Cyber Operations SQL: Structured Query Language 1 SQL - The Language of Databases Developed by IBM in the 1970s Create and process database data SQL programming is a critical skill !!! 2 1 Relational

247 views • 11 slides

THE REQUIREMENT FOR BETTER DATA AND ANALYTICAL FRAMEWORKS FOR CYBER OPERATIONS ASSESSMENT AND

THE REQUIREMENT FOR BETTER DATA AND ANALYTICAL FRAMEWORKS FOR CYBER OPERATIONS ASSESSMENT AND RISK MANAGEMENT DAVID MUSSINGTON PHD CISSP PROFESSOR OF THE PRACTICE, SCHOOL OF PUBLIC POLICY, UNIVERSITY OF MARYLAND COLLEGE PARK CYBER POLICY LACKS

84 views • 5 slides

Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use

Cyberspace What, Why and How DEFENCE CYBER OPERATIONS GROUP Strategic implications and use of Cyberspace Major General J Shaw ACDS(GI) DEFENCE CYBER OPERATIONS GROUP What is Cyberspace? A global domain within the information

558 views • 8 slides

Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber

Breaking Databases via SQLi attacks Azqa Nadeem PhD Student @ Cyber Security Group The Cyber Security lecture series 1 About Cyber Security lecture series The Cyber Security lecture series 2 About Cyber Security lecture series A hot

1.36k views • 97 slides

Creating Databases and Tables Introduction to Databases in Python Creating Databases

INTRODUCTION TO DATABASES IN PYTHON Creating Databases and Tables Introduction to Databases in Python Creating Databases Varies by the database type Databases like PostgreSQL and MySQL have command line tools to initialize

878 views • 31 slides

SQL Structured Query Language (SQL) CS 235: The language of databases Based on

SQL Structured Query Language (SQL) CS 235: The language of databases Based on relational algebra Introduction to Databases extended algebra operations other extensions. Svetlozar Nestorov Lecture Notes #9 SQL Queries

316 views • 4 slides

Databases and PHP Accessing databases from PHP PHP & Databases l PHP can connect to

Databases and PHP Accessing databases from PHP PHP & Databases l PHP can connect to virtually any database l There are specific functions built-into PHP to connect with some DB l There is also generic ODBC functions that will work with many

868 views • 28 slides

Databases Relational Model, Algebra and operations How do we model and manipulate complex data

Databases Relational Model, Algebra and operations How do we model and manipulate complex data structures inside a computer system? Until 1970 .. Many different views or ways of doing this Could use tree structures Could use network

453 views • 16 slides

3. Text and document databases Normal databases: formatted records; document databases:

3. Text and document databases Normal databases: formatted records; document databases: free-form or semi-structured data (e.g. XML). Application areas: - Office automation, document archives - Digital libraries - Electronic dictionaries

741 views • 38 slides

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides

Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD Senior Ontologist 2 2/12/2013

Ontology and Cyber Security May 18 th 2013 Bill Mandrick, PhD Senior Ontologist 2 2/12/2013 AGENDA Ontology of Computer Network Operations DoD and USG Efforts Cyber Fast Track Computer Network Operations (CNO) Computer

646 views • 27 slides

Module 3: Creating and Managing Databases Overview Creating Databases Creating

Module 3: Creating and Managing Databases Overview Creating Databases Creating Filegroups Managing Databases Introduction to Data Structures Creating Databases Defining Databases How the Transaction Log Works

445 views • 18 slides

CYBER SECURITY FOR AVIATION OPERATIONS DR ELENA SITNIKOVA, PHD, BE (HONS), CSSLP, SFHEA CRITICAL

CYBER SECURITY FOR AVIATION OPERATIONS DR ELENA SITNIKOVA, PHD, BE (HONS), CSSLP, SFHEA CRITICAL INFRASTRUCTURE PROTECTION, RESEARCH LEADER THE SPITFIRE MEMORIAL DEFENCE FELLOW UNSW CANBERRA @ ADFA E.SITNIKOVA@ADFA.EDU.AU BACKGROUND

731 views • 22 slides

CSE 462 - Databases Oliver Kennedy okennedy@buffalo.edu 1 Why Study Databases? 2 3 3 2

CSE 462 - Databases Oliver Kennedy okennedy@buffalo.edu 1 Why Study Databases? 2 3 3 2 Queries per Second 3 Interesting Problems Algorithms Systems Databases Hardware Theory 4 $$$ 8 of the top 10 Forbes Global 2000 Software &

1.12k views • 73 slides

YOUR CYBER SECURITY Ben Goodall PSC Griffiths Goodall, Managing Principal Nathaniel Barrs

YOUR CYBER SECURITY Ben Goodall PSC Griffiths Goodall, Managing Principal Nathaniel Barrs PSC Insurance Group, Director of Operations 19 May 2020 1 Agenda for Today Todays Environment Covid-19 Influences Types of Cyber

666 views • 21 slides

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides