PHP State Maintenance (Cookies, Sessions, Hidden Inputs)
|
|
- Chad Perry
- 6 years ago
- Views:
Transcription
1 PHP State Maintenance (Cookies, Sessions, Hidden Inputs)
2 What is meant by state? The Hypertext Transfer Protocol (HTTP) is stateless. This means that each time a browser requests a page, a connection from the browser/client to the server is set up for the sole purpose of transferring that particular page To maintain state means the ability to retain values of variables and to keep track of users who are logged into the system.
3 Methods for maintaining state Cookies Sessions Passing [hidden] variables
4 What is a cookie? Short pieces of text generated during web activity and stored in the user s machine for future reference Instructions for reading and writing cookies are coded by website authors and executed by user browsers Developed for user convenience to allow customization of sites without need for repeating preferences Cookies are simple text strings of the form of name=value which are stored persistently on the client s machine. A URL is stored with each cookie and it is used by the browser to determine whether it should send the cookie to the web server.
5 Cookie Facts Most Cookies store just 1 data value A Cookie may not exceed 4 Kb in size Browsers are preprogrammed to allow a total of 300 Cookies, after which automatic deletion based on expiry date and usage Limit of 20 cookies per server Cookies have 3 key attributes: name, value and expiry date
6 Cookies & Paranoia Why are Cookies notorious? Most Cookie activity is transparent to the user Most people do not understand what Cookies can and cannot do People do not know how to protect themselves from Cookies Valid reason: There are organizations out there using Cookies to track your activities (More later)
7 Cookie Scope: Cannot Do Have automatic access to personal information like name, address, Read or write data to hard disk Read or write information in cookies placed by other sites Run programs on your computer
8 Cookie Scope: Can Do Store and manipulate any information you explicitly provide to a site Track your interaction with parent site such as pages visited, time of visits, number of visits Use any information available to web server including: IP address, Operating System, Browser Type
9 Cookie Fixes: Getting in Control Turn up security level on your browser to disable cookies or prompt for cookies Delete the content of a cookie and then write protect it
10 Anatomy of a (Simple) Cookie String of text with these 6 attributes: The domain and path for which the cookie is valid The name of the cookie The value of the cookie The expiration date of the cookie Whether a secure connection needed to use the cookie
11 Working with Cookies The domain and path are automatically handled by the browser, script author has no control For a given domain and path, a script may create any number of cookies by specifying a name, value and expiry date Each (simple) cookie is stored in a separate text file in Temporary Internet Folder, but tagged to a specific domain Cookies are handled by the browser as an Object called document.cookie and read/written using object dot notation
12 Cookie Viruses? On most platforms, Cookies are stored as text only files. To cause damage the Cookie must be an executable On Windows, text files are non-executable and would open in a text editor if double clicked In general, there are easier loopholes for a hacker in ActiveX controls, Outlook Express etc The threat from Cookies is not from what they can do to your computer but what information they may store and pass on
13 Conclusion Cookies were originally created as harmless pieces of text for user convenience Along the way, some evil geniuses found a way to exploit them for business Most studies conclude are not harmful to user: Would you rather see an ad for a product that s relevant or one you d never buy? The paranoia arises from the invisible nature of cookie transactions and inadequate information about their ability.
14 Cookie Example <?php $value = 'something from somewhere'; setcookie("testcookie", $value); setcookie("testcookie", $value, time()+ 60*60*24*7); /* expire in 1 week*/?> Welcome! Here is what is stored in the cookie <?php // Print an individual cookie echo $_COOKIE["TestCookie"]; echo $HTTP_COOKIE_VARS["TestCookie"];?> // Another way to debug/test is to view all cookies print_r($_cookie);
15 Common Pitfalls Can t call setcookie() after output has been sent to the browser Can t have more than 20 cookies/server Cookies ONLY persist until the browser closes UNLESS you specify an expiry date: setcookie( name, $value, time() );
16 Sessions Sessions are just like cookies, except they store the user s data on the web server (versus cookies, which are on the client s machine) Every request has a unique session id (this is how the connection is maintained between client and server) If the browser is closed, the session id is lost
17 Session Example (first_page.php) <?php // start the session session_start(); $_SESSION['name'] = "Mr. Your Name"; $_SESSION['user_id'] = "namey"; $_SESSION['password'] = "MYPASSWORD";?> <strong>session currently contains:</strong><br/> <p>session Id: <em><?php echo session_id();?> </em></p> <pre><?php print_r($_session);?></pre> <br /> <p>to see something specific, you just need to reference the array element by name: <b><?php echo $_SESSION['name'];?></b></p> <p>let's see what happens on the <a href="next_page.php">next page.</a></p>
18 Session Example (2) next_page.php <?php // start the session, always needs to be done at the top of a page that is going to use sessions session_start(); /* you can remove a specific element off the $_SESSION array by using the unset() function. NOTE: unset() works for ANY and ALL arrays in PHP */ if(isset($_session['name'])) unset($_session['name']);?> <strong>what is on the session after "unset"'ting <em>$_session['name']</em></strong><br/> <p>session Id: <em><?php echo session_id();?></em> (same as before)</p> <pre><?php print_r($_session);?></pre> <br /> <br />Let's see what happens on the <a href="next_page2.php">next page.</a>
19 Session Example (3) next_page2.php <?php // start the session, always needs to be done at the top of a page that is going to use sessions session_start(); /* you can remove all elements off the $_SESSION array by using the session_unset() function. NOTE: the session and it's id will still exist, only it will be empty */ if(isset($_session)) session_unset();?> <strong>what is on the session after "unset"'ting <em>the whole session</em></strong><br/> <p>session Id: <em><?php echo session_id();?></em> (same as before, this is the only thing left)</p> <pre><?php print_r($_session);?></pre> <br /> <br />Let's see what happens on the <a href="next_page3.php">next page.</a>
20 Session Example (4) next_page3.php <?php // start the session, always needs to be done at the top of a page that is going to use sessions session_start(); echo "<p>session Id: <em>".session_id()." (session id is still available before the destroy) <br/><br/>"; /* you can remove all elements off the $_SESSION array, and remove the session id by using the session_destroy() function. */ if(isset($_session)) session_destroy();?> <strong>what is on the session after <em>destroying the $_SESSION[]</em></strong><br/> <p>session Id: <em><?php echo session_id();?></em> (even the session id is dumped)</p> <pre><?php print_r($_session);?></pre> <br />Let's see what happens on the <a href= next_page4.php">next page.</a><br /><br />
21 Session Example (5) next_page4.php <?php // start the session, as per session_start(); //you can get rid of all session variables using the //session_destroy() function //but first it is recommended you call the session_unset() function //it is a bug in certain versions of PHP session_unset(); //unsets the whole $_SESSION array session_destroy(); //destroys it by freeing up the memory?> Welcome to my website <strong><? echo $_SESSION['name'];?></strong>! <br />
22 Session Example (6) Sometimes (though it should not happen), calling the session_start(); will break your page To get around this, check if the session is already started, and if it is DO NOT start it again Here is the simple code to check if a session is started: <?php if(session_id() == "") { session_start(); }?> The session id will only ever be empty if the session has not already been started. Again this should not have to happen, but if calling the session_start on a page is causing the page not to display, you can try it.
23 Some Session Resources hp sion-start.php
24 Passing Hidden Variables <form method="post" action="main.php"> <?php?> $course=urldecode($_get ['course']); $student_id=urldecode($_get['student_id']); <input type="hidden" name= course" value= echo $course"> <input type="hidden" name="student_id" value= echo$student_id"> </form>
Multimedia im Netz Online Multimedia Winter semester 2015/16. Tutorial 03 Minor Subject
Multimedia im Netz Online Multimedia Winter semester 2015/16 Tutorial 03 Minor Subject Ludwig- Maximilians- Universität München Online Multimedia WS 2015/16 - Tutorial 03-1 Today s Agenda Quick test Server
More informationWEB APPLICATION ENGINEERING II
WEB APPLICATION ENGINEERING II Lecture #5 Umar Ibrahim Enesi Objectives Gain understanding of how Cookies and Sessions Work Understand the limitations of Sessions and Cookies Understand how to handle Session
More informationCITS1231 Web Technologies. PHP s, Cookies and Session Control
CITS1231 Web Technologies PHP Emails, Cookies and Session Control Sending email with PHP We have looked at storing user information using files. Email messages can also be thought of as data streams, providing
More informationChapter 9. Managing State Information. Understanding State Information (continued) Understanding State Information 10/29/2011.
Chapter 9 Managing State Information PHP Programming with MySQL 2 nd Edition Objectives In this chapter, you will: Learn about state information Use hidden form fields to save state information Use query
More informationChapter 7:- PHP. Compiled By:- Sanjay Patel Assistant Professor, SVBIT.
Chapter 7:- PHP Compiled By:- Assistant Professor, SVBIT. Outline Starting to script on server side, Arrays, Function and forms, Advance PHP Databases:-Basic command with PHP examples, Connection to server,
More informationCSE 154 LECTURE 13: SESSIONS
CSE 154 LECTURE 13: SESSIONS Expiration / persistent cookies setcookie("name", "value", expiration); $expiretime = time() + 60*60*24*7; # 1 week from now setcookie("couponnumber", "389752", $expiretime);
More information5/19/2015. Objectives. JavaScript, Sixth Edition. Saving State Information with Query Strings. Understanding State Information
Objectives JavaScript, Sixth Edition When you complete this chapter, you will be able to: Save state information with query strings, hidden form fields, and cookies Describe JavaScript security issues
More informationAutopopulation; Session & Cookies
; Session & Cookies CGT 356 Web Programming, Development, & Database Integration Lecture 5 Session array Use the Session array to store data that needs to be recalled on later pages $_SESSION[ foo ] Use
More informationYou can also set the expiration time of the cookie in another way. It may be easier than using seconds.
What is a Cookie? A cookie is often used to identify a user. A cookie is a small file that the server embeds on the user's computer. Each time the same computer requests a page with a browser, it will
More informationGET /index.php HTTP/1.1 Host: User- agent: Mozilla/4.0
State management GET /index.php HTTP/1.1 Host: www.mtech.edu User- agent: Mozilla/4.0 HTTP/1.1 200 OK Date: Thu, 17 Nov 2011 15:54:10 GMT Server: Apache/2.2.16 (Debian) Content- Length: 285 Set- Cookie:
More informationCOMP519 Web Programming Lecture 28: PHP (Part 4) Handouts
COMP519 Web Programming Lecture 28: PHP (Part 4) Handouts Ullrich Hustadt Department of Computer Science School of Electrical Engineering, Electronics, and Computer Science University of Liverpool Contents
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationLecture 7: Dates/Times & Sessions. CS 383 Web Development II Wednesday, February 14, 2018
Lecture 7: Dates/Times & Sessions CS 383 Web Development II Wednesday, February 14, 2018 Date/Time When working in PHP, date is primarily tracked as a UNIX timestamp, the number of seconds that have elapsed
More informationIntroduction. Server-side Techniques. Introduction. 2 modes in the PHP processor:
Introduction Server-side Techniques PHP Hypertext Processor A very popular server side language on web Code embedded directly into HTML documents http://hk2.php.net/downloads.php Features Free, open source
More informationLecture 6 Session Control and User Authentication. INLS 760 Web Databases Spring 2013 Rob Capra
Lecture 6 Session Control and User Authentication INLS 760 Web Databases Spring 2013 Rob Capra HTML Forms and PHP PHP: lect2/form1.php echo "Hello, ". htmlspecialchars(strip_tags($_get['name'])); echo
More information(Frequently Asked Questions)
(Frequently Asked Questions) Aptech Ltd. Version 1.0 Page 1 of 9 Table of Contents S# Question 1. How do you create sub domains using PHP? 2. What is the difference between echo and print statements in
More informationLecture 9a: Sessions and Cookies
CS 655 / 441 Fall 2007 Lecture 9a: Sessions and Cookies 1 Review: Structure of a Web Application On every interchange between client and server, server must: Parse request. Look up session state and global
More informationCSE 154 LECTURE 21: COOKIES
CSE 154 LECTURE 21: COOKIES Regular expressions in (PDF) regex syntax: strings that begin and end with /, such as "/[AEIOU]+/" function preg_match(regex, string) preg_replace(regex, replacement, string)
More informationCSE 154 LECTURE 21: COOKIES
CSE 154 LECTURE 21: COOKIES Regular expressions in (PDF) regex syntax: strings that begin and end with /, such as "/[AEIOU]+/" function preg_match(regex, string) preg_replace(regex, replacement, string)
More informationWeb Programming Paper Solution (Chapter wise)
PHP Session tracking and explain ways of session tracking. Session Tracking HTTP is a "stateless" protocol which means each time a client retrieves a Web page, the client opens a separate connection to
More informationWeb Programming TL 9. Tutorial. Exercise 1: String Manipulation
Exercise 1: String Manipulation Tutorial 1) Which statements print the same thing to the screen and why? echo "$var"; value of $var echo '$var'; the text '$var' echo $var ; value of $var 2) What is printed
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationDatabase Systems Fundamentals
Database Systems Fundamentals Using PHP Language Arman Malekzade Amirkabir University of Technology (Tehran Polytechnic) Notice: The class is held under the supervision of Dr.Shiri github.com/arman-malekzade
More informationPHP: Cookies, Sessions, Databases. CS174. Chris Pollett. Sep 24, 2008.
PHP: Cookies, Sessions, Databases. CS174. Chris Pollett. Sep 24, 2008. Outline. How cookies work. Cookies in PHP. Sessions. Databases. Cookies. Sometimes it is useful to remember a client when it comes
More informationCSC309: Introduction to Web Programming. Lecture 8
CSC309: Introduction to Web Programming Lecture 8 Wael Aboulsaadat Front Layer Web Browser HTTP Request Get http://abc.ca/index.html Web (HTTP) Server HTTP Response .. How
More informationLXXVIII. Session handling functions
LXXVIII. Session handling functions Session support in PHP consists of a way to preserve certain data across subsequent accesses. This enables you to build more customized applications and increase the
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationProgramming for the Web with PHP
Aptech Ltd Version 1.0 Page 1 of 11 Table of Contents Aptech Ltd Version 1.0 Page 2 of 11 Abstraction Anonymous Class Apache Arithmetic Operators Array Array Identifier arsort Function Assignment Operators
More informationPHP with data handling
171 Lesson 18 PHP with data handling Aim Objectives : To provide an introduction data handling with PHP : To give an idea about, What type of data you need to handle? How PHP handle the form data? 18.1
More informationPIC 40A. Lecture 19: PHP Form handling, session variables and regular expressions. Copyright 2011 Jukka Virtanen UCLA 1 05/25/12
PIC 40A Lecture 19: PHP Form handling, session variables and regular expressions 05/25/12 Copyright 2011 Jukka Virtanen UCLA 1 How does a browser communicate with a program on a server? By submitting an
More informationYour Secrets to Coding Fast
Exclusive PHP Cheat-Sheet: Your Secrets to Coding Fast 1 INTRODUCTION If you re reading this, you probably know what PHP is, and might even be familiar all of the different functions it performs. In this
More informationUniversity of Washington, CSE 154 Homework Assignment 7: To-Do List
University of Washington, CSE 154 Homework Assignment 7: To-Do List In this assignment you will write a web application for an online to-do list. The assignment tests your understanding of user login sessions
More informationHow browsers talk to servers. What does this do?
HTTP HEADERS How browsers talk to servers This is more of an outline than a tutorial. I wanted to give our web team a quick overview of what headers are and what they mean for client-server communication.
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationSessions. Mendel Rosenblum. CS142 Lecture Notes - Sessions
Sessions Mendel Rosenblum How do we know what user sent request? Would like to authenticate user and have that information available each time we process a request. More generally web apps would like to
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationManaging State. Chapter 13
Managing State Chapter 13 Textbook to be published by Pearson Ed 2015 in early Pearson 2014 Fundamentals of Web http://www.funwebdev.com Development Section 1 of 8 THE PROBLEM OF STATE IN WEB APPLICATIONS
More informationAlpha College of Engineering and Technology. Question Bank
Alpha College of Engineering and Technology Department of Information Technology and Computer Engineering Chapter 1 WEB Technology (2160708) Question Bank 1. Give the full name of the following acronyms.
More informationDATABASE SYSTEMS. Introduction to web programming. Database Systems Course, 2016
DATABASE SYSTEMS Introduction to web programming Database Systems Course, 2016 AGENDA FOR TODAY Client side programming HTML CSS Javascript Server side programming: PHP Installing a local web-server Basic
More informationLecture 6: More Arrays & HTML Forms. CS 383 Web Development II Monday, February 12, 2018
Lecture 6: More Arrays & HTML Forms CS 383 Web Development II Monday, February 12, 2018 Lambdas You may have encountered a lambda (sometimes called anonymous functions) in other programming languages The
More informationzend. Number: Passing Score: 800 Time Limit: 120 min.
200-710 zend Number: 200-710 Passing Score: 800 Time Limit: 120 min Exam A QUESTION 1 Which of the following items in the $_SERVER superglobal are important for authenticating the client when using HTTP
More informationJohn Valance JValance Consulting
John Valance JValance Consulting jvalance@sprynet.com Copyright 2011-2012: John Valance Independent consultant o Specialty is helping iseries shops develop web applications, and related skills o Training,
More informationexam. Number: Passing Score: 800 Time Limit: 120 min File Version: Zend Certified Engineer
200-710.exam Number: 200-710 Passing Score: 800 Time Limit: 120 min File Version: 1.0 200-710 Zend Certified Engineer Version 1.0 Exam A QUESTION 1 Which of the following items in the $_SERVER superglobal
More informationChapter 27 WWW and HTTP Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Chapter 27 WWW and HTTP 27.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 27-1 ARCHITECTURE The WWW today is a distributed client/server service, in which
More informationITS331 IT Laboratory I: (Laboratory #11) Session Handling
School of Information and Computer Technology Sirindhorn International Institute of Technology Thammasat University ITS331 Information Technology Laboratory I Laboratory #11: Session Handling Creating
More informationPHP INTERVIEW QUESTION-ANSWERS
1. What is PHP? PHP (recursive acronym for PHP: Hypertext Preprocessor) is the most widely used open source scripting language, majorly used for web-development and application development and can be embedded
More informationCreating HTML files using Notepad
Reference Materials 3.1 Creating HTML files using Notepad Inside notepad, select the file menu, and then Save As. This will allow you to set the file name, as well as the type of file. Next, select the
More informationCookies and S essions 323
Cookies and Sessions 9 The Hypertext Transfer Protocol (HTTP) is a stateless technology, meaning that each individual HTML page is an unrelated entity. HTTP has no method for tracking users or retaining
More informationSCRIPTING, DATABASES, SYSTEM ARCHITECTURE
introduction to SCRIPTING, DATABASES, SYSTEM ARCHITECTURE WEB SERVICES III (advanced + quiz + A11) Claus Brabrand ((( brabrand@itu.dk ))) Associate Professor, Ph.D. ((( Software and Systems ))) IT University
More informationIntroductory workshop on PHP-MySQL
Introductory workshop on PHP-MySQL Welcome to Global Certifications and Training from Rocky Sir Download all needed s/w from monster.suven.net Full Stack development : UI + Server Side 1 or more client
More informationZend Zend Certified PHP Developer. Download Full Version :
Zend 200-550 Zend Certified PHP Developer Download Full Version : http://killexams.com/pass4sure/exam-detail/200-550 QUESTION: 209 What is the return value of the following code: substr_compare("foobar",
More informationCopyright 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley. Chapter 11 Introduction to PHP
Chapter 11 Introduction to PHP 11.1 Origin and Uses of PHP Developed by Rasmus Lerdorf in 1994 PHP is a server-side scripting language, embedded in XHTML pages PHP has good support for form processing
More informationCS 5450 HTTP. Vitaly Shmatikov
CS 5450 HTTP Vitaly Shmatikov Browser and Network Browser OS Hardware request reply website Network slide 2 HTML A web page includes Base HTML file Referenced objects (e.g., images) HTML: Hypertext Markup
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationCourse Syllabus. Course Title. Who should attend? Course Description. PHP ( Level 1 (
Course Title PHP ( Level 1 ( Course Description PHP '' Hypertext Preprocessor" is the most famous server-side programming language in the world. It is used to create a dynamic website and it supports many
More informationSaving State on the WWW
Saving State on the WWW The Issue Connections on the WWW are stateless Every time a link is followed is like the first time to the server it has no memory for connections Why Bother To Fix This? By saving
More informationBy the end of this section of the practical, the students should be able to:
By the end of this section of the practical, the students should be able to: Display output with PHP built-in and user defined variables, data types and operators Work with text files in PHP Construct
More informationHow to work with cookies and sessions
Chapter 12 How to work with cookies and sessions How cookies work A cookie is a name/value pair that is stored in a browser. On the server, a web application creates a cookie and sends it to the browser.
More informationColdFusion Application Security: The Next Step - Handout
ColdFusion Application Security: The Next Step - Handout Jason Dean http://www.12robots.com Boston CFUG September 16 th, 2009 REQUEST FORGERIES A request forgery, also sometimes called a Cross-Site (or
More informationSubmitting forms (client-side)
Client/Server Submitting forms (client-side) Submitting forms (client-side) Submitting forms (client-side) submit.php $len = strlen($_post["password"]); $name = $_POST["name"]; print "Welcome ". $name;
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Web Security: Vulnerabilities & Attacks Type 2 Type 1 Type 0 Three Types of XSS Type 2: Persistent or Stored The attack vector is stored at the server Type 1: Reflected The attack
More informationMaster Calendar Integrated Authentication Configuration Instructions. Dean Evans & Associates, Inc.
Master Calendar Integrated Authentication Configuration Instructions Dean Evans & Associates, Inc. Copyright Copyright 2013 Dean Evans & Associates, Inc. All rights reserved. No part of this document may
More informationContents. Introduction 5. McAfee SecurityCenter 7. McAfee QuickClean 39. McAfee Shredder 45
User Guide i Contents Introduction 5 McAfee SecurityCenter 7 Features... 8 Using SecurityCenter... 9 Header... 9 Left column... 9 Main pane... 10 Understanding SecurityCenter icons... 11 Understanding
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationLab 4: Basic PHP Tutorial, Part 2
Lab 4: Basic PHP Tutorial, Part 2 This lab activity provides a continued overview of the basic building blocks of the PHP server-side scripting language. Once again, your task is to thoroughly study the
More informationPHP Security. Kevin Schroeder Zend Technologies. Copyright 2007, Zend Technologies Inc.
PHP Security Kevin Schroeder Zend Technologies Copyright 2007, Zend Technologies Inc. Disclaimer Do not use anything you learn here for nefarious purposes Why Program Securely? Your job/reputation depends
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2016 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2445 1 Assignment
More informationIndian Institute of Technology Kharagpur. Javascript Part III. Prof. Indranil Sen Gupta Dept. of Computer Science & Engg. I.I.T.
Indian Institute of Technology Kharagpur Javascript Part III Prof. Indranil Sen Gupta Dept. of Computer Science & Engg. I.I.T. Kharagpur, INDIA Lecture 27: Javascript Part III On completion, the student
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationChapter 10 Web-based Information Systems
Prof. Dr.-Ing. Stefan Deßloch AG Heterogene Informationssysteme Geb. 36, Raum 329 Tel. 0631/205 3275 dessloch@informatik.uni-kl.de Chapter 10 Web-based Information Systems Role of the WWW for IS Initial
More informationProduced by. Web Development. Eamonn de Leastar Department of Computing, Maths & Physics Waterford Institute of Technology
Web Development Produced by Eamonn de Leastar (edeleastar@wit.ie) Department of Computing, Maths & Physics Waterford Institute of Technology http://www.wit.ie http://elearning.wit.ie Sessions Web Development
More informationFinal Exam. IT 3203 Introduction to Web Development. Rescheduling Final Exams. PHP Arrays. Arrays as Hashes. Looping over Arrays
IT 3203 Introduction to Web Development Introduction to PHP II April 5 Notice: This session is being recorded. Copyright 2007 by Bob Brown Final Exam The Registrar has released the final exam schedule.
More informationCIS 3308 Logon Homework
CIS 3308 Logon Homework Lab Overview In this lab, you shall enhance your web application so that it provides logon and logoff functionality and a profile page that is only available to logged-on users.
More informationWeb Engineering (CC 552)
Web Engineering (CC 552) Introduction Dr. Mohamed Magdy mohamedmagdy@gmail.com Room 405 (CCIT) Course Goals n A general understanding of the fundamentals of the Internet programming n Knowledge and experience
More informationZend Studio 3.0. Quick Start Guide
Zend Studio 3.0 This walks you through the Zend Studio 3.0 major features, helping you to get a general knowledge on the most important capabilities of the application. A more complete Information Center
More informationlast time: command injection
Web Security 1 last time: command injection 2 placing user input in more complicated language SQL shell commands input accidentally treated as commands in language instead of single value (e.g. argument/string
More informationTop 10 Application Security Vulnerabilities in Web.config Files Part One
Top 10 Application Security Vulnerabilities in Web.config Files Part One By Bryan Sullivan These days, the biggest threat to an organization s network security comes from its public Web site and the Web-based
More informationONLINE SPECS. Connecting You with Key Christian Audiences
ONLINE SPECS Connecting You with Key Christian Audiences Online Banner Ads 728 x 90 970x250 600 x 150 x Mobile Interstitial 320 x 50 300 250 300 x x250 ChristianityTodayAds.com 2 BANNER AD SPECIFICATIONS
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 18a XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate the security of the
More informationSome things to watch out for when using PHP and Javascript when building websites
Some things to watch out for when using PHP and Javascript when building websites Les Hatton 10 Sep 2003 1 PHP PHP is a C-like language which evolved from Perl scripts originally produced by Rasmus Lerdorf
More informationRepstor affinity. Installation and Configuration Guide
Repstor affinity Installation and Configuration Guide Document Version 3.6.8 November 2017 Contents 1. INTRODUCTION TO REPSTOR AFFINITY 3 ADVANTAGES OF REPSTOR AFFINITY... 3 2. REPSTOR AFFINITY INSTALLATION
More informationPHP 5 if...else...elseif Statements
PHP 5 if...else...elseif Statements Conditional statements are used to perform different actions based on different conditions. PHP Conditional Statements Very often when you write code, you want to perform
More informationChapter 9. Web Applications The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill
Chapter 9 Web Applications McGraw-Hill 2010 The McGraw-Hill Companies, Inc. All rights reserved. Chapter Objectives - 1 Explain the functions of the server and the client in Web programming Create a Web
More informationForm Processing in PHP
Form Processing in PHP Forms Forms are special components which allow your site visitors to supply various information on the HTML page. We have previously talked about creating HTML forms. Forms typically
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
More informationLimeSurvey User Guide to Creating Surveys
LimeSurvey User Guide to Creating Surveys Created: October 7, 2016 Last updated: March 20, 2017 Contents Gaining access to LimeSurvey... 3 Change your LimeSurvey password... 3 Importing an existing survey
More informationASP.NET State Management Techniques
ASP.NET State Management Techniques This article is for complete beginners who are new to ASP.NET and want to get some good knowledge about ASP.NET State Management. What is the need of State Management?
More informationWeb Application Development (WAD) V th Sem BBAITM(Unit-1) By: Binit Patel
Web Application Development (WAD) V th Sem BBAITM(Unit-1) By: Binit Patel Introduction: PHP (Hypertext Preprocessor) was invented by Rasmus Lerdorf in 1994. First it was known as Personal Home Page. Later
More informationServer-Side Web Programming: Python (Part 1) Copyright 2017 by Robert M. Dondero, Ph.D. Princeton University
Server-Side Web Programming: Python (Part 1) Copyright 2017 by Robert M. Dondero, Ph.D. Princeton University 1 Objectives You will learn about Server-side web programming in Python Common Gateway Interface
More informationDR B.R.AMBEDKAR UNIVERSITY B.Sc.(Computer Science): III Year THEORY PAPER IV (Elective 4) PHP, MySQL and Apache
DR B.R.AMBEDKAR UNIVERSITY B.Sc.(Computer Science): III Year THEORY PAPER IV (Elective 4) PHP, MySQL and Apache 90 hrs (3 hrs/ week) Unit-1 : Installing and Configuring MySQL, Apache and PHP 20 hrs Installing
More information3I installation on Windows 7. D. Dmitriev, (Last updated April 19, 2010)
3I installation on Windows 7. http://ctap.inhs.uiuc.edu/dmitriev/ D. Dmitriev, 2003 2010 (Last updated April 19, 2010) The 3I installation package includes 1. Two Microsoft Access database files: 3i.mdb
More informationweek8 Tommy MacWilliam week8 October 31, 2011
tmacwilliam@cs50.net October 31, 2011 Announcements pset5: returned final project pre-proposals due Monday 11/7 http://cs50.net/projects/project.pdf CS50 seminars: http://wiki.cs50.net/seminars Today common
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationBusiness Logic Security
Business Logic Security Ilia Alshanetsky @iliaa https://joind.in/14863 whois: Ilia Alshanetsky PHP Core Developer since 2001 Release Master of 4.3, 5.1 and 5.2 Author of Guide to PHP Security Author/Co-Author
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More informationWeb Development & SEO (Summer Training Program) 4 Weeks/30 Days
(Summer Training Program) 4 Weeks/30 Days PRESENTED BY RoboSpecies Technologies Pvt. Ltd. Office: D-66, First Floor, Sector- 07, Noida, UP Contact us: Email: stp@robospecies.com Website: www.robospecies.com
More informationCN Assignment I. 1. With an example explain how cookies are used in e-commerce application to improve the performance.
CN Assignment I 1. With an example explain how cookies are used in e-commerce application to improve the performance. In an e-commerce application, when the user sends a login form to the server, the server
More information