Đang chuẩn bị liên kết để tải về tài liệu:
Web Security Programming I

To illustrate what can go wrong if we do not design for security in our web applications from the start, consider a simple web server implemented in Java. All this program does is serve documents using HTTP. We will walkthrough the code in the following. (HyperText Transfer Protocol): The communications protocol used to connect to servers on the Web. • Its primary function is to establish a connection with a Web server and transmit HTML pages to the client browser or any other files required by an HTTP application. • Addresses of Web sites begin with an http:// prefix. slides | Web Security Programming I Building Security in from the Start Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under the Creative Commons Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/ A Simple Web Server To illustrate what can go wrong if we do not design for security in our web applications from the start, consider a simple web server implemented in Java. All this program does is serve documents using HTTP. We will walkthrough the code in the following slides. Some Preliminaries (HyperText Transfer Protocol): The communications protocol used to connect to servers on the Web. Its primary function is to establish a connection with a Web server and transmit HTML pages to the client browser or any other files required by an HTTP application. Addresses of Web sites begin with an http:// prefix. Some Preliminaries A typical HTTP request that a browser makes to a web server: Get / HTTP/1.0 When the server receives this request for filename / (which means the root document on the web server), it attempts to load index.html. It sends back: HTTP/1.0 200 OK followed by the document contents. SimpleWebServer: main() /* This method is called when the program is run from the command line. */ public static void main (String argv[]) throws Exception { /* Create a SimpleWebServer object, and run it */ SimpleWebServer sws = new SimpleWebServer(); sws.run(); } Now we walk through the code Main() creates a SimpleWebServer object and calls its run() method. The run() method is just an infinite loop that waits for a connection from a client, and then attempts to process the request. SimpleWebServer Object public class SimpleWebServer { /* Run the HTTP server on this TCP port. */ private static final int PORT = 8080; /* The socket used to process incoming connections from web clients */ private static ServerSocket dServerSocket; public SimpleWebServer () throws Exception { dServerSocket = new ServerSocket . | Web Security Programming I Building Security in from the Start Except where otherwise noted all portions of this work are Copyright (c) 2007 Google and are licensed under the Creative Commons Attribution 3.0 License http://creativecommons.org/licenses/by/3.0/ A Simple Web Server To illustrate what can go wrong if we do not design for security in our web applications from the start, consider a simple web server implemented in Java. All this program does is serve documents using HTTP. We will walkthrough the code in the following slides. Some Preliminaries (HyperText Transfer Protocol): The communications protocol used to connect to servers on the Web. Its primary function is to establish a connection with a Web server and transmit HTML pages to the client browser or any other files required by an HTTP application. Addresses of Web sites begin with an http:// prefix. Some Preliminaries A typical HTTP request that a browser makes to a web server: Get / HTTP/1.0 When the server receives