presentation part i of ii
TRANSCRIPT
3rd Year Project
Designing and implementing a secure portal for the department's alumni
Introduction
Brief Introduction to software chosen to implement project and some alternatives
Work undertaken on aspect of project (main part of this presentation)
Brief discussion on security
What Software
Using a combination of:– PHP (Hypertext Pre-processor)– MySQL (My Structured Query Language)– Apache (Web Server)
Server-side scripting common use of PHP– Web server– Web browser– PHP parser
PHP
Open Source– Free to use
Dynamic– Allows dynamic web page creation. On the ‘fly’
Interactive– Allows interaction with databases
Freedom to choose– Web-server– Operating System
PHP
HTML-embedded web scripting language – PHP code is transformed into HTML before page is loaded– Users cannot view source code of PHP pages
Types of programming it offers:– Procedural– Object orientated– (or mixture of both)
Supports ODBC (Open Database Connection standard)– Which is the World wide database standard
PHP
Supports extensive range of operating systems– Windows– Linux– Mac OS X– Risc OS
Supports extensive range of browsers– Apache– Microsoft Internet Information Server– Personal Web Server– Netscape
PHP
Supports talking to other services– LDAP, IMAP, SNMP, NNTP, – POP3, HTTP, COM
Also supports– Java, XML, SAX, DOM
Not limited to output HTML– Can output images, PDF files and even Flash movies
PHP
Supports extensive range of databases– MySQL– Oracle– IBM DB2– InterBase– Sybase– Unix dbm
PHP – supports extensive range of databases continued…
Adabas D InterBase PostgreSQL dBase FrontBase SQLite Empress mySQL Solid FilePro (read-only) Direct MS-SQL Sybase Hyperwave Velocis IBM DB2 ODBC Unix dbm Informix Oracle (OCI7 and OCI8) Ingres Ovrimos
PHP
PHP can act as a CGI (Common Gateway Interface)
– CGI used to exchange data between web server and a program
PHP has function for online payments– Cybercash payment– CyberMUT – VeriSign – Payflow Pro – MCVE
MySQL
Open Source– Free to use– Can tailor it to your own needs– Most popular relational database in the world
Stores data in tables rather than one huge area
Renowned for its– Speed– Flexibility– Reliability– Ease of use– Robustness
Simple yet powerful
Apache
Open Source– Free to use– One of the most powerful and widely used Web server in use today
Security– Enables the use of SSL (Secure Socket Layer)
Supports– Extensive range of operating systems including:
Windows Linux Mac OS X
Alternatives
Aspect of project being described today
Style and Code repetition issues– What has been introduced to help here:
CSS (Cascading Style Sheet) Header File
CSS – (Cascading Style Sheet)
CSS Helps:– separate content and structure from presentation and layout
Content can be changed independently of formatting because presentation and layout can be handled by a separate CSS file. External CSS being used in this project
– Web Designers to: Create documents that load faster:
– and that are easier to maintain and manage
CSS
CSS Helps:– Reduces needs to input formatting into individual
PHP files for: Tables Borders Images Text (paragraphs, H1, h2 etc)
– Provides way to apply formatting and style into multiple files using one or more CSS files.
CSS
CSS Helps:– Reduces risk of style and presentation errors
Introduced by programmers coding style and presentation into individual files with no real link to other files on the website
– Provides ways to apply the same formatting and style into multiple files using one or more CSS files.
Header File
Header Files Help:– Removes the need to repeat coding in various files for
common features such as: Navigation bars Images Copyright notices Tables Borders
– Example: Reduce the costs, of time spent copying/separating content
and coding of individual pages, no need to repeat copyright notice into each PHP file just include it as a footer function in the Header file and call it with one short line of code.
Examples Home Page (Nick’s Version)
ExamplesHome Page (Lee’s Version)
Examples Administrator Login Page (Nick’s Version)
Examples Administrator Login Page (Lee’s Version)
Examples New Register Page (Nick’s Version)
Examples New Register Page (Lee’s Version)
Examples Registered Alumni User Login Page (Nick’s Version)
Examples Registered Alumni User Login Page (Lee’s Version)
Nick’s Version Explained
Home Page
New Register
Administrator Login
Alumni Login
Lee’s Version Explained
Home Page
New Register
Administrator Login
Alumni Login
Nick’s and Lee’s Versions Compared
Home Page Administrator Login New Register Alumni Login
Let’s compare coding costs - Example
Membernavigation.html (Nick’s Version) Membernavigation.php (Lee’s Version)
12,107 characters (no spaces)
281 lines in Dreamweaver
2,472 characters (no spaces)
89 lines in Dreamweaver
Brief discussion on Security
PHP, mySQL, Apache
– Security on mySQL and Apache servers being used in this project is control by the Department of Communication Systems
– I can help by writing more security conscious code both in PHP coding and mySQL scripts
– Using methods such as encryption to secure passwords, MD5 (Message Digest 5) has been implemented for Alumni password, stronger algorithms to be considered for Administrator password.
Brief discussion on Security
PHP, mySQL, Apache
– Learnt how to install mySQL and Apache Servers on standalone PC/Server
– Learnt common ways in which you can make them more secure for example set global variables to “off”
– Made use of sessions on all pages, also on login pages check that both the username AND passwords are correct to login to the required session.
Brief discussion on Security
PHP, mySQL, Apache
– Going to implement use of PEAR’s CAPTCHA (in PHP) Technology helps distinguish between computer and
human input (particularly useful for “New Register”)
Questions?
Please free to ask any questions either on material covered this morning or any other aspects related to the project
Views, feedback, suggestions would be much appreciated.
THANK YOU