Secure Socket Layer (SSL)Web Security
SSL
1
Web Security Secure Socket Layer (SSL)
December 7, 2000
SSL
Web Security
? authentication: basic, digest ? often supplemented by cookies ? access control via network addresses ? multi-layered:
? SHTTP (secure HTTP) = just for HTTP (shttp://) CommerceNet, Mosaic
? SSL ( TLS) = generic for TCP (https://) implementation: SSLeay
? IP security: host-to-host
2 December 7, 2000
SSL
3
Web vulnerabilities
Risks:
1. revealing private information on server 2. intercept of client information (credit card records) 3. information about host ? break in 4. execute programs, denial of service 5. server log privacy
December 7, 2000
SSL
Web vulnerabilities: information leakage
? Altavista search for etc/passwd ? directory listings ? chroot ? soft links ? file ownership: local protection ? web access
4 December 7, 2000
SSL
5
Web vulnerabilities: cgi-bin
cgi-bin, server-side includes (= macros within HTML)
? server must run at root (port 80!), but executes as "nobody", "www", . . . ? cgi-bin: random arguments ? use perl "taint" mode: can't use variables from environment, standard input,
command line for eval(), system(), exec() or piped open()
December 7, 2000
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- apma 1910 race and gender in the scien5fic community
- ciep 401 the exceptional child spring 2017 contact
- common core state standards mathematical
- no 17 20333 united states court ofappeals for the
- volume xii no 1 pp 401 406 2011 iacis
- extended http digest access authentication researchgate
- identity contests litigation and the meaning of
- secure socket layer ssl web security
- in the supreme court of the united states
- cisco ipics server installation and upgrade guide release
Related searches
- neural network layer types
- deep learning layer types
- cisco ssl vpn configuration
- cisco ssl vpn add on
- cisco ssl vpn extension
- cisco ssl vpn client
- cisco ssl vpn router
- the subcutaneous layer consist of
- myelinated nerve fiber layer code
- photoshop mask layer effects
- multiple layer cloth masks
- expired ssl certificate