Date : 2/12/2010

Web Technology SolutionsClass: Adding Security and Authentication Features to Your Application

Tonight

✤ DB Review PHP User RegistrationPHP User

Login PHP User Password ResetLab

Lab Preview

✤ Continue CRUD on Final

✤ Create Single Survey

✤ Create, Update and Delete Questions

✤ Create Responses, View Responses

✤ Build a User Auth System for Final

✤ Build Registration Page

✤ Build Login Script

✤ Build Password Reset

Final Project Review

✤ Final Project - Web App (link)

✤ registration feature

✤ login logout

✤ admin ability to create\read\update\delete (CRUD)

✤ Maintain State throughout app (cookies\sessions)

✤ XML and RSS feeds

✤ Valid HTML and CSS design

PHP Output Control

✤ Output Control allows you to tell PHP when to submit information to the browser.

✤ Great:

✤ Working with header(), avoid errors

✤ Controlling Browser Output

✤ Cons:

✤ Buffer Limits (default bite size of 4096kb)

✤ Memory Limits

Output Buffering

ob_start();

Turns on output buffering

data is held within internal “buffer” waiting to be published to the browser.

Call at start of script

Can have a callback function

Can nest buffers

Output Buffering

ob_end_flush()

Sends the data in the buffer to the browser

Turns off output buffer.

Loop through ob_end_flush() to close all jobs

Output Buffering

ob_end_clean()

//removes data from the buffer (doesn’t go to browser)

ob_flush()

//send data to the browser but buffer remains on

ob_get_contents()

//get the content of the buffer (no browser or erase)

String Encryption

✤ Add additional security by using string encryption on secure data.

✤ Passwords. Credit Cards, etc.

md5() //creates a 32 hex-dex char

apple = 1f3870be274f6c49b3e31a0c6728957f

Good for one way matching

Cannot “reverse”

String Encryption

✤ The sha1() function calculates the SHA-1 hash of a string.

✤ Stronger encryption that md5.

✤ Hackers and Rainbow Tables

$str = 'Hello';

echo sha1($str); //f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0

Salts

✤ In cryptography, a salt consists of random bits that are used as one of the inputs to a key derivation function.

✤ $str = 'Hello';

✤ $salt = “World”;

✤ $storage = $str . $salt;

echo sha1($storage); //fwd8s23jd9sfjk9sdfljk3jsd8kdwv

Lab & Next Week

✤ Lab

✤ Create Login system

✤ Properly Encrypt Password.

✤ Add Security and Authorization into your app.

✤ Reading: Chapter 11

See you Tuesday!