Web Developer's Virtual Library: Encyclopedia of Web Design Tutorials, Articles and Discussions

WDVL Newsletter
Active Server Pages
JSP/Java Servlets
Microsoft SQL Server
Daily Backup
Dedicated Servers
Streaming Audio/Video
24-hour Support    
jobs.webdeveloper.com

Hiermenus

e-commerce
Partner With Us

Developer Channel
FlashKit.com
JavaScript.com
JavaScriptSource
Developer Jobs
ScriptSearch
StreamingMediaWorld
Web Developer's Journal
Web Developer's Virtual Library
WebDeveloper.com
Webreference
Web Hosts
XMLfiles.com

internet.com
IT
Developer
Internet News
Small Business
Personal Technology

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers


Web Development with Apache and Perl

Manning Publications Co.

June 28, 2002

Open source tools provide a powerful and flexible environment for web development and maintenance. If your site has complex business rules or server logic, then you need more than just an interface builder. You need a strong application language with effective tools ready at hand. Perl's strengths make it a natural choice.

Did you know you can easily build a site with features like message forums, chat, session management, custom preferences and other features your users will love? This book shows you how. But it is more than a programming book. It covers a wide spectrum of practical issues and how to handle them, such as when to use a database, what information needs to be secure (and how to secure it), and how to keep traffic from crippling your site. It will teach you the empowering use of ready-made modules so you don't have to reinvent the wheel. And it will even teach you how to successfully advocate the use of Open Source tools in your company.

What's Inside:
  • CGI and mod_perl programming
  • mod_ssl, mod_rewrite and other Apache modules
  • Using DBI with databases
  • HTML::Mason and Template Toolkit for embedded scripting
  • User login and session management
  • Performance and system monitoring tools
  • Growth planning and disaster recovery
  • Sample layouts for community, corporate and e-commerce sites

Security and users

6.1 LISTENING IN ON THE WEB

It seems that every few months there are high-profile cases of credit card theft over the Internet; a popular site reports that its customer database was cracked, or a new exploit is discovered that lets a malicious application read information from browsers. As with the case in the physical realm, the bulk of crimes are low-profile and not reported to police. After a pleasant holiday season of shopping over the Web, strange charges turn up on a credit card, and the card holder calls their bank to have the charges removed and to get a new account number issued.

When these cases do make the news, consumers get vague warnings about using proper security when shopping over the Internet. We can hope that those who have been victimized learn their lesson and take precautions when giving out sensitive information.

Seldom, however, is there any comment on the fact that the Internet is not built for security. The most popular protocols for web browsing, email, and file transfer all send their contents without even trivial encryption. The closest physical-world analogy to normal email is to use postcards for all your letters; there isn't a whole lot stopping a snooper from invading your privacy.

Internet protocols send messages in the open primarily because it takes a determined effort to snoop on individual users. For instance, to read a romantic email message from Bob to Carol as it is transmitted, a snooper would need privileged access to Bob's machine, Carol's machine, or one of the machines along the route the message follows. The snooper needs either to listen all the time or to know just when to collect data. If one is really determined to read Bob's love letters, it is probably easier to break into his or Carol's files than to grab the messages on the fly.

On the other hand, if a cracker breaks into a busy Internet service provider (ISP), he can engage in a more opportunistic kind of snooping. By installing a " sniffer" program that reads various kind of Internet traffic, the cracker can look for messages that contain patterns of digits that look like credit card numbers, or phrases like " the password is …" Bob's passion for Carol might escape notice, but he could find his account number stolen the next time he orders something over the Web, only because he or the merchant used the cracked ISP.

Encrypting all Internet traffic sounds tempting at first, but would add expense and delay in the form of additional computation and extra bytes for each message. The most expedient solution is to encrypt traffic which contains sensitive data, and to leave the rest in the open.

This chapter starts with a discussion of Secure Sockets Layer (SSL), the protocol used for most encrypted Internet messages, and how to use it in your web applications. It goes on to cover user authentication schemes and basic user information management issues.

Buy this book
 Title: Web Development with Apache and Perl
Author: Theo Petersen
ISBN: 1930110065
$44.95
Publication Date: April 2002
Pages: 424
Manning Publication Co.

Web Development with Apache and Perl
6.2 Secure Sockets Layer (SSL) - Page 2

Up to => Home / Authoring / Languages / Perl



Jupiter Online Media: internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and Jupiter Online Media

Jupitermedia Corporate Info


Legal Notices, Licensing, & Permissions, Privacy Policy.

Web Hosting | Newsletters | Tech Jobs | Shopping | E-mail Offers