Professional Documents
Culture Documents
Objectives
Upon completion of this unit, you should be able to:
HTTPS
Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the HTTP. It allows secure ecommerce transactions like online banking.
SSL is a security protocol that was developed by Netscape Communications Corporation, along with RSA Data Security, Inc. The primarily goal of the SSL protocol is to provide a private channel between communicating applications, which ensures privacy of data authentication of the partners and integrity.
SSL Overview
SSL provides an alternative to the standard TCP/IP socket API that has security implemented within it. Therefore, it is possible to run any TCP/IP application in a secure way without changing the application. In practice, SSL is only widely implemented for HTTP Connections. Netscape Communications Corporation has started an intention to employ it for other applications types such as NNTP and telnet.
At the lower layer, a protocol for transferring data using a variety of predefined cipher and authentication combinations, called the SSL Record Protocol. On the upper layer, a protocol for initial authentication and transfer of encryption keys, called the SSL Handshake Protocol.
Integrity Messages contain a message authentication code (MAC) ensuring the message integrity
Authentication During the handshake, the client authenticates the server using an asymmetric or public key. It can also be based on certificates.
SSL requires that each message is encrypted and decrypted and therefore has a high performance and resource cost.
Database
LoadModule cgi_module directive ScriptAlias directive Alternatively, use <Directory> container <Directory /var/www/cgi-bin> AllowOverride None Options ExecCGI AddHandler cgi-script .py .pl Order allow,deny Allow from all </Directory>
Sample examples
Python script (/var/www/html/hello.py) #!/usr/bin/python print Content-type:text/html\r\n\r\n print Hello World! Perl Script (/var/www/html/hello.pl) #!/usr/bin/perl print Content-type:text/html\n\n; print Hello World!;
Conclusion
Hypertext Transfer Protocol Secure (HTTPS) is a combination of Hypertext Transfer Protocol (HTTP) with the SSL/TLS protocol. It provides encrypted communication to prevent eavesdropping and to securely identify the web server with which one is actually communicating.
The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middleattacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.
The CGI specification defines a set of rules that allow programs to interact with web servers, such as Apache. CGI programs allow web developers to provide dynamic content.
General rules for CGI Scripting:v Do not trust user input, check it v Do not directly execute user input v Do not assume input is in the expected format