The document provides information on WWW architecture, CGI, client-server security, and protection methods. It discusses the client-server model of the World Wide Web and how it works. It explains common gateway interface (CGI) programming and its advantages. The document also outlines some main security threats in client-server systems like unauthorized data access and modifications. It recommends methods to secure client-server systems like data encryption, use of public key algorithms, certificates, and secure transport protocols.

1. WWW ARCHITECTURE
, CGI, CLIENT SERVER
SECURITY, PROTECTION
METHODS
GROUP 3
Austina Francis
Anju Babu
Abhraham Easo
Vinil Steephen
Jomon J Joseph

2. WWW ARCHITECTURE
 WWW
 The WWW service in which a client using a
browser can access the service through the
server.
 The service provided is distributed over
many locations called sites.
 It was initially developed in 1989 by Tim
Berners Lee at the CERN lab , in
Switzerland.
 It has a unique combination of probability
,flexibility , and user friendly features
provided by the internet.

3. CLIENT-SERVER ARCHITECTURE OF WORLD WIDE
WEB

4. FUNCTIONAL COMPONENTS OF
WWW
 Web browsers
 Web servers
 Hyper Text Markup Language
 HTTP
 URL(Uniform Resource Locator)

5. WORKING OF WWW
 The system begins bigins by resolving
the server name part of the URL in the IP
address using internet database.
 Browser send an HTTP request to web
server at that particular page and further
forming a par of that page like images.
 After receiving the requested files the
browser displays the page on the screen.
 In order to view a web page on the
WWW one has to type the URL.


6. INTERNET VS. WWW
Internet is the infrastructure WWW is just one of many
that makes the WWW “virtual networks” built on
work. the Internet.
 Packet Switching  Websites: http, https, etc.
 TCP/IP Protocol  Email: pop, imap, etc.
 Physical Infrastructure  Other systems: ftp, instant
 Fiber-optics lines, wires messaging, etc.
 Satellites, Cable Modems  Note: Even to this day
 Routers, Hubs, Network companies have “private virtual
Cards, WiFi systems, etc. networks” that use the
Internet, but are
proprietary, locked-down.

7. INTRODUCTION TO CGI
 CGI stands for Common Gateway Interface.
 CGI is a standard programming interface to
Web servers that gives us a way to make our
sites dynamic and interactive.
 CGI is not a programming language. It is just
a set of standards (protocols.)
 CGI can be implemented in an interpreted
language such as PERL or in a compiled
language such as C.

8. INTRODUCTION TO CGI
 An HTTP server is often used as a gateway to a
legacy information system; for example, an existing
body of documents or an existing database
application. The Common Gateway Interface is an
agreement between HTTP server implementors
about how to integrate such gateway scripts and
programs.
 It is typically used in conjunction with HTML forms
to build database applications.

9. CGI PROGRAMMING
Netprog 2002 CGI Programming
HTTP
SERVER
CLIENT CGI Program
9

10. CGI- WORKING
 CGI programs work as follows:
 STEP 1 (On the client side): Get
Information from the user (using HTML
forms, SSI, Java Applet, …,etc).
 STEP 2 (On the server side): Process the
data, connect to DATABASE, search for
PATTERNS, …,etc.
 STEP 3 (On the server side): Send the
result of computation back to the client.

11. HTTP HEADER FIELDS ARE COMPONENTS OF THE
MESSAGE HEADER OF REQUESTS AND RESPONSES IN
THE HYPERTEXT TRANSFERVPROTOCOL THEY DEFINE THE
OPERATING PARAMETERS OF AN HTTP TRANSACTION
 Multipurpose Internet Mail Extensions (MIME)
 is an Internet standard that extends the format
of email to support:
 Text in character sets other than ASCII
 Non-text attachments
a) Message bodies with multiple parts
b) Header information in non-ASCII character sets

12. ADVANTAGES OF CGI
 Provides user interface
 Stores some settings
 Can do some data processing
 Little to no application data storage
 Same view of data no matter where you login

13. CLIENT SERVER SECURITY
 keeps a check on the flow of information and it also
helps in the smooth functioning of the computers.
 The Client server Security works on the basis of
authority, first it has to have the authority to identify
and then identify the hindrance in the security
pathway.
 It have the Discretionary control to set things back
to their normal place
 and then another check is done which can called as
an audit.

14. CLIENT SERVER SECURITY
 The object can be re-used or the data can be send
all over again..
 The major disadvantage is that
Tere is no single security system which can handle
all the problems related to the Client server
security, so there are many which has to be
installed and checkpoints have to be maintained at
every point

15. WORKING LAY OUT

16.  The security measures of online retailers vary
immensely.
 The methods used to gather, store, and distribute
information is implemented differently across the
web.
 Many companies and corporations that collect
sensitive data do not have proper security protocols
put into place, which may compromise personal
information.
 Common errors that online businesses make when
processing transactions will be analyzed and
critiqued..

17.  This includes information security and the protocols
that they should put into place both in terms of their
computer infrastructure, data collection and the
establishment of personnel protocols, such as the
handling of sensitive information and password
changes.
 The transactions between the client and server will
be examined along with the protocols used in the
sharing of information, such as secure socket
layers and their different certificates, encryption and
security measures that are utilized.

18.  . E-commerce firms must ensure that they control
access to their information assets and the use of
their networks by designing and implementing
controls that will diminish the dissemination of
sensitive information.
 There are possible vulnerabilities on a client’s
machine that can lead to data being compromised
before it is uploaded to the server.

19. MAIN SECURITY THREATS
 Unauthorized data access - kind of threat when
unauthorized person gets access to confidential
information. It can lead to situation when such
information becomes public or is used against its
owner.
 Unauthorized data modifications - kind of threat
when data can be changed or deleted accidentally
or intentionally by the person that has no
permissions for such actions.

20. SECURING YOUR CLIENT-SERVER
 Data encoding and encryption:
MAIN goal of encryption is to hide the data from
being visible and accessible without having the key.
o Symmetric encryption algorithms:
Special algorithm and key are used for encryption.
The same algorithm and key are used for
information decryption.Another name is also used -
secret-key cryptograph.

22.  Block and stream encryption in symmetric
algorithms
 Public key algorithm security
 Certificates
 Secure transport protocols
 analyse security of data storage and data
transfer channels;
 check if there are times when data is not
encrypted;
 if the data is not encrypted, check if they are
freely accessible;
 if the is encrypted, check if the attacker can
obtain something useable for recovery of the
encryption keys

23. THANK YOU