Web Development with Apache and Perl
June 28, 2002
|
Open source tools provide a powerful and flexible environment for
web development and maintenance. If your site has complex business
rules or server logic, then you need more than just an interface
builder. You need a strong application language with effective
tools ready at hand. Perl's strengths make it a natural choice.
|
Did you know you can easily build a site with features like message forums, chat, session management, custom preferences and other features your users will love? This book shows you how. But it is more than a programming book. It covers a wide spectrum of practical issues and how to handle them, such as when to use a database, what information needs to be secure (and how to secure it), and how to keep traffic from crippling your site. It will teach you the empowering use of ready-made modules so you don't have to reinvent the wheel. And it will even teach you how to successfully advocate the use of Open Source tools in your company.
What's Inside:
- CGI and mod_perl programming
- mod_ssl, mod_rewrite and other Apache modules
- Using DBI with databases
- HTML::Mason and Template Toolkit for embedded scripting
- User login and session management
- Performance and system monitoring tools
- Growth planning and disaster recovery
- Sample layouts for community, corporate and e-commerce sites
Security and users
6.1 LISTENING IN ON THE WEB
It seems that every few months there are high-profile cases of credit card theft over
the Internet; a popular site reports that its customer database was cracked, or a new
exploit is discovered that lets a malicious application read information from browsers.
As with the case in the physical realm, the bulk of crimes are low-profile and not
reported to police. After a pleasant holiday season of shopping over the Web, strange
charges turn up on a credit card, and the card holder calls their bank to have the
charges removed and to get a new account number issued.
When these cases do make the news, consumers get vague warnings about using
proper security when shopping over the Internet. We can hope that those who
have been victimized learn their lesson and take precautions when giving out sensitive
information.
Seldom, however, is there any comment on the fact that the Internet is not built
for security. The most popular protocols for web browsing, email, and file transfer all
send their contents without even trivial encryption. The closest physical-world
analogy to normal email is to use postcards for all your letters; there isn't a whole lot
stopping a snooper from invading your privacy.
Internet protocols send messages in the open primarily because it takes a determined
effort to snoop on individual users. For instance, to read a romantic email message
from Bob to Carol as it is transmitted, a snooper would need privileged access to
Bob's machine, Carol's machine, or one of the machines along the route the message
follows. The snooper needs either to listen all the time or to know just when to collect
data. If one is really determined to read Bob's love letters, it is probably easier to break
into his or Carol's files than to grab the messages on the fly.
On the other hand, if a cracker breaks into a busy Internet service provider (ISP),
he can engage in a more opportunistic kind of snooping. By installing a " sniffer" program
that reads various kind of Internet traffic, the cracker can look for messages that
contain patterns of digits that look like credit card numbers, or phrases like " the password
is …" Bob's passion for Carol might escape notice, but he could find his account
number stolen the next time he orders something over the Web, only because he or
the merchant used the cracked ISP.
Encrypting all Internet traffic sounds tempting at first, but would add expense and
delay in the form of additional computation and extra bytes for each message. The
most expedient solution is to encrypt traffic which contains sensitive data, and to leave
the rest in the open.
This chapter starts with a discussion of Secure Sockets Layer (SSL), the protocol
used for most encrypted Internet messages, and how to use it in your web applications.
It goes on to cover user authentication schemes and basic user information management
issues.
Web Development with Apache and Perl
6.2 Secure Sockets Layer (SSL) - Page 2
|
