Database systems design

Database Systems Design-ppt Download

  • Date:03 Feb 2021
  • Views:12
  • Downloads:0
  • Size:1.86 MB

Share Presentation : Database Systems Design

Download and Preview : Database Systems Design

Report CopyRight/DMCA Form For : Database Systems Design


Transcription:

1.PHP and MySQL AdvancedFeatures12/3/2012ISC329 Isabelle Bichindaritz1

2.Learning Objectives• Track sessions• Use cookies• Secure a MySQL/PHP application• Example12/3/2012ISC329 Isabelle Bichindaritz2

3.Tracking Sessions HTTP is a stateless protocol – it cannot maintain the state between twotransactions. When a user requests a page following another one, HTTP does nottrack whether both pages come from the same user (they areindependent). Session tracking allows to track a user during a transaction spannignseveral pages. Ex: login choose products checkout in a shopping cart application.12/3/2012ISC329 Isabelle Bichindaritz3

4.Tracking Sessions A PHP session has: A unique session ID A cryptographically random number. Session variables associated with it. The session ID is generated by PHP and stored on the client side during all thelifetime of a session. The session ID can either be stored on the client computer in a cookie or passedthrough URLs. A session ends: When the user closes it or the browser client is closed. After a predefined time specified in php.ini file.12/3/2012ISC329 Isabelle Bichindaritz4

5.Tracking Sessions Implementing a session: Start a sessionsession start();(sessions can also be started automatically if PHP sets-up that way) Register session variables SESSION[‘var name’] 42; Use session variablesif (isset( SESSION[‘var name’] )) … Deregister variables unset( SESSION[‘var name’] ); SESSION array()(; Destroy the sessionsession destroy();12/3/2012ISC329 Isabelle Bichindaritz5

6.Tracking Sessions ?phpsession start(); SESSION['sess var'] "Hello world!";echo 'The content of SESSION[\'sess var\'] is '. SESSION['sess var'].' br / ';? a href "page2.php" Next page /a 12/3/2012ISC329 Isabelle Bichindaritz6

7.Tracking Sessions ?phpsession start();echo 'The content of SESSION[\'sess var\'] is '. SESSION['sess var'].' br / ';unset( SESSION['sess var']);? a href "page3.php" Next page /a 12/3/2012ISC329 Isabelle Bichindaritz7

8.Tracking Sessions ?phpsession start();echo 'The content of SESSION[\'sess var\'] is '. SESSION['sess var'].' br / ';session destroy();? 12/3/2012ISC329 Isabelle Bichindaritz8

9.Using Cookies A cookie is a piece of information that’s stored by a server in a textfile on a client’s computer to maintain information about the clientduring and between browsing sessions. A server can access only the cookies that it has placed on the client. Function setcookie takes the name of the cookie to be set as thefirst argument, followed by the value to be stored in the cookie. The optional third argument indicates the expiration date of thecookie. If no expiration date is specified, the cookie lasts only until the end ofthe current session—that is, when the user closes the browser. Thistype of cookie is known as a session cookie, while one with anexpiration date is a persistent cookie.12/3/2012ISC329 Isabelle Bichindaritz9

10.Using Cookies• If only the name argument is passed to functionsetcookie, the cookie is deleted from the client’scomputer.• Cookies defined in function setcookie are sent to theclient at the same time as the information in the HTTPheader; therefore, setcookie needs to be called beforeany other output• PHP creates the superglobal array COOKIE, whichcontains all the cookie values indexed by their names,similar to the values stored in array POST when anHTML5 form is posted12/3/2012ISC329 Isabelle Bichindaritz10

11.12/3/2012ISC329 Isabelle Bichindaritz11

12.12/3/2012ISC329 Isabelle Bichindaritz12

13.12/3/2012ISC329 Isabelle Bichindaritz13

14.12/3/2012ISC329 Isabelle Bichindaritz14

15.12/3/2012ISC329 Isabelle Bichindaritz15

16.12/3/2012ISC329 Isabelle Bichindaritz16

17.12/3/2012ISC329 Isabelle Bichindaritz17

18. 1992-2012 by Pearson Education, Inc. AllRights Reserved.

19. 1992-2012 by Pearson Education, Inc. AllRights Reserved.

20.Security Features Authentication Authentication / access control with session control.Start a session with a login screen and pass on the authorized userin SESSION variables. Apache’s basic authenticationmod auth checks against name-password pairs on a server file(.htaccess) MySQL authenticationmod-auth mysql checks against name-password pairs in aMySQL database12/3/2012ISC329 Isabelle Bichindaritz20

21.Security Features Encryption Password encryptioncrypt( password)MD5( password)sha-1( password) (Secure Hash with 40 characters) Secure Sockets Layers (SSL) to secure communications betweenservers and browsers over the InternetPGPGPG (http://www.gnupgp.org)12/3/2012ISC329 Isabelle Bichindaritz21

22.Security Features Code security Value checking SQL injection prevention – escape strings sent to database servermysql escape string,mysqli::real escape string,mysqli real escape string12/3/2012ISC329 Isabelle Bichindaritz22

23.Dreamhome Staff Management The Dreamhome Staff Management application letsusers: List the staff working at a branch Add staff Update staff information Delete staff. http://moxie.cs.oswego.edu/ bichinda/dreamhome/login.php(username: Brand,password: SG5)ISC329 Isabelle Bichindaritz12/3/201223

24.Dreamhome Staff Management Files: login.php(login)dreamhome.php (general menu)branch.php (list of staff per branch)add.php (add staff interface)add-staff.php(add staff to the database)delete.php (delete staff interface)delete-staff.php (delete staff from the database)update.php (update staff interface)update-staff.php (update staff from the database)logout.php (logout)functions.php(all functions called by the other pages)12/3/2012ISC329 Isabelle Bichindaritz24

25.Dreamhome Staff Managementlogin.phpdreamhome.phpbranch.php12/3/2012add.phpupdate.phpdelete.phpaddstaff.phpupdatestaff.phpdeletestaff.phpISC329 Isabelle Bichindaritz25

26.Templates Two types of applications Applications allowing users to search through a databasewithout requiring them to login dhBranchStaff.html (or dhBranch.php) anddhBranchStaff.php Applications requiring users to login and/or allowing them tosearch / add / delete / update the database Dreamhome staff management system (dreamhome.zipfrom Angel) by selecting the features useful for theapplication.12/3/2012ISC329 Isabelle Bichindaritz26

27.


Secure a MySQL/PHP . application. Example. 12/3/2012. ISC329 Isabelle Bichindaritz . HTTP is a stateless protocol – it cannot maintain the state between two transactions. When a user requests a page following another one, HTTP does not track whether both pages come from the same user (they are independent).

Related Presentations

Database systems design SUNY Oswego

Comparison of Logical and Physical Database Design. Sources of information for physical design process includes global logical data model and documentation that describes model. Conceptual and logical . database design . are . concerned with the . what, physical database design is concerned with the . how.

29 Views0 Downloads

Database systems design Oswego

Logical database design Process of constructing a model of information used in an enterprise based on a specific data model (e.g. relational), but independent of a particular DBMS and other physical considerations.

31 Views0 Downloads

Database Systems Design Implementation and Management

The University Lab: Conceptual Design Verification, Logical Design, and Implementation Hachim Haddouti In this chapter, you will learn: How the Lab Management System modules are defined and refined How attributes and domains are identified and defined for each of the entities defined in the initial E-R model How the database transactions are identified and defined within the system modules ...

25 Views0 Downloads

Database Systems Design Implementation and Management

Chapter 2. Data Models ©2017 Cengage Learning®. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website or school-approved learning management system for classroom use.

49 Views0 Downloads

Database systems design cs oswego edu

Fact-finding used throughout the database application lifecycle. Crucial to the early stages including database planning, system definition, and requirements collection and analysis stages. Enables developer to learn about the terminology, problems, opportunities, constraints, requirements, and priorities of the organization and the users of ...

8 Views0 Downloads

Database Systems Design Implementation and Management Ninth Edition

A relational database guarantees the ACID properties: A. tomicity, C. onsistency, I. solation, D. urability. In short, a set of SQL statements (called a transaction) will either completely work or completely fail—no half way success, and the result will not corrupt the database. A price to pay: results might be somewhat slow

2 Views0 Downloads

Database Models Flat Files and the Relational Database

Database Models: Flat Files and the Relational Database Objectives: Understand the fundamental structure of the relational database model Learn the circumstances under which it is a better choice than the flat file

28 Views0 Downloads

Database Security with focus on Hyperion Database

Hyperion application security determines user access to products using the concept of roles. A role is a set of permissions that determines user access to product functions. User directories store information about the users who can access Hyperion products. Both the Authentication and the authorization processes utilize user information.

24 Views0 Downloads

Introduction to Database Systems

Database design: logical design---select suitable data model physical design---select suitable indexing d. Access management design: how to serve large-scale users? e. Efficiency concern: how to manage large-scale data set? Ramakrishnan & Gehrke Summary DBMS used to maintain, query large datasets.

30 Views0 Downloads

CS186 Introduction to Database Systems

Title: CS186: Introduction to Database Systems Last modified by: Joe Hellerstein Document presentation format: On-screen Show Other titles: Arial Times New Roman Tahoma Times Book Antiqua Osaka Bradley Hand ITC TT-Bold Lucida Sans Unicode Symbol Monotype Sorts lecture1.key CS186: Introduction to Database Systems Queries for Today What: Database Systems Then What: Database Systems Today What ...

22 Views0 Downloads

Introduction to Database Systems EPFL

Introduction to Information Systems SSC, Semester 6 Lecture 01 Staff Instructors: Karl Aberer, BC 108, karl aberer at epfl ch Philippe Cudré-Mauroux, BC 114, philippe cudre-mauroux at epfl ch Office hours: by appointment TAs: Gleb Skobeltsyn (exercises) Martin Rubli (project) Communications Web page: lsirww.epfl.ch Lectures will be available here Homeworks and solutions will be posted here ...

35 Views0 Downloads

EECS 484 Database Management Systems

Sit with your teams and bask in your collective knowledge Go to the Github page and download SQL Challenge ppt or pdf director_db_schema.txt Direct99_sqlite.csv

12 Views0 Downloads