web application

How to implement a secure session management system in PHP (and generally)?

Developers, especially unexperienced PHP developers, have a tendency to not care much care about security-related issues. This is true for the problem of secure sessions, too - and the reason why attackers of a certain website or service can easily hijack sessions to get access to data, which they should not have access to. Because HTTP is a stateless protocol, sessions are required to identify a certain client on multiple requests. In PHP this identification is done via "session IDs", which are exchanged by the client and the webserver on each request (the session ID may be stored as a Cookie, in the URL or hidden field). The server stores the session ID locally to identify a certain client if the session ID is available in a certain request. If an attacker is able to steal the session ID of a certain client, the server will "think", that the attacker is the client. As a result, the attacker will be able to do everything, the client is allowed to do. How do I implement a session management system in PHP (and generally), which is more secure and more protected against "session hijacking" attempts?

Creating a web audio player with GWT

Google Web Toolkit (GWT) is a set of tools that allows for creating JavaScript applications in Java. For a web application I was working on with GWT, I had to create an audiovisualization unit. For that purpose it was necessary to implement an audio player that would play/pause/resume/stop a sound file by request.

Secure Web-Application

Within the framework of the procurement of Web application substantial security holes were evident (recognized by by examinations/ (IT-Securtiy checks). The Web applications are ordered by the company at different suppliers, who carry out the software development. In the course of the agency, however, there is no further specification concerning the requirement to IT-regarding to an implicit approach „it just must be safe “. These facts cause the following problems: + The level of IT-Security is not defined and depends on the provider + The frame of vunerabilities found by security-checks cannot be regarded as lacks, no specification is available. + The repair of vunerabilties depends on the goodwill of the providers + If clients-data are run at this Website, the data protection is not guaranteed.

Reading webpages in Java applications

Many web application fall into the category of "mash ups", meaning that they collect information from different sources (often other web applications) and combine it in a single, coherent user interface that offers additional value to the user. Often this additional value is enough to justify the mash up as a service of its own. In order write such an application, one must first be able to access the web pages in question in the Java code of the own application.

Cross-window messaging

Web pages often consist of multiple frames that coexist on a single visual page. A good example are advertisements, which are semantically not part of the content of the actual page and technically separated into an own frame. The consequence of this separation is that such ads have their own context and cannot access the context of the main web page. This is a necessary security measure, since otherwise ads would be able to spy on the user as he interacts with the web application. Sometimes however, it is necessary to split a single web application into multiple frames for technical reasons even if they belong together from a semantic point of view. Such an example would be a SVG graphic nested in its own <em>iframe</em> within a web application. Let's take an application as an example, that has a SVG graphic with selectable areas which the user can click on, that then displays data for the selected area in the main application. The browser forbids direct JavaScript interaction like function calls or changes of variables between the main frame and the frame that contains the SVG graphic, making it impossible to notify the web application about the users action in the graphic.

Drag and drop in web applications

Modern web applications often have drag and drop interfaces that allow the user to change the layout of a page (like order and place of menu elements), organize personal content (like files and folders) or express selections by movement of control elements. Users are used to such operations from desktop applications, making such web applications easier to understand and use for less tech-savvy users. HTML5 provides built in capabilities for basic drag and drop operations, but usage of of browsers that support HTML5 is still rather low. The usefulness of HTML5 grows every day, but as long as Internet Explorer 6 is still used developers need to look for alternative solutions for many cases. To make an application work on legacy browsers, one must work around the limitations of HTML, which was originally designed for static web documents. While HTML offers rich capabilities to format the contents of a document as you write it, the elements displayed on a HTML page are immutable and don't allow the user to change or move them as he browses the page. The bottom line is that drag and drop can't be implemented by pre-HTML5 HTML alone and requires some external technology to work.

geocoding challenge in php

i have two addresses which i can quite easily display within a google map i integrated into my web application. now i would like to calculate the distance of the two addresses. is there any service easily to use which returns the distance i am looking for or i can use to find out if the second address is within a given range from the first one?

Google Calendar / Outlook Calendar sync

The challenge is to synchronize goggle calendar with outlook 2007. It is needed to synchronize both ways. (Editing an entry in outlook --> synchronize and editing an entry in google online calendar --> synchronize).

Store and share files across the internet

In modern life, people change devices many times a day. However, very often, they work with the same files. When transferring files by hard-disks, USB sticks, other external storage or sending by mail, you can easily become a victim of many different fragmented versions. Nowadays, however there are systems available that solve that problem by storing your data in the cloud. This way, it is available on every device, wherever you are, as long as you are connected to the internet. <strong>Challenge:</strong> <ul> <li>Find an online hosting service for your files.</li> <li>Find out how to upload your files and upload at least 3.</li> <li>Change one of your files and save it. Now look into the version history and try to undo your action by re-activating the older version.</li> <li>Is there an integration of the hosting service into you operating system? How can you make use of this?</li> <li>Now try to find your uploaded files on a different device (e.g. smartphone)</li> <li>Share one of the files with a friend of yours.</li> </ul>

E-Mail Filters

Many people get huge amounts of mail every day. It can be painful to sort, categorize and handle all those mails manually. Furthermore, it costs a lot of valuable time that you could spend elsewhere. However, there is an automatic approach that can save you a lot of this time: E-Mail Filtering <strong>Challenge:</strong> <ul><li>Choose an E-Mail client (either desktop client or web mail)</li> <li><strong>Create the following filters:</strong></li><li>a filter that automatically labels mails from tuwien.ac.at with "TU" or moves them to a folder called "TU"</li><li>a filter that sends unwanted mails (containing words of your choice) to the spam folder</li><li>a filter that marks e-mails containing the words "Knowledge Management" as important (e.g. by flagging or starring)</li></ul>


Subscribe to web application