Xem mẫu
Web Security & Commerce
Simson Garfinkel & Eugene H. Spafford
First Edition, June 1997
ISBN: 1-56592-269-7, 506 pages
Learn how to minimize the risks of the Web with this comprehensive guide.
It covers browser vulnerabilities, privacy concerns, issues with Java, JavaScript, ActiveX, and plug-ins, digital certificates, cryptography, Web server security, blocking software, censorship technology, and relevant civil and criminal issues.
Release Team[oR] 2001
Preface 1 The Web: Promises and Threats
About This Book
Conventions Used in This Book Comments and Questions Acknowledgments
i Introduction 13
1 The Web Security Landscape 14 1.1 Web Security in a Nutshell
1.2 The Web Security Problem
1.3 Credit Cards, Encryption, and the Web 1.4 Firewalls: Part of the Solution
1.5 Risk Management
ii User Safety 29
2 The Buggy Browser: Evolution of Risk 30 2.1 Browser History
2.2 Data-Driven Attacks
2.3 Implementation Flaws: A Litany of Bugs
3 Java and JavaScript 38 3.1 Java
3.2 JavaScript
3.3 Denial-of-Service Attacks
3.4 JavaScript-Enabled Spoofing Attacks 3.5 Conclusion
4 Downloading Machine Code with ActiveX and Plug-Ins 56 4.1 When Good Browsers Go Bad
4.2 Netscape Plug-Ins
4.3 ActiveX and Authenticode
4.4 The Risks of Downloaded Code 4.5 Is Authenticode a Solution?
4.6 Improving the Security of Downloaded Code
5 Privacy 69 5.1 Log Files
5.2 Cookies
5.3 Personally Identifiable Information 5.4 Anonymizers
5.5 Unanticipated Disclosure
iii Digital Certificates 77
6 Digital Identification Techniques 78 6.1 Identification
6.2 Public Key Infrastructure
6.3 Problems Building a Public Key Infrastructure 6.4 Ten Policy Questions
7 Certification Authorities and Server Certificates 98 7.1 Certificates Today
7.2 Certification Authority Certificates 7.3 Server Certificates
7.4 Conclusion
8 Client-Side Digital Certificates 111 8.1 Client Certificates
8.2 A Tour of the VeriSign Digital ID Center
9 Code Signing and Microsoft`s Authenticode 123 9.1 Why Code Signing?
9.2 Microsoft`s Authenticode Technology
9.3 Obtaining a Software Publisher`s Certificate 9.4 Other Code Signing Methods
iv Cryptography 134
10 Cryptography Basics 135 10.1 Understanding Cryptography
10.2 Symmetric Key Algorithms 10.3 Public Key Algorithms 10.4 Message Digest Functions 10.5 Public Key Infrastructure
11 Cryptography and the Web 150 11.1 Cryptography and Web Security
11.2 Today`s Working Encryption Systems 11.3 U.S. Restrictions on Cryptography 11.4 Foreign Restrictions on Cryptography
12 Understanding SSL and TLS 166 12.1 What Is SSL?
12.2 TLS Standards Activities
12.3 SSL: The User`s Point of View
v Web Server Security 181
13 Host and Site Security 182 13.1 Historically Unsecure Hosts
13.2 Current Major Host Security Problems 13.3 Minimizing Risk by Minimizing Services 13.4 Secure Content Updating
13.5 Back-End Databases 13.6 Physical Security
14 Controlling Access to Your Web Server 196 14.1 Access Control Strategies
14.2 Implementing Access Controls with Blocks 14.3 A Simple User Management System
15 Secure CGI/API Programming 209 15.1 The Danger of Extensibility
15.2 Rules To Code By
15.3 Specific Rules for Specific Programming Languages
15.4 Tips on Writing CGI Scripts That Run with Additional Privileges 15.5 Conclusion
vi Commerce and Society 222
16 Digital Payments 223 16.1 Charga-Plates, Diners Club, and Credit Cards
16.2 Internet-Based Payment Systems
16.3 How to Evaluate a Credit Card Payment System
17 Blocking Software and Censorship Technology 237 17.1 Blocking Software
17.2 PICS 17.3 RSACi
18 Legal Issues: Civil 248 18.1 Intellectual Property
18.2 Torts
19 Legal Issues: Criminal 256 19.1 Your Legal Options After a Break-In
19.2 Criminal Hazards That May Await You 19.3 Criminal Subject Matter
19.4 Play it Safe . . . 19.5 Laws and Activism
vii Appendixes 264
A Lessons from Vineyard.NET 265 A.1 Planning and Preparation
A.2 IP Connectivity
A.3 Commercial Start-Up A.4 Ongoing Operations A.5 Conclusion
B Creating and Installing WebServer Certificates 278 B.1 Downloading and Installing Your Web Server
B.2 Apache-SSL
C The SSL 3.0 Protocol 288 C.1 History
C.2 SSL 3.0 Record Layer C.3 SSL 3.0 Protocols C.4 SSL 3.0 Handshake C.5 SSLeay
D The PICS Specification 306 D.1 Rating Services
D.2 PICS Labels
E References 313 E.1 Electronic References
E.2 Paper References
Colophon 326
...
- tailieumienphi.vn
nguon tai.lieu . vn