Download Slide 1

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts
no text concepts found
Transcript 
IST346:

Web Services
Today’s Agenda



Learn the basics of how the Web works
Understand various web service architectures
Address scaling, security, and change management issues
with web architectures
HTTP
Microformats
HTML /
XHTML
Web
Building
Blocks
AJAX
Platform
ASP
/PHP /JSP
Browser
Web
Server
URL /
URI
The Web at work
Web Server
IP: 128.230.182.251
Your computer
IP: 192.168.0.55
URL
Browser:
Connect
Send: HTTP GET /ist346/
Server
Recv: HTTP Response Stream
File containing HTML
Rendered HTML
Web Service Architectures
TYPE
Server Interactions
HTTP GET /index.html
Static
HTTP Response Stream
Dynamic
CGI /
Platform
HTTP GET /index.php
Dynamic
DatabaseDriven
HTTP GET /index.php
HTTP Response Stream
HTTP Response Stream
Web Scalability –Vertical (Scale Up)
DB Server
Web Server
HTTP Request
Clients
HTTP Response
DB Calls
DATA
Web Scalability – Horizontal (Scale Out)
Server 1
Clients
HTTP Request
HTTP Response
LoadBalancer *
Data
Replication
Server 2
* Round-Robin DNS, or a reverse Proxy
Web Scalability –Up and Out
Web Server 1
Db Server 1
Clients
HTTP Response
HTTP Request
Web Server 2
Web Server 3
Data
Replication
LoadBalancer *
Web Server 4
Db Server 2
Scaling





Don’t underestimate the importance of scalability
Scaling up is easier, but limiting.
You might not need to scale right away…
But you should always consider it when deploying a
service.
Factor it into the equation from the beginning.
Web Platforms – Everyone’s got one

Java


Microsoft


Apache / Tomcat / JSP
IIS / ASP.NET
Linux




Apache / PHP
Ruby on Rails
Python
Classic Perl / CGI
Web Service Security



Since virtually everyone can access your service, security
is important.
Rule #1 ALWAYS assume the worst.
There are many layers of security, use them all:




Secure communication with SSL (Secure Sockets Layer)
Protect the server by service Hardening on the Web server.
Only run the services that are required – nothing more.
Protect the web service itself
Secure the application running over the web
SSL – Secure Sockets Layer






Encrypts traffic over the wire
Protects against “Man in the
Middle” attacks
Orgs purchase the SSL
certificate from an Authority
Browsers “Trust” the
Authority
Moral:
Just because a site uses SSL doesn’t mean its “secure” it
only means the traffic between you and the server is
encrypted!!!!
Web Application Security





Limit the amount of damage someone can do.
Validate all inputs
Automate data access – generic data access should be
avoided
Don’t give out more permissions than are required
Use Logging
Web Content Management

Change management




Update – new material
Change – alter existing material
Fix – correct existing material
Production websites at least should have:



Prod - obvious
Dev/Draft – where new changes are first made
Test/QA – final proofing before the rollout to prod
Questions?
Related documents