View/Open - JUWEL - Forschungszentrum Jülich
View/Open - JUWEL - Forschungszentrum Jülich
View/Open - JUWEL - Forschungszentrum Jülich
Sie wollen auch ein ePaper? Erhöhen Sie die Reichweite Ihrer Titel.
YUMPU macht aus Druck-PDFs automatisch weboptimierte ePaper, die Google liebt.
Hacking and Protecting a Cultural Website : The Case ofCVC<br />
Authorization from the development point of view<br />
Once the system has authenticated the entrance of a user, depending on the user's<br />
profile, one setting or another will be accessed. Moreover, depending on the access level<br />
some operations will be carried out and others won't.<br />
Talking about the different profiles a student could have in our Spanish course, I'll say<br />
that we have got two different setting .<br />
Administration setting.<br />
User's setting.<br />
Each user who enters in each setting has gos a specific profile which allows him to enter<br />
a specific private module.<br />
When talking about the administration setting the profiles a user can have are the<br />
following ones :<br />
Administrator<br />
Deputy Head of the Cervantes Institute<br />
Deputy Head of linguistic technology<br />
Administrative officer<br />
Depending on their profile, each user will do more or less restricted operations .<br />
Measures to take when developing a web page :<br />
Html comments<br />
The navigator ignores all the html comments when showing the page, but the comments<br />
can be seen when having a lot at the page code. So in this case we must be careful with<br />
the comments we write .<br />
Links<br />
The links can help us to understand the logic of the application. Moreover, used<br />
technologies can be identified.<br />
E-mail addresses<br />
Many pages have got references to e-mail addresses. They could be used by Spammers<br />
to obtain addresses to which they could send virus .<br />
Hidden fields<br />
You must be careful because the hidden fields can show parameters ofthe application.<br />
Measures to take against invalid entrance attacks<br />
Canonization<br />
Files inclusions containing the route " . ./" due to security primary route accesses are not<br />
allowed .<br />
Buffer overflow<br />
When developing certain functions care must be taken because they can provoke<br />
overflow which would change the return address .<br />
8 8