|
|
History and development of session state in the HTTP protocol
Nezdara, Vojtěch ; Pinkas, Otakar (advisor) ; Vojíř, Stanislav (referee)
The main goal of this bachelor thesis is to analyze new ways to store session state in the stateless HTTP protocol. Thesis including a description of the development of the HTTP protocol itself. Concerning the session state, the emphasis is on the characteristics of commonly used methods, and new methods that come with the HTML5 specification. The RFC documents and the specifications for new technology published by their creators were used as the main source of information. In the next chapter, the thesis includes a practical test of the new transport protocol SPDY, demonstrating its higher speed. Finally, as a part of this thesis, a simple web chat application based on new technologies using scripting languages PHP and JavaScript, namely WebSocket, Web Storage and IndexedDB, was created. The methods described in this work can serve as a guide to create similar web applications using new technology for less experienced developers. Topic of this thesis was mainly based on the evolution of web sites and the growing importance of local storage on the client side.
|
|
|
Security of social networks
Hric, Michal ; Veber, Jaromír (advisor) ; Luc, Ladislav (referee)
Social networks represent an integral part of the personal, and in some cases, professional life of many people. The security of social networks is one of the key factors that determines its quality and credibility. The thesis analyzes security of six of most widely used social networks, with emphasis on the security of their web applications, optional security features of user accounts and privacy policies. Web application security was different for all investigated social networks. The most common deficiency was the use of SHA-1 signature algorithm, RC4 cipher support and unsupported option HSTS. Optional security features of user accounts were managed best by the first two evaluated networks (Facebook and YouTube), while other social networks provided less optional security features. Privacy policies didn't differ significantly, major differences were determinated by social network functionality. Although there are known risks related to insufficient security of social networks, even the most widely used social networks have deficiencies in this area.
|
|
|
Synchronization of vector graphic between multiple clients and server
Votava, Štěpán ; Bruckner, Tomáš (advisor) ; Vencovský, Filip (referee)
Goal of this master thesis is to analyze existing algorithms for ensuring consistency in real-time synchronization of vector graphics between server and multiple clients, testing them, describe main differences and selection of the best for this purpose. The theoretical part is devoted to realtime comunication over HTTP, to WebSockets, to concurrency algorithms and to basics of application architecture. The practical part describes the technology used in this thesis, as well as actual application design a its implementation. The result of this thesis is an overview of concurrency algorithms, the choise of technology for real-time communication between server and multiple clients and implementation of selected technologies and algorithms in Node.js application.
|
|
|
State informations keeping methods using HTTP
Novák, David ; Pinkas, Otakar (advisor)
The mission of this batchelor thesis is to give complete view to the problems concerning usage of interactive WWW services in the internet, where the communication is runned by HTTP protocol. This protocol is stateless. It means, that no information is stored between each connection. Nowday’s interactive web applications needs state informations for their proper functionality. That’s why this thesis considers methods of storing and transmission of state informations. In the first part is HTTP protocol described with mentions to the historical development. Actual version HTTP 1.1 is mainly focused. Next part is addicted to state informations, to the definition explanation, classification and methods of storing and transmitting theese informations. Following section is concerned with communication intermediaries in HTTP protocol. It means proxy and cache servers, which saves backup coppies of data for faster reusing and transmission capacities saving. This system brings along many problems, which are discussed in context of internet activity. References to extension of HTTP protocol for carrying state informations are highlighted. This is cookies. Their security risks are being discussed and also implementation in the relation to other methods is evaluated. In context of cookies is described P3P platform concerning protection of users privacy. Practical part consists of trivial application implementing the best of methods described here from the view of security and protection of privacy. Whole work might serve to the web application builder, it helps to understand patterns and to detect appropriate security risks.
|
|
|
Methodology of REST API design
Koudelka, Jakub ; Burkoň, Lukáš (advisor) ; Jansa, Václav (referee)
This work deals with an analysis and design of application programming interface (API) within the architectural style known as REST (Representational State Transfer). Beginning of this thesis covers basic introduction of HTTP protocol and REST fundamentals, followed by analysis and solution proposals of common situations that can occur in API. Sample application was implemented by following these proposals.
|
|
|
Dynamic web pages
Kotlín, Jiří ; Kastl, Jan (advisor) ; Veselá, Bohumila (referee)
Serving dynamic web pages raises higher load of web servers and associated technologies. This can to some extent eliminate setting up reverse proxy with cache in front of the web server. The primary goal of this thesis is to implement this technique via presently most popular web server -- Apache. These Apache's proxy features were at first well tested and described, later practically applied in real LAMP software bundle enviroment (Linux, Apache, PHP, MySQL).
|
|
|
Methods for maintaining state information in the HTTP protocol
Polsemov, Anton ; Pinkas, Otakar (advisor) ; Šváb, Ondřej (referee)
This bachelor thesis is focusing on HTTP protocol, its features, and technological aspects. The HTTP protocol is stateless so it is necessary to search for methods to keep status information. These methods are cookies, URL query, session id, http authentication, hidden fields in forms, IP address and additional. Every method has its own strong and weak features. Security of these methods influences a final resolution. Ahead of description of the methods, the thesis is concerning cryptography a describing HTTP cookies in detail. The practical section contains an analysis of online banking in Czech Republic and characterization of trends in this brand. Also, an installation of a PHP5, HTTP Apache server, creation and signification of an OpenSSL certificate is in the last chapter and finally, a simple application of online Banking is created.
|
|
|
Methods for maintaining state information in the HTTP protocol
Fiurášek, Tomáš ; Pinkas, Otakar (advisor) ; Šváb, Ondřej (referee)
Interactive Web applications affect almost everyone of us. Communication in these applications is generally provided by HTTP protocol. This protocol is stateless, which means, that it doesn't recognize the relationship between individual transactions. In modern Web applications, however, maintaining the status is crucial to ensure functionality. This thesis deals with various methods of state transmission and storage which solve the fact, that HTTP is stateless. The first part describes a theoretical basis of the HTTP protocol, concerns history of the protocol and explains related concepts. Next chapter deals with proxy and cache servers that serve as mediators in the communication and outlines potential problems that can occur while transferring state information. The following section is devoted to the methods for the maintenance and transmission of state information. In this chapter I describe various methods, then I compare them and discuss potential difficulties. In the next chapter I present the possibilities of the implementation of those methods in different development environments. Given that the matter of security nowadays has the focus, I also look at several problems also from the angle of security and safety. Theoretical conclusions of this thesis are reflected in the enclosed web application, which practically demonstrates the discussed issues and proves that the author of this thesis not only understands those issues, but he is also able to apply them practically.
|
|
| |
|
|
Server driven negotiation
Mikulka, Pavel ; Kastl, Jan (advisor) ; Pinkas, Otakar (referee)
Práce přibližuje základy protokolu HTTP a možnosti využití dynamického zasílání www stránek. První kapitola popisuje protokol HTTP na obecné úrovni, druhá se věnuje dynamicky zasílaným stránkám. Přínosem je ukázka implementace na dvou prakticky využitelných aplikacích. První z nich je automatický rozcestník pro webové sídlo, jehož úkolem je přesměrovat uživatele na nejvhodnější jazykovou verzi v závislosti na hodnotě hlavičky Accept-Language nebo IP adrese a druhou je download platforma pro společnost nabízející zábavní obsah pro mobilní telefony, jež poskytuje uživateli optimální verzi obsahu v závislosti na user-agent hlavičce jeho přístroje.
|
guest ::
