File upload using asp

File upload using asp
ASP Programe About Us Links Downloads Contact Us Terms of use SiteMap
File upload using asp
File upload using asp

 
You are here: ASP Programe >>File upload using asp

File upload using asp article lists.

File upload using asp

Using ASP-based message encryption project to teach information security concepts




1. INTRODUCTION

As computer network becomes an important part of the business world as well as our daily life, information security should be taught not only to the computer science students, but also to the business students. Hands-on projects, which are technical but simple to implement, can help motivate the MIS students explore the technical concepts in information security. On this basis, the authors assigned to MIS students a course project to develop a Web application providing message encryption. This project is simple enough for them to implement, as it requires elementary programming skills, which they already got from other courses. The project on the other hand lets the students explore, in some depth, some of the technical aspects of information security. The rest of this paper is organized as follows. Section 2 describes a doable project for business students. Section 3 provides an overview of message encryption. Section 4 presents an example of a student project. This is followed by discussion on pedagogical approach and a summary of student feedback in Section 5. S ection 6 concludes b y reviewing important aspects of the project.

2. A DOABLE INFORMATION SECURITY PROJECT

The choice of project was motivated by a desire to provide hands-on experience to students having limited technical backgrounds while requiring limited technical support. Because encryption plays such an important role in information security as discussed in the next section, the project provides students an opportunity to set up message encryption.

Choosing a web application reduces requirements for technical support. A typical message encryption project involves software running on client and server computers and requires substantial support of system administrators (because students and instructors lack necessary server and network permissions). However, the student project requires nothing more than maintaining student Web accounts that are already available.

This project is appropriate for the technical skills of most business students. Many business students know basic techniques for web site development. To prepare them for this project requires only introducing them to ASP, including methods for connecting Web pages to databases. Because the code for ASP applications is more readable than other programming languages, students have no serious problems becoming familiar with it. Also, as students present their projects, other students can easily learn the different techniques used by different students to implement information security.

3. AN OVERVIEW OF MESSAGE ENCRYPTION

An overview of message encryption may help explain the basis for the student project. There are two major classes of encryption algorithms (Stallings 2000): conventional encryption and public-key encryption. Conventional encryption uses one secret key for both encryption and decryption. This key is shared by message sender and recipient. Some popular conventional encryption algorithms are DES (FIPS PUB 1977), IDEA (Lai 1991), Blowfish (Schneier 1993), RCS (Rivest 1994), CAST-128 (Adams 1997), RC2 (Rivest 1998) and TDEA (FIPS PUB 1999).

Public-key encryption generates keys in pairs. If one key is used to encrypt a message into a ciphertext, another key can decrypt the ciphertext into the original plaintext. Public-key encryption was first publicly proposed by Diffie and Hellman (1976). The most popularly adopted public-key encryption algorithm is the RSA encryption algorithm (Rivest 1978). The public-key encryption algorithms are largely used for digital signature and key distribution due to their heavy computational burden.

As a simplified system, the course project uses the conventional encryption algorithm without any requirements for key distribution. (Secret keys can be delivered in person within the class.) Students develop their own encryption algorithms that have to include all three basic operations: substitution, transposition, and exclusive or. Advanced students who are interested in more sophisticated encryption algorithms are referred to Web sites where free source code of some popular conventional encryption algorithms is available.

4. AN EXAMPLE OF STUDENT PROJECT

Students develop Web applications that can transmit encrypted messages back and forth between client and server computers. For example, one student developed a grade report system. It is based on a two-way Web site that allows a student to enter his/her unique user id and course ID (password) for retrieving his/her grade information from a database. The user IDs and grades have to be encrypted before transmission over the Internet. To complete this project the student creates his/her Web site that connects to a small database, and then adds encryption/decryption functions to the Web site. Interested readers may view or download this project (http://www.birdnest.org/caoql/encryption/). In the home page of this Web site, a hyperlink ("Grades") activates the grade report system. This system includes two ASP pages (index.asp and grades.asp) that connect to a Microsoft Access single-table database. This database stores for each student the user ID, the course ID, name and grades. The course IDs are encrypted before leaving the client computer. The grades from the database are encrypted before being sent from the Web server. Figure 1 shows cooperation between client and server computers.

When the hyperlink "Grades" is clicked, the client browser sends a request to the Web server for the ASP file "index.asp". The server processes the server-side script in this file and sends the resulting Web page to the client computer. The index.asp page has two forms. The first form has input boxes for user to enter his/her user ID and course ID, and two command buttons (Figure 2). (One may observe the functioning of this page by visiting the aforementioned Web site with a user ID "smiths1" and a course ID "abcde"). When the user clicks the command button ("Encrypt") the client-side script calls an encryption function that generates a secret key based upon the course ID, encrypts the course ID with this secret key, and then writes both user ID and the encrypted course ID into the text-input boxes of the second form (Figure 2). When the submit button ("Login") is clicked, the form takes action that again requests index.asp from the Web server as the client computer sends the user ID and the encrypted course ID along with the request. Again, the server processes the server-side scripts in index.asp, that reads the user ID and the encrypted course ID, and then searches database for a match of user ID. If there is no match, the resulting Web page is sent for the user to reenter a user ID. If a match is found, the server-side script retrieves the course ID from the database and generates the secret key with the course ID. The secret key is used to decrypt the encrypted course ID from the client computer and then the decrypted course ID is compared with the course ID from the database. If there is no match, the resulting Web page is sent for the student to reenter a course ID. If two course IDs match perfectly, the user's browser is redirected to the second ASP file (grades.asp) that has access to the correct course ID that is stored in a serverside ASP object called a "session variable". This technique prevents users from directly accessing the grades.asp without a correct course ID. If a user tries to directly access the grades.asp with its URL, the session variable is null and the user's browser will be redirected to index.asp for the user to enter a course ID.

The second ASP file (grades.asp) retrieves and displays the student grades in the following way. The server processes the server-side script in the grades.asp that reads the course ID from the session variable and retrieves the corresponding record from the database. The second ASP file (grades.asp) retrieves and displays the student grades in the following way. The server processes the server-side script in the grades.asp that reads the course ID from the session variable and retrieves the corresponding record from the database. After retrieving a record, the server-side script uses a secret key generated with the course ID to encrypt student grades, writes encrypted grades into the first form of page and sends the resulting page to the client computer. If the user enters the correct course ID and clicks the command button ("Decrypt"), the client-side scripts in grades.asp will use a secret key based upon the course ID to decrypt grades and will display them in the second form of the page (Figure 3).

5. PEDAGOGY AND STUDENT FEEDBACK

File upload using asp Related Links
Asp file upload sampleUpload file in asp
Fabric place script event quilt aspAsp search engine
Search result aspCri name search asp
Site search aspAsp text search
Asp com lycos search setup smn srcProperty search result asp
Book review search now aspAsp smart upload
Asp simple uploadAsp upload component
Asp upload .netLarge asp upload
Asp upload imageAsp upload and download
Upload asp functionPure asp upload
How to write a file aspAsp include file
Open asp fileFile extension asp
Asp download fileAsp delete file
Asp file system objectOpening asp file
View asp fileAsp read text file
Create xml file aspAsp create file
Asp read fileAsp write text file
Asp io file management sourceAsp email form
Asp form mailAsp form validation
Asp flash formOpm form html of asp
Asp form mailerAsp post form
Asp form processingConvert asp to php
Asp vs phpPhp versus asp
Php y aspAsp php web application builder
Picture of asp snakeEgyptian asp snake
 
©2005 All Rights Reserved   ASP Programe