- HTML and xHTML
- Cascading Style Sheets
- Forms and HTTP
- MySQL and Relational Databases
- Sessions and Authentication
- Certificates and Payment systems
- Digital rights management
- Classes taught by Scott Moskowitz of BlueSpike.
- Client side scripting and AJAX
- HTML and CSS:
- Read the book Head First: HTML.
- Do a web page using 4.01 HTML strict and CSS external style sheet.
- Read the book Web Database Applications, the
discussion of 3-tiered applications and the PHP tutorial.
- Do a PHP script which produces an n-by-n checkerboard of
m-by-m squares of *'s. Here is an
Hint: Use monospace font, and adjust line-height.
- Modify Length Conversion and its style sheeet,
- Find an SQL injection attack against the CRUD application.
- Modify the CRUD application to neutralize all such attacks.
- Add the ability to update multiple records, perhaps with
a chain of update screens and preview.
- Add MD5 hashed passwords with random salt.
- Create a XSS using the CRUD application. I.e., inject into the
database HTML which when (eventually) rendered will be a script.
- Web authentication:
- Read Dos and Don'ts by Kevin Fu, et. al.
- Read A Guide to Web Authentication Alternatives, Jan Wolter
- Read some background information on CAS.
- Log into MyUM using CAS. What cookies are passed?
- Using the IE and the Firefox browsers, how can these
cookies be deleted?
- What should be the
proper operation of these cookies?
Which cookies need to be kep secret? Which cookies when deleted
should end the session?
- Payment systems
- Read documentation from Authorize.Net.
- Follow PHP examples.
- Read about PCI DSS.
- Read Rules for Visa Merchants.
- Write a payment client, on hold until account created
- Read papers about DRM, for tomorrow's class.
the checksum of an
entered credit-card number.
project for a webpage.
- HTML 4.01 Specification
- CSS 2.1 Specification
- PHP Tutorial and Reference Manual
- MySQL Reference Manual
- Standrd ECMA-262: ECMAScript Language Specification 3ird edition.
- Document Object Model in Mozilla
- AJAX documentation.
- RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1
- RFC 2396: Uniform Resource Identifiers (URI): Generic Syntax
- RFC 2109: HTTP State management. I.e. Cookies! (See also RFC 2965.)
- RFC 1034: DNS.
- Jemima Pereira's
4096 Color Wheel
- More Crayon's color cube, based on the RGB square.
- The 216 web
colors arranged by VisiBone.
- Signal vs. Noise
- Getting Real, development by 37signals.
- John Maeda
- My first bookmark for typography
- Position is Everything: Modern browser bugs explained.
- A List Apart: the art and industry of web sites.
Representational State Transfer.
- A relation model of data
for large shared data banks, E. F. Codd. Comm ACM 13(6) June 1970. pp 377-387.
- The Third Manifesto by Darwen and Date. About relational databases.
- Introduction to Data Modeling with the relational model explained.
- Dos and Don'ts of Client
Authentication on the Web by K. Fu, E. Sit, K. Smith and N. Feamster.
- The Failure of Client Authentication the Web by Kevin Fu.
- Defeating Script Injection Attacks
with Bowser-Enforced Embedded Policies, T. Jim, N. Swamy and M. Hicks, WWW 2007, 2007.
- CAS: the central authentication system.
- A Guide to Web Authentication Alternatives, Jan Wolter
- Introducing SSL and Certificates using SSLeay by Frederick Hirsch.
- PCI Security
- Rules for
References for Digital Rights Management
Darknet and the Future of Content Distribution,
by Biddle, England, Peinado and Willman.
- Introduction - Digital Rights
Management, Scott Moskowitz.
evolution of price discrimination in transportation and its
implications for the Internet, A. M. Odlyzko.
- Cryptography and Competition Policy -
Issues with Trusted Computing, Ross Anderson.
- Trusted Computing,
Peer-To-Peer Distribution, and the Economics of
Pirated Entertainment, Schechter, Greenstadt, Smith.
- Supreme Court Decision in the
case of MGM v. Grokster.
- On the (im)possibility of obfuscating
programs, Barak, Goldreich, Impagliazzo, Rudich, Sahai,
Vadhan and Yang. Crypto 2001.
- Bandwidth as Currency, Scott Moskowitz.
for forensic watermarking in A/V products, Joseph E. Oren.