Chapter 16

The World Wide Web

FIGURE 16.0.F01: A very, very simple Web page.

Courtesy of Dr. Richard Smith

FIGURE 16.0.F02: HTML source text that produced Figure 16.1.

FIGURE 16.0.F03: A hypertext link from an HTML document.

FIGURE 16.0.F04: Format of a URL, which is a Web page URI.

FIGURE 16.0.F05: Format of an email URL.

FIGURE 16.0.F06: Detailed format of the URL authority field.

FIGURE 16.0.F07: Retrieving a Web page using HTTP.

FIGURE 16.0.F08: Packet format for HTTP tunneling.

FIGURE 16.0.F09: Defaced U.S. Senate website, 1999.

Courtesy of Dr. Richard Smith

FIGURE 16.0.F10: Authenticating the Web server with SSL.

FIGURE 16.0.F11: Firefox alert for a mismatched certificate name.

FIGURE 16.0.F12: Certificate information displayed by Firefox.

FIGURE 16.0.F13: Browser authenticates the bpn.gov certificate.

FIGURE 16.0.F14: Alice chooses, fills out, and submits a form.

FIGURE 16.0.F15: Executing a server-side script.

FIGURE 16.0.F16: Client-side HTML script in Javascript.

FIGURE 16.0.F17: Executing the client-side script in Figure 16.16.

Courtesy of Dr. Richard Smith

FIGURE 16.0.F18: The initial website visit produces a cookie.

FIGURE 16.0.F19: The browser adds the cookie to the header in subsequent visits.

FIGURE 16.0.F20: Web content management system.

FIGURE 16.0.F21: Sample data tables from a sample database.

FIGURE 16.0.F22: Example of a SELECT command in SQL.

FIGURE 16.0.F23: Alice logs into a CMS-based website.

FIGURE 16.0.F24: Login masquerade using a command injection attack.

FIGURE 16.0.F25: An SQL command injection vulnerability.

FIGURE 16.0.F26: A password that always matches in SQL.