 Dear students, in this series of two modules, I will talk about the security and performance issues of web database applications. I will cover four security aspects in this module, two in the next modules along with the performance issues. Now, what is the point over here? The point over here is that there are many security loop holes in web-based database applications. The reason being that the TCP IP protocol has securities issues in it. It was not built and designed for e-commerce applications or banking transactions. So when the traffic is moving over the internet, anybody with a certain little amount of skill can intercept that traffic and do many malicious things on that traffic which is passing. With a little bit of background, so I will talk about the security issues. I will list the security issues in more detail. Then I will talk about the proxy servers and firewalls which can be used to enhance the security, digital signatures and digital certificates and secured socket layer and the security which is built in Java and ActiveX. ActiveX is for the internet explorer. What are the security issues? Here we have listed some of the, about six of the security issues which deal with the data that is being passed is not intercepted. It's private, the data that is passed is passed as it is. Integrity is ensured, it is not changed. We know that who is sending the data, we know who is the recipient of the data and the person who receives the data cannot say that he or she has not received the data and then is the unauthorized and malicious actions that the client cannot perform at the server end and the server cannot perform at the client end. Right? So of course I cannot go into more detail because this is not a security course but I give you an idea. So what is a proxy server and firewall? A proxy server is something which is between the web server and the browser. And when I make a request to the web server, my request first goes to the proxy server and looks for what I am looking for at the proxy server. If it is there, it is retrieved from the proxy server instead of going to the web server so that adds a level of buffer. So in this way the proxy server defends the web server doesn't directly go to the web server. What is a firewall? The firewall is that if I am on the intranet and of course I am on the intranet and I have to expose my web server to my clients also. So I put a machine which is a firewall in between which monitors the traffic which goes from the internet to my internal servers and of course what goes from the internal server to the internet. So that is done with the firewall, prevents unauthorized access. So what is a firewall? A firewall can be hardware, it can be software, it can be a combination of both. And of course a proxy server can also act as a firewall. Why? Because it is like a buffer. It is between the internet and the intranet. It acts as a buffer. It can be acting as a firewall. So we have to ensure the control. So digital signatures and digital certificates, what a digital signature? A digital signature generates a piece of code corresponding to the contents of the message along with a certain key. And what is the properties of the digital signature? Authentication is through a public key. Private key is kept secret. Right? If you remember in one or two slides back I told you about authenticity and integrity. That's what is happening over here. And this is unique for the data which has been signed. So if the data is changed, then that string over here, that is also changed. It will not match. So signed data cannot be changed, can't be changed. If it's changed, then it will be known. So the integrity is ensured. So digital certificate is an attachment. Unlike generating a string of text is an attachment. And what it does, it verifies the authenticity of the sender, of the sender. So what it involves a CA is a certification authority. A certification authority is an authority reputable which ensures, which says that yes, this person A is the actual person A and has a public key with the CA also. And use that public key use for decoding. Details are in the notes. The concept over here is a digital signature is a string and a digital certificate is a file which comes along and they're encrypted. And they ensure authenticity and the integrity. So then we have SSL, the Secured Socket Layer, and we have the secure HTTP also. SSL what it does, it is an encryption protocol, right? And SSL secures the connection, while SHTP secures individual messages. So it is the message versus the connection. You see a difference, message, but remember without trustworthy digital certificates from a certification authority, these protocols are insecure. So either I use SSL or I use SHTP, what I need in both cases, I need a certification authority and it should be a trustworthy certification authority. That will ensure the security and the integrity. So that's the message I want you to take today. Thank you very much.