HW 3

Q3: Jami is an intern on a sales team at a large insurance company. On the first day of the internship, Jami is asked to download a list of all of her friends and contacts from Facebook and upload them to the company database. The team lead explains "This database keeps track of all of our employees, and well as their customers and prospects. This makes it really easy to avoid redundant customer interactions, and also keeps us from cannibalizing customers and business from one another." Jami is wondering if there are ethical issues she should be concerned about. Do you think there are ethical issues involved with this situation? If yes- what are those issues, specifically, and how would you advise Jami?

Create a new database using phpmyadmin (or any other method you choose). The database should have at least two tables: One table should be able to store the username and password of users for session management. Insert one record in this table for use later in the project. The second table should be able to store the articles written by the user. The only information we need for articles is the author (which would be a user of the system), the title of the article and the content of the article. The content field should be able to store at least a thousand characters. Insert one simple record in this table for use later in the project H4

Suppose two client sessions are connected to a single database table, if session one issues a read lock on the table: What would happen if session one issues a write command to the locked table? What would happen if session two issues a write command to the locked table?

Build out a Database Installation Plan that takes the installation of MYSQL through installation and configuration to implement your security plan. Your plan should include a section that has test scenarios to validate the installation and configuration.

Design a simple web application in a programming environment of your choice that illustrates the SQL injection web application vulnerabilities. You should also come up with a secure version of the application that demonstrates how to prevent against their associated attacks.

Rutger University offers classes which visitors to the university can attend only if they are registered for the classes. Registration for the classes requires paying a nominal fee to the bursar, and you need account. The verification of visitors' registration is required in order for a visitor to attend a class, and this verification is done by a system administrator who is also required to log into the system. The verification is done through logging into the Rutgers registration system. If a visitor tries to log in to the system without being registered, an error message will be displayed by the system. Only a System Administrator will be able to create an account for a user of the system. The system administrator is also responsible for resetting login credentials (username and password) To get credit for the course, a participant must take a final exam which is set by a professor and uploaded to the system. The final exam when submitted by the student is reviewed by the professor…

2. Consider the scenario where a Bank Server receives a funds transfer request from a user, Andy, and wants to ensure the authentication and integrity of the funds transfer request. Assume that the bank has received a message (m + KA(H(m)) from Andy. What are the steps that the bank will take to check the integrity and authentication of the message m. Please draw the steps in the box below. Please use the following notation. Andy's Banking Application (m+K(H(m)) KA, KA K, KE m H(m) Bank Server Andy's Public Key, Andy's Private Key Bank Server's Public Key, Bank Server's Private Key Message with the funds transfer request Hash of a given message m Please use this space to draw the steps the bank will take to check the integrity and authentication of the message m.

Computer Science Assume you work in the IT department at an organization in Florida. The 500 employees in the organization are diverse in age, gender, race, nationality, and religious preference. Scenario: You discover pornographic images on a company server, which you are responsible for maintaining. You think that some of the images are of nude children. After a forensics investigation, you cannot trace the origins of images to a specific user in the organization. You discover that dozens of employees, including a co-worker, have viewed the images, but no one has reported the incident. What do you do? Whom do you inform? Do you delete them? Do you block further access? Do you call the police? What are the legal requirements you must take?

The client servers and the database are on separate layers, thus there must be an intermediary step in between them. It is often referred to as the layer that is in between.

CSV FILE INFO• Option: Scrape, not download, the CSV file instead of scraping table.   Create the 6 agents to handle the annual data. These agents extract the yearly dataa time over the range 1990 thru 2019. When the data has been extracted, the plota linear regression for each threaded agent.Threading rules:▪ Only one agent can access the database at a time.▪ The database inquiry only request one cell of data per request for data.▪ The agents must make repeated requests for annual data.After collecting the data, plot a liner regression for each gas using either Matplotlibor Plotly.

Create a spreadsheet that takes eight values that a user inputs into eight different cells. Then create a row that transposes the cells to simulate a transposition cipher, using the example transposition cipher from the text. Remember to work from right to left, with the pattern 1 > 3, 2 > 6, 3 > 8, 4 > 1, 5 > 4, 6 > 7, 7 > 5, 8 > 2 where 1 is the rightmost of the eight cells. Input the text ABCDEFGH as single characters into the first row of cells. What is displayed?

1. Create a new account with MongoLab and create a new MongoDB Deployment and set the plan to sandbox: 2. Add a route that adds a product. It should delegate to the product manager module. Modify the product-manager to store the product in your mongolab db. 3. Add a route that deletes products. It should delegate to the product manager module. Modify the product-manager to delete the product in your mongolab db. 4. Modify the handler for your route that returns products to retrieve the products from your mongolab db. Zip your entire project up in a folder

What do we call the process in which the client authenticates to the serverand the server authenticates to the client?

The layer that can be thought of as the intermediate stage is the one that can be found between client servers and the database. In certain circles, it is also referred to as the layer that comes between.

Under server security, you can create additional Server Roles. F In simple recovery model, no differential backups are performed. T A full backup of a database does not include all objects, system tables, and data. Log files are not part of a filegroup and are managed separately from the data space. F A differential backup truncates the transaction log

Utilizing a random period of time between resource requests can help to avoid a livelock. True False

Consider the "Frame" given below, write a Java Controller to insert the information into the database. Consider "Your ID" as the database and table name. First Name Last Name UserName Password Address Contact No Update

There are two types of objects: scripts and stored procedures. How do their differences manifest themselves? Different people have different roles. When possible, it is best to install Stored Procedures through the database.

Plzzz fast

Think of a bank that has several database locations.Assume that persistent messaging is the sole method available for the databases to interact. This database is distributed, right? Why?

One of the problems with the Internet email system is that sending forged emails is relatively straightforward, i.e., it is easy to send an email with a fake sender/from address.  One solution to this problem would be for a domain’s mail servers to digitally sign any email originating from the domain.  For this to be useful, the public key would need to be made available to clients to validate the signatures.  It is proposed that the public keys of the mail servers will be verified and signed by a certification authority (same as SSL/TLS certificates) and distributed via a standardised URL for the domain, e.g., https://mybusiness.com/email.pubkey. (a) Explain how the client would obtain the public key and validate the email server’s digital signatures. (b) Discuss the problem of trusting the obtained public key and how this solution results in public keys that can/cannot be trusted. (c) Indicate whether you believe this approach could be used to prevent forged emails and explain why it…

Scenario: A former employee repeatedly accessed his previous supervisor’s email account after leaving the financial company, allowing him to email himself company proprietary information and materials. The insider was an employee of a financial services company. After departing the company, the former employee repeatedly accessed his former supervisor’s email account (using credentials provided to him by the former supervisor) on about 100 occasions without authorization. The former employee sent emails from the former supervisor’s email account to his email account and his email account at his new employer's company. One of those emails included an attachment that contained proprietary information, including internal performance metrics. Another email attached is a password-protected spreadsheet with compensation and performance evaluation information for various employees. Q. Concerning the above scenario, What information privacy principles have been breached? What you would do to…

Based upon your readings this week, explain what each of the following terms mean and how they can be prevented.  This will aid you in preparing for the quiz on this material.  Topics: Buffer Overflow Injections (SQL, HTML, Command, Code) Authentication Credential brute force Session hijacking Redirect Default credentials Weak credentials Kerberos exploits Authorization Parameter pollution Insecure direct object reference Cross-site scripting (XSS) Stored/persistent Reflected DOM Cross-site request forgery (CSRF/XSRF) Clickjacking Security misconfiguration Directory traversal Cookie manipulationLinks to an external site. File inclusion Local Remote Unsecure code practices Comments in source code Lack of error handling Overly verbose error handling Hard-coded credentials Race conditions Unauthorized use of functions/unprotected APIs Hidden elements (sensitive info in the DOM) Lack of code signing

vi. write some difference between Authorization and Authentication in Web testing.