The perfect user-friendly introduction to Web site management and security for anyone who wants to become a Web professional. Start by understanding exactly what Web servers actually do; then walk through in-depth planning to get your server running right the first time. Choose the best hardware and software; estimate your site's traffic and size your server accordingly; register your domain names; and more. Organize your site; configure your server and set it up to support CGI; and make plans for regular server maintenance. Next learn the critical fundamentals of securing your Web site, your server, the network, client browsers, Web databases, and transactions. Part of Pearson PTR Interactive's new Foundations of Web Site Architecture Series: user-friendly, interactive workbooks that deliver the core Web skills newcomers need most. Endorsed by the World Organization of Webmasters, and supported by a companion Web site with sample pages, code, and exercises!
Eric Larson is Staff Engineer at Sun Microsystems in Burlington, MA, currently performing technical research and software development for Sun's Enterprise Services division. He also teaches several courses in the Webmaster curriculum at Merrimack College.
Brian Stephens works for Sun Microsystems, Inc., as a backline network support engineer. In addition to handling escalated network issues, he also serves as a member of Sun's CCC Security Team, and teaches classes on Web security and internetworking at Merrimack College.
From the Editor. Executive Foreword. Introduction. About the Authors.
I. WEB SERVER ADMINISTRATION. 1. What Is a Web Server?
Client/Server Basics. Electronic Publishing. HTTP Overview. Other Web-Related Servers.2. Planning Your Server.
Hosting Your Site. Hosting Your Own Server. UNIX vs. NT. Sizing Your Server. Domain Names.3. Users and Documents.
Server Users and Directories. Server Administrators. Document Hierarchy. Directory Indexing. File and Directory Names. Transferring Files.4. Server Configuration.
Choosing Web Server Software. Customizing Your Web Server. Controlling Access. Secure Sockets Layer Configuration. Virtual Hosts.5. Server-Side Programming.
Dynamic Documents. CGI and Forms. Server-Side Includes. Active Server Pages. Servlets and Java Server Pages.6. Log Files.
Log File Formats. Referrers. Being Proactive. Statistics.7. Search Engines, Robots, and Automation.
Search Engines. Publicizing Your Site. Robots and Spiders. Automation.
II. WEB SECURITY. 8. Introduction to Security.
Why We Need Security. Types of Attacks and Vulnerabilities. Security Resources. Security Basics.9. Network Security.
Networking Basics. Packet Sniffing. Other Network Vulnerabilities. Firewalls and Proxies.10. Web Server Security.
Host/OS Hardening. Who to Run a Web Server As. File Permissions and Ownership. Other Configuration Concerns.11. CGI Security.
Who to Run CGI As. Poor CGI Programming. Tainted CGI Variables. Buffer Overflows. Other CGI Risks.12. Web Client Security.
Encryption. Secure Socket Layer. Certificate Authorities. Access Control Lists.14. Intrusion Detection and Recovery.
Detecting an Attack. Recovering from an Attack.Appendix A: Answers to Self-Review Questions. Appendix B: ASCII Values. Appendix C: Well-Know Port Numbers. Appendix D: Base Conversion. Appendix E: Packet Formats. Index.