.

Saturday, March 30, 2019

Advantages And Disadvantages Of Optimisation Techniques

Advantages And Disadvantages Of optimisation TechniquesWe have to figure of speech different techniques to optimise our website. Our main focus pass on be on how to trim the size of it of the web pageboy and script execution prison term. This, in turn, forget unquestionably improve the user experience as well as reduce the dispatch on the master of ceremoniess. The images and in writing(p) interfaces occupy the maximum storage size on the webpage. Therefore we need to compress the images and the scripts in an effective manner that wont affect functionality and quality of the website. First we need to simplify the design of the website, reducing the number of HTTP requests. JavaScript and CSS erect be minified by removing comments and space characters from the compute. moreover we fecal matter gravel java script and CSS external which idler be cached by the browser. Post Load and Pre Load components evict be set, which go forth make the user experience better by initially dispatch the important content and then loading the remaining content. Ultimately we can optimise loops which will reduce the script execution time.Specific Optimisation Techniques to be used for the WebsiteThe different optimisation techniques areMinimise HTTP requests bring in an expiry or a cache control header puzzle scripts at the bottomRemove duplicate scriptsMake Ajax cacheablePost load componentsPre load componentsMake JavaScript and CSS externalReduce DNS LookupsMinimise HTTP requestsThe majority of the time taken when a page is loading is a result of HTTP requests. reducing the number of components will thus reduce the number of HTTP requests required to try on the page. This is the key to faster loading pages.Combined files are a counselling to reduce the number of HTTP requests by combining all scripts into a genius script, and similarly combining all CSS into a single stylesheet.Discussing the decisions for each pageWe will use round techniques which wi ll be applicable on all the pages. Style sheets will be placed at the slip away and scripts at the bottom of the webpage. AJAX, JavaScript and CSS made cacheable. CDN servers will be used and redirects, 404 errors, and exculpate image source avoided.GET will be used for AJAX requests and as well make efficient use of pre and post load components. The complete JavaScript code and CSS will be minified.The Home page is the one which should be fast, captivating and interactive. The Home page will make up the rapport of your website. In order to make it attractive we need to use different images, CSS, graphical interfaces and flash content. Images and graphical interfaces are bigger in size so we will scale them and try to convert them into a more worthy format such as Portable Net lop Graphics (.png).The users login page, word page, upload page and modify page will be a good deal simpler than home page but they will contain lots of videos and images with the description. Thus, we can just remove the white space characters from their code reducing the size of the webpage and optimising the images. Videos are too big in size so we will non upload it on our server. We will use YouTube or new(prenominal) free video upload sites and embed the link on our webpage. harvest-tide Catalogue will contain all the images of the product that can be pursuited and sorted by category and brands. The loops will be optimised for faster search and sorting.Business study, current employees and product information will contain the luxuriant textual description with images of what we do, what we sell and who works in our company. all in all this information is static, so we will cache the information and optimise the images.Q2. Client office security issues are an extremely important component of any web-based application. footClient aspect security is one of the most(prenominal) important topics in internet security. All the information which has been downloaded from se rvers is stored on the clients machine. All the site preferences as well as your login elaborate are stored as cookies on the topical anesthetic machine and we need to keep those files safe from hackers. We use different antiviruses and firewalls on the local machine, however they are not as efficient as they should be.JavaScript and AJAX are the most vulnerable languages for most of the current web-based figure outs like Trojans, viruses, etcetera 1(Uta Priss, 2012, Advanced Client-Side SecurityWhat many users do not know, From http//www.upriss.org.uk/awt/lec4a.pdf)In this enumeration we will look at the major threats, type of client side barrages and somewhat strategies for minimising those risks.Problem DomainNowadays internet is a canonical necessity of day to day life. We are so dependent on internet these days. Everything from paying our electricity bills to international business meetings we do online. All our bank details are on our local machine which is vulnerable to hackers. For this reason do we need a secure system to work safely online. Whenever we use internet our local system stores the information from the server which contains your preferences, form information and the history of the webpages you viewed.How do hackers operate..?Hackers try to bypass the firewall and have in set aside access to local host resources. There are more chances to breach the security of the firewall when the hacker and the host are on the resembling network because request for resources originating inside the network can be trusted more than request originating from outside the network. (Bidgoli Hossein , Wiley John Sons, (2006) Hanew Jersey, John Wiley Sons)IssuesOne of the most widely used languages for website development, JavaScript, is not secure. JavaScript is an open scripting language which means anyone can manipulate it and change its function. The JavaScript security model attempts to defend the user from websites that whitethorn be venomou s and is not designed to protect the website owner. It cant protect data sent from the browser to the server and there are limits on what the page author can control via JavaScript whilst it is being executed inside the browser. The success of JavaScript is also however the reason why attackers have targeted and leveraged the applied science as a means to compromise the systems and reek untold heartbreak for clients. JavaScript has been used to perform attacks that involve redirects, downloading of content, or even revealing details about a victims system.2 Now we will discuss some attack strategies such as XSS (Cross Site Scripting), CSRF (Cross Site Request Forgery) and introduce some prevention measures to improve the security of the website.XSSCross-Site Scripting attacks are a type of shot problem, in which despiteful scripts are injected into the another(prenominal)wise benign and trusted websites. Cross-site scripting (XSS) attacks move on when an attacker uses a web app lication to send a malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite general and occur anywhere a web application uses input from a user in the output it generates without validating or encoding it.An attacker can use XSS to send a malicious script to an trustful user. The end users browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used within that site. These scripts can even rewrite the content of the HTML page.Prevention measuresValidate, filter, and sanitize all inputProcess output response stream data through encodingMany modern browsers will attempt to take note an XSS attack and notify the userCSRFCSRF (Cross-Site Request Forgery) is an attack which outcomes an e nd user to execute unwanted actions on a web application in which he/she is currently authenticated. With a little help of social engineering science (like sending a link via email/chat), an attacker may force the users of a web application to execute actions of the attackers choosing. A successful CSRF exploit can compromise end user data and operation in the case of a typical user. If the targeted end user is the administrator account, this can compromise the entire web application.Prevention measuresImplement strong XSS mitigations use of goods and services Tokens to verify expected user actionsHidden form value palmE.g., RoR ASP.Net MVC provide framework supportUse POST for any actions that manipulate data on server sideIs the idempotent web paradigm for HTTP GET compromised?Check HTTP ReferrerMost modern browsers include features to palliate the pursual attacksPhishing AttacksSpywareMalicious websitesAdwareDestruction or corruption of data or mannequinTheft of configura tion informationInstallation of malwareTheft of information and acknowledgement(Oriyano Sean-Philip and Shimonsk Robert,(2012)Client Side Attacks and Defense, USA, Elsevier, Pg 130)ConclusionIn summary, we discussed the major client side scripting attacks, limp measures and the most vulnerable languages. Client side scripting attacks are effective in taking the personal information of the user. However, if we play smart we can palliate and avoid those attacks in the first place by making some changes in our firewall settings and not clicking on suspicious links. Prevention is always favorite(a) over a cure for the problems being faced for a normal user in this unprotected web environment. As programmers, we should make appropriate use of the AJAX commands and code the website in such a way as to make it more reliable and harder to alter. Lastly, JavaScript is the most popular language and will remain so in coming years. In light of this, we should make efficient use of the prima ry functions and the libraries to make it less vulnerable to attacks.

No comments:

Post a Comment