-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathReadme.txt
33 lines (31 loc) · 2.26 KB
/
Readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
README for SENG2250 Assignment 3: Secure HTTP Server with Authentication and Access Control
Introduction
Hello! I'm excited to share my work on this individual assignment for System and Network Security. My task was to enhance an HTTP server program, focusing on authentication and access control. This work is crucial for the online portal of Mako, an emerging startup prioritizing security.
Assignment Overview
The assignment involves two major components:
Modifying a HTTP Server Program: Implementing authentication and access control.
Reflection on the Development Process: Discussing my learning journey, the project's limitations, and potential improvements.
Project Components
1. Admin Console
Functionality: Admin users can manage other clients – add, modify, and delete users.
Initial Setup: Includes a default 'root' admin user with a random password.
2. Password Storage
Implementation: Follows best practices for secure password storage.
3. Multi-factor Authentication
Process: Involves username, password, and a code sent to the user's email.
Tools Used: I recommend using Mailgun for email handling.
4. Token Authentication
Token Validity: 15 minutes.
Security: Tokens are unique and hard to guess.
5. Access Control
Model: Implementation of the Biba access control model.
Details: Various services have different security levels and access permissions.
6. Client Program
Purpose: To demonstrate the implementation of these features.
Reflections
Word Count: 600-1000 words.
Content: I will discuss what I learned from external resources and how it relates to our course content. I'll also address the limitations of the program and suggest potential improvements.
Submission Guidelines
What to Submit: A single zip file containing a PDF with program execution details and reflections, and a 'src' folder with all code and a README.md file.
My Learning Journey
As I developed this project, I learned a lot about system and network security, particularly in the context of authentication and access control in web applications. I explored various external resources, including documentation, forums, and expert discussions, to enhance my understanding and skills. This project has been a valuable addition to my academic and professional growth in cybersecurity.