Problem 8: Group Members: Michael Nguyen, Rohan Kumar, Mykhailo Behei
CSRF - cross-site request forgery. Unauthorized commands are transmitted from a user that the web application trusts. For example, a user logs into a bank account; the bank stores a cookie; user goes into the infected website and that website uses a cookie to send money to the bad person. XSS Attack - cross site scripting. XSS enables attackers to inject client-side scripts into the web page viewed by other users. Inclusion Attack - when the links are of from http://website.com/?c=…, you can put link to bad website with the evil script after c= that will get to run on the server with the web server privileges.
Kyle Escott, Bryan Nguyen, Jack Wanke, Richard Papalia Problem #1 Assuming a repository is already in place with several commits made: >git log (to get information about past commits. Obtain revision number for 5 commits back) >git format-patch rev5 –stdout > my.patch (creates a single file containing a concatenation of patches. Since no second revision is specified, the head is assumed to be used) >git apply –check my.patch (checks to see if applying this patch to this branch will cause any problems) >git am –signoff < my.patch (Finally applies the patch to the branch)
Problem 9: Group Members: Michael Nguyen, Rohan Kumar, Mykhailo Behei 9. Show with code (a) how to serve a static page with express, (b) how to connect to a mysql database in node, (c) how to determine the value of a posted form variable in Express. a. var express = require('express'); var app = express; app.use(express.static('index.html')); b. var mysql = require('mysql'); var connection = mysql.createConnection({ host: 'localhost', user: 'root', password: 'password', database: 'database' }); connection.connect(); c. <form id="formID" method="post" action="/"> <input type="text" id="email" name="email"/></form> var body_parser = require('body-parser'); var express = require('express'); var app = express(); app.use(body_parser.urlencoded({extended: true})); app.post('/', function(req,res){
var value = req.body.email;}); (Edited: 2017-05-15)
Name : Pei Liu Student ID: 010200255
Problem 9: (1) var express = require('express'); var path = require('path'); app.use(express.static(path.join(__dirname, 'public'))); // Assume that we use public folder for static (2) var mysql = require('mysql'); var config = require('Config.js'); var connection = mysql.createConnection({ host : config.host, // Assume that we have Config.js for setting the database user : config.user, password : config.password, }); (3) var bodyParser = require('body-parser'); app.use(bodyParser.urlencoded({ extended: false })); router.post('/', function(req, res, next) { var value = req.body.value // assume that form will post value argument var result = validate(value); // assume that we have validate function to do some validation res.send(result); });
<!ELEMENT NewsArticle (Title, Date, Body, Author, Newspaper)> <!ELEMENT Title (#PCDATA) > <!ELEMENT Date (#PCDATA)> <!ELEMENT Body (#PCDATA)> <!ELEMENT Author (#PCDATA)> <!ELEMENT Newspaper (#PCDATA)> <!ATTLIST NewsArticle free CDATA #FIXED "free">
Yash Parikh Huy Nguyen Luis Otero Xincheng Yuan
var inputList = document.getElementsByTagName("input")
for(var i = 0; i < inputList.length; i++){
var text = inputList[i].value if(text.match(/f(o)+d/)){ alert("I'm busy eating"); return false } } return true }
function ascendingUghNumbers() { var numbers = new Array(); for (var i = 0; i < arguments.length; i++) { if (typeof arguments[i] === 'number') { numbers.push(arguments[i]); } }
numbers.sort(); var ughArray = new Array(); for (var i = 0; i < numbers.length; i++) { ughArray.push("Ugh"+numbers[i]); } return ughArray; }