Internet Programming Lab 4: Security


Due: Reports Due Thursday May 7th at 5pm.

Summary:
Given the information discussed in class. Break into a simple web application and find the username and password of the privilaged user.

Details:
You may work in groups of up to two. If you wish to do so both group members must be present during both the attempts to find the username and password and during the writing of the report.

Please have both group members of multi person groups sign the report indicating that they have abided by this guideline.

Note, since this lab is posted on the web, I will be deliberatly vague about some things. I will discuss details in class.

You will have access to a small web application that uses authentication. There are two registered users Student and the one you have to find. Student's password is 'sample'. Your job is to find out what the priviliged users username password is.

You can find the application at http://csdev02.bridgew.edu:10001/~jsantore/lastProj/

It is quite possible that this app is not terribly secure. (in fact several of the security issues we've talked about in class are deliberatly left in) So I've made it a pretty minimal application.


What you need to hand in:
You will hand in a report which includes
  1. Your name(s)
  2. The usernamen and password for the priviliaged account
  3. A description of the sucessful method that you used to discover the password.
  4. A description of any failed attempts.
And yes you need to write this properly. Complete sentances and proper grammer are both appropriate.

If you wish to turn the project in at a time that I am not in the office, just slip the paper under my door - remember to sign the paper if you are doing more than one student per project.