Abstract

Internet was developed for computers to be interconnected easily and hence allow them to interchange information. One of the early use of the internet was for email communications and file transfers. The web was developed to make the sharing of information much more convenient. However, the technology for protecting data when interaction is allowed was developed piecemeal and many web applications where user communicate using the web form based interface with a server and databases are exposed to various threats including malicious script. Moreover, companies and malicious users use trackers to observe and record the user actions.
In this project we address these problems in connection with course manager system(CrsMgr) which is used currently to manage typical university courses; it includes features for posting notes, tutorials, assignments, projects, create and maintain student groups, provide facility for group peer evaluation, on-line quizzes, and grading. The technique used to enhance the security based on using filtration layer and prepared-execute layer to make CrsMgr secure. The goal of filtration layer is to catch malicious user input based on suspect key words; The goal of prepared-execute layer is to invalidate malicious input. The implementation of this feature uses mysqli, a PHP extension for secure database access.
We have also developed an experimental browser which prevents user tracking and saves bandwidth by disallowing third party contents. The latter uses two techniques: filtration and user agent faking. Filtration is to check every resource Uniform Resource Identifier(URL) before making a request to load it, and not loading any target URL if it is determined to be a third party. The third party determination policy is configured by the user. The browser also provides user agent faking which is a feature that allows masquerading the browser and platform information with random information. The browser provides a simple user interface that allow user to verify the third party content on a web page and stop using a simple switch metaphor.