Why Client Side Storage? Where to store? How to store secure? Conclusion Client Side Secure Storage Scalability for free Dominik G¨ atjens Computer Science and Media Hochschule der Medien, Stuttgart 27. January 2012 Dominik G¨ atjens Client Side Secure Storage 1 of 24
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Client Side Secure StorageScalability for free
Dominik Gatjens
Computer Science and MediaHochschule der Medien, Stuttgart
27. January 2012
Dominik Gatjens Client Side Secure Storage 1 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Agenda
1 Why Client Side Storage?Sessions are a workaroundSessions scale very badScaling at no cost
2 Where to store?Client Side CapabilitiesTransmission PerformanceClient Side Scaling
3 How to store secure?Encrypt DataSignaturesMessage Authentication Codes
4 ConclusionConclusion
Dominik Gatjens Client Side Secure Storage 2 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Sessions are a workaroundSessions scale very badScaling at no cost
Agenda
1 Why Client Side Storage?Sessions are a workaroundSessions scale very badScaling at no cost
2 Where to store?Client Side CapabilitiesTransmission PerformanceClient Side Scaling
3 How to store secure?Encrypt DataSignaturesMessage Authentication Codes
4 ConclusionConclusion
Dominik Gatjens Client Side Secure Storage 3 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Sessions are a workaroundSessions scale very badScaling at no cost
HTTP is stateless
”HTTP is a stateless protocol. A stateless protocol does notrequire the server to retain information or status about eachuser for the duration of multiple requests.”
– Wikipedia –
Dominik Gatjens Client Side Secure Storage 4 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Sessions are a workaroundSessions scale very badScaling at no cost
HTTP Sessions are a Workaround, arent they?
HTTP is build on a stateless approach
no connection indicatorwhen does a session start? when does it end?⇒ sessions can only be closed by timeout
Every open session consumes memory
Dominik Gatjens Client Side Secure Storage 5 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Sessions are a workaroundSessions scale very badScaling at no cost
Server Side State
Server
Memory
Session A
Session BSession C
Client D
Client C
Client B
Client A
Dominik Gatjens Client Side Secure Storage 6 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Sessions are a workaroundSessions scale very badScaling at no cost
Sessions scale very bad
No simple adding of machines
You have to guarantee that one user always lands on the samemachine
Or you have to implement a complex multi-machine sessionstorage
Dominik Gatjens Client Side Secure Storage 7 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Sessions are a workaroundSessions scale very badScaling at no cost
Scaling at no cost
Build your webserver like a webservice:
The client brings the data
The server application consists of several independet functions
Functions are without side effects
so you get an easy stateless webserver which you can simply upgradethrough adding machines
Dominik Gatjens Client Side Secure Storage 8 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Client Side CapabilitiesTransmission PerformanceClient Side Scaling
Agenda
1 Why Client Side Storage?Sessions are a workaroundSessions scale very badScaling at no cost
2 Where to store?Client Side CapabilitiesTransmission PerformanceClient Side Scaling
3 How to store secure?Encrypt DataSignaturesMessage Authentication Codes
4 ConclusionConclusion
Dominik Gatjens Client Side Secure Storage 9 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Client Side CapabilitiesTransmission PerformanceClient Side Scaling
Client Side Capabilities
Cookies
RFC 2965: min. 20 Cookies a 4kb = 80kb pro DomainFirefox 2,3 and IE7 supports 50 cookies a 4kb = 200kbFlash-Cookies unlimited storage
HTML-Markup e.g.hidden fields
Javascript-RAM
HTML5 Storage
Dominik Gatjens Client Side Secure Storage 10 of 24
Why Client Side Storage?Where to store?
How to store secure?Conclusion
Client Side CapabilitiesTransmission PerformanceClient Side Scaling