web服务器的访问控制和安全审计问题研究word论文
AbstractAs the Browser / Server model portability and universality that speed popular web services. At the same types of business services is also very wide, including the growing online payment services, and other sensitive information, so the security requirements have become more urgent. Security has become one of the most important characteristics to a system or platform. Access control can be a layer of filter access to resources, which can prevent unauthorized users from unauthorized access. Popular systemes executes role-based access control policy, it is a protection method make use of giving different roles which users can access the system by playing it for different users. User Audit can audit users' behavior, so that the reasons for exploration, defined responsibilities, originally tracking possible. If we want business systems up and running, we need a safe and stable environment, the user's operation is very detailed grasp of practical significance.First,I have analyzed architectures of Apache and Tomcat, which two popular Web Server. studied their main core structures and systems components, understanding audit logs and access control features of these two popular servers. Then a detailed analysis of the internal process of the Web server handle with user's request has proposed, and on this principle, I proposed access control and security audit strategies that related to improveing security of Web server. Then I modified and recompiled a new Tomcat Server,And practiced a thired -party applications which apply to all requirements .be tested to verify the correctness of the theory.Web server is a grassroots components of web running environment, The security policy which embedded in the component are applicable for all of third-party applications, avoiding the need for additional development requires this functionality for each application, so that it can focus more on core business. Can improve the development efficiency and shorten the project cycle.