| ASP (Application Service Provider) is a model of operational leasing. Enterprises can hire computers and software systems of ASP to manage their operations. By doing this, the enterprises gain a substantial savings from the purchase and operation of IT products technology funds. So ASP has become the preferred model of SMEs informationization.As a typical Web application, security has become the most important aspect which had restricted the development of ASP. A favorable security policy can promote the development and application of ASP. Although most of the ASP providers have taken correlative security measures to protect ASP, the research of ASP security is limited on the surface layer of physical security, network security, data encryption etc. This has limited the research of ASP security and left it no abrupt development. The thesis breaks through the limitation and analyzes the ASP security from three tiers of B/S structure which includes client tier, application service tier and data-base tier. The thesis emphasizes on the importance of the ASP security policy. Then we put emphasis on the security of application service tier and apply Role-Based Access Control in ASP application.At first, ASP model and the importance of ASP security and the background of this thesis are given. In chapter2, the thesis introduces the ASP security architechture, ASP security risk and the corresponding security components. The chapter3 analyzes layered security designing of ASP application. ASP application security is divided into three tiers which are client tier, application service tier and data-base access tier. This chapter gives a particular introduction to every tier. The chapter4 analyzes the security of ASP application service tier, then puts Role Based Access Control into ASP application and puts forward a model of ASP application design based on... |
PDF Full Text Request