| With the development of the technology of Web2.0, it is easier and easier to deploy enterprise application on the network, more and more application systems turn to B/S. But ,network environment is very anfractuous. The systems deployed on the network leads to security shortcomings due to system bugs and developer's negligence; in extreme cases, some private information will be leaked, and data will be destructed. Therefore, the security and performance of web services are very important.The security and performance of Web server are maily researched in this paper. At first, common Web-tech is described. Some existed common problems are pointed out, such as unintended Data Disclosure, Buffer Overflows and Remote Code Execution, Denial of Service Attacks and so on. Next, several useful designing principles for web-server are introduced: server processes should be chrooted; server processes should run as unprivileged users; server processes should have the minimal set of database privileges necessary to perform their task; a server architecture should separate independent functions into independent processes. Most of these principles are related to security of Web-server.Through the study of the problems and principles mentioned above, a new web server is presented. Compared to some web servers, such as Apache, Flash, Haboob, this web server makes servers safer by adopting the isolation strategy corresponding process and service, appropriate privilege assignment principle and optimized Asynchronous Database Proxy and so on. Through building a fast and high-effective cache and support the network compression transmission, the service response time and the performance code execution are improved. Meanwhile, the new web server can support the web program of high-language compile by self-glue, which improves system operation. It provides a set of comprehensive tools for the developers to build a reliable web application system. The test proves that relative to Apache, it has advantages in service response time and the performance code execution, also could reduce the cost of system and hardware, which supplements the recent web servers. Finally, the deficiency and research fields of the new web server are pointed in the paper: the security guarantee is in a complex implementation and less-than-perfect. Although, how to establish a safe web application is presented, end-to-end security guarantees still can not be implemented. |
PDF Full Text Request