Stanford Web Application Toolkit

From Web Services Wiki

(Difference between revisions)
Jump to: navigation, search
m (Protected "Stanford Web Application Toolkit" [edit=sysop:move=sysop])
Current revision (12:17, 25 February 2009) (edit) (undo)
 
Line 1: Line 1:
== Introduction ==
== Introduction ==
-
The Stanford Web Application Toolkit (SWAT) is a set of tools designed to assist Stanford web developers in creating secure and robust PHP-based web applications. It gives the programmer straightforward methods for connecting to the database, searching the directory, authorization, sending e-mail, handling file uploads (coming soon), defending against SPAM (coming soon), and other common-but-often-tedious tasks. SWAT has three primary goals: security, accessibility, and ease of use. The toolkit is broken down into several modules.
+
The Stanford Web Application Toolkit (SWAT) is a set of tools designed to assist Stanford web developers in creating secure and robust PHP-based web applications. It gives the programmer straightforward methods for connecting to the database, searching the directory, authorization, sending e-mail, handling file uploads, defending against SPAM, and other common-but-often-tedious tasks. SWAT has three primary goals: security, accessibility, and ease of use. The toolkit is broken down into several modules.
== Contents ==
== Contents ==
Line 15: Line 15:
* [[How to set up a configuration file for the Stanford Web Application Toolkit|How to set up a configuration file]]
* [[How to set up a configuration file for the Stanford Web Application Toolkit|How to set up a configuration file]]
* [[How to organize your application's basic information using the Stanford Web Application Toolkit|How to organize your application's basic information]]
* [[How to organize your application's basic information using the Stanford Web Application Toolkit|How to organize your application's basic information]]
 +
 +
=== StanfordAuthorization ===
 +
 +
In conjunction with WebAuth, StanfordAuthorization serves as a convenient way to perform fine-grained authorization to permit or deny certain people from accessing parts of your application.
 +
 +
* [[How to set fine-grained access controls in conjunction with WebAuth using the Stanford Web Application Toolkit|How to set fine-grained access controls in conjunction with WebAuth]]
 +
* [[How to check if a script is behind WebAuth using the Stanford Web Application Toolkit|How to check if a script is behind WebAuth]]
 +
* [[How to log a user out of WebAuth using the Stanford Web Application Toolkit|How to log a user out of WebAuth]]
 +
 +
=== StanfordData===
 +
 +
StanfordData is split up into two subclasses: StanfordTextFile and StanfordDBQuery. The former is useful for parsing, sorting, and displaying data contained in CSV files. StanfordDBQuery works nearly identically, but instead of parsing CSV files, it reads from a MySQL database. Both classes feature a method for displaying retrieved data in an HTML table that may be easily styled and customized.
 +
 +
* [[How to parse, sort, and display a text file using the Stanford Web Application Toolkit|How to parse, sort, and display a text file]]
 +
* [[How to retrieve, sort, and display information from a database using the Stanford Web Application Toolkit|How to retrieve, sort, and display information from a database]]
=== StanfordDatabase ===
=== StanfordDatabase ===
Line 37: Line 52:
* [[How to send e-mail using the Stanford Web Application Toolkit|How to securely send e-mail]]
* [[How to send e-mail using the Stanford Web Application Toolkit|How to securely send e-mail]]
 +
 +
=== StanfordFileUpload ===
 +
 +
Allowing file uploads is another convenient feature of PHP that by default comes with a plethora of potential security holes. StanfordFileUpload is a great improvement over PHP's default file upload behavior. With automatic, built-in error detection and reporting and easy ways to set restrictions on the types of files uploaded, this module attempts to protect against many of the problems that affect web applications across the web.
 +
 +
* [[How to securely allow file uploads using the Stanford Web Application Toolkit|How to securely allow file uploads]]
 +
 +
=== StanfordForm ===
 +
 +
SPAM is a huge problem, and while many websites have begun adding CAPTCHAs and other less-than-accessible approaches to solving the problem, we developed a non-intrusive countermeasure designed to make bots reveal themselves instead of the other way around. StanfordForm has SPAM protection and also some general error-handling functions.
 +
 +
* [[How to implement a SPAM control countermeasure that remains accessible using the Stanford Web Application Toolkit|How to implement a SPAM control countermeasure that remains accessible]]
 +
 +
=== StanfordLog ===
 +
 +
Logging is an essential feature of any site, whether the goal is to track user activity or record errors. StanfordLog contains two subclasses: one for logging to a database (StanfordLogDatabase) and one for logging to a file (StanfordLogFile). Each of the logging classes may be configured to periodically send the latest log entries to the site administrator via e-mail (using StanfordLogEmailSettings).
 +
 +
* [[How to log to a file using the Stanford Web Application Toolkit|How to log to a file]]
 +
* [[How to log to a database using the Stanford Web Application Toolkit|How to log to a database]]
 +
* [[How to set up an e-mail log using the Stanford Web Application Toolkit|How to set up an e-mail log]]
=== StanfordUtil ===
=== StanfordUtil ===

Current revision

Contents

Introduction

The Stanford Web Application Toolkit (SWAT) is a set of tools designed to assist Stanford web developers in creating secure and robust PHP-based web applications. It gives the programmer straightforward methods for connecting to the database, searching the directory, authorization, sending e-mail, handling file uploads, defending against SPAM, and other common-but-often-tedious tasks. SWAT has three primary goals: security, accessibility, and ease of use. The toolkit is broken down into several modules.

Contents

General

StanfordApp

This module functions as a light framework for Stanford web applications. Using StanfordApp, you may load a YAML-formatted configuration file with your site's basic information, database configuration, and other settings.

StanfordAuthorization

In conjunction with WebAuth, StanfordAuthorization serves as a convenient way to perform fine-grained authorization to permit or deny certain people from accessing parts of your application.

StanfordData

StanfordData is split up into two subclasses: StanfordTextFile and StanfordDBQuery. The former is useful for parsing, sorting, and displaying data contained in CSV files. StanfordDBQuery works nearly identically, but instead of parsing CSV files, it reads from a MySQL database. Both classes feature a method for displaying retrieved data in an HTML table that may be easily styled and customized.

StanfordDatabase

A simple extension of PHP's MySQLi, this module greatly simplifies database-related functionality at Stanford. Enabling MySQL-based sessions is one line of code, and turning on encryption is just as easy.

StanfordDirectory / StanfordPerson

Writing raw LDAP queries and parsing the results using PHP is far from straightforward, which is why we developed these classes. StanfordDirectory connects and binds to the directory in order to perform searches, while StanfordPerson provides an intuitive means of getting basic information about Stanford users.

StanfordEmail

It is easy to send e-mail using PHP, so easy that many developers overlook the potential security flaws. StanfordEmail is a secure extension of the open source project PHPMailer. It adds error detection and reporting, automatic mail server configuration, and easier to understand functions. Securely adding file attachments takes only a couple extra lines of code so that you don't have to bother writing your own MIME headers.

StanfordFileUpload

Allowing file uploads is another convenient feature of PHP that by default comes with a plethora of potential security holes. StanfordFileUpload is a great improvement over PHP's default file upload behavior. With automatic, built-in error detection and reporting and easy ways to set restrictions on the types of files uploaded, this module attempts to protect against many of the problems that affect web applications across the web.

StanfordForm

SPAM is a huge problem, and while many websites have begun adding CAPTCHAs and other less-than-accessible approaches to solving the problem, we developed a non-intrusive countermeasure designed to make bots reveal themselves instead of the other way around. StanfordForm has SPAM protection and also some general error-handling functions.

StanfordLog

Logging is an essential feature of any site, whether the goal is to track user activity or record errors. StanfordLog contains two subclasses: one for logging to a database (StanfordLogDatabase) and one for logging to a file (StanfordLogFile). Each of the logging classes may be configured to periodically send the latest log entries to the site administrator via e-mail (using StanfordLogEmailSettings).

StanfordUtil

StanfordUtil is a collection of miscellaneous tools that require little-to-no configuration. Operations such as undoing magic quotes and setting up custom error reporting only require a single line of code each using this module.

Personal tools