improve cookie based session with decorator pattern
play

Improve Cookie- based Session with Decorator Pattern @ ConFoo - PowerPoint PPT Presentation

Apr 12, 2023 •150 likes •1.06k views

Improve Cookie- based Session with Decorator Pattern @ ConFoo Montreal 2018-03-08 by Jian Weihang Improve Cookie-based Session with Decorator Pattern 1 Bonjour! Improve Cookie-based Session with Decorator Pattern 2 Jian Weihang

  1. Improve Cookie- based Session with Decorator Pattern @ ConFoo Montreal 2018-03-08 by Jian Weihang Improve Cookie-based Session with Decorator Pattern 1

  2. Bonjour! Improve Cookie-based Session with Decorator Pattern 2

  3. ��� Jian Weihang Improve Cookie-based Session with Decorator Pattern 3

  4. @tonytonyjan Improve Cookie-based Session with Decorator Pattern 4

  5. Taiwan Improve Cookie-based Session with Decorator Pattern 5

  6. Improve Cookie-based Session with Decorator Pattern 6

  7. Improve Cookie-based Session with Decorator Pattern 7

  8. Improve Cookie-based Session with Decorator Pattern 8

  9. $ gem install taiwan Improve Cookie-based Session with Decorator Pattern 9

  10. Tech Leader Improve Cookie-based Session with Decorator Pattern 10

  11. Ruby Developer since 2010 Improve Cookie-based Session with Decorator Pattern 11

  12. Maintainer of exif and jaro_winkler Improve Cookie-based Session with Decorator Pattern 12

  13. Published a book in 2015 Improve Cookie-based Session with Decorator Pattern 13

  14. Improve Cookie- based Session with Decorator Pattern Improve Cookie-based Session with Decorator Pattern 14

  15. Outline • Introduction of Decorator Pattern • Security of Rack::Session::Cookie • Encryption of Rack::Session::Cookie Improve Cookie-based Session with Decorator Pattern 15

  16. Decorator Pattern Improve Cookie-based Session with Decorator Pattern 16

  17. Decorator Pattern Attach additional responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassing for extending functionality. — Design Patterns by the Gang of Four Improve Cookie-based Session with Decorator Pattern 17

  18. Using Inheritance class CoffeeWithSugar < Coffee def cost super + 0.2 end end class CoffeeWithMilkAndSugar < Coffee def cost super + 0.4 + 0.2 end end Improve Cookie-based Session with Decorator Pattern 18

  19. What's the problem? • Cannot customize during runtime. • Cannot control how and when to decorate a component. • ex. double milk? • It is tightly coupled. Improve Cookie-based Session with Decorator Pattern 19

  20. What's the problem? • Cannot customize during runtime. • Cannot control how and when to decorate a component. • ex. double milk? • It is tightly coupled. Improve Cookie-based Session with Decorator Pattern 20

  21. What's the problem? • Cannot customize during runtime. • Cannot control how and when to decorate a component. • ex. double milk? • It is tightly coupled. Improve Cookie-based Session with Decorator Pattern 21

  22. Decorator Pattern in Ruby class Milk def initialize(coffee); @coffee = coffee end def cost; @coffee.cost + 0.4 end end class Sugar def initialize(coffee); @coffee = coffee end def cost; @coffee.cost + 0.2 end end coffee = Coffee.new # coffee.cost = 2.0 Sugar.new(Milk.new(coffee)).cost # 2.6 Sugar.new(Sugar.new(coffee)).cost # 2.4 Improve Cookie-based Session with Decorator Pattern 22

  23. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 23

  24. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 24

  25. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 25

  26. Benefits • Plain Old Ruby Object. • Can be wrapped infinitely. • Can use same decorator more than once on component. • Can customize in runtime. Improve Cookie-based Session with Decorator Pattern 26

  27. class Additive def initialize(coffee) @coffee = coffee end def cost raise NotImplementedError end end class Salt < Additive def cost @coffee.cost + 0.1 end end Improve Cookie-based Session with Decorator Pattern 27

  28. Rack Improve Cookie-based Session with Decorator Pattern 28

  29. Is Rack::Session::Cookie secure? Improve Cookie-based Session with Decorator Pattern 29

  30. Simple HTTP Server require 'rack' app = lambda do |env| session = env['rack.session'] session[:name] = 'tonytonyjan' session[:age] = 28 [200, {}, ['it works']] end app = Rack::Builder.app(app) do use Rack::Session::Cookie, secret: 'secret' end Rack::Handler::WEBrick.run app, Port: ARGV[0] Improve Cookie-based Session with Decorator Pattern 30

  31. Experiment Improve Cookie-based Session with Decorator Pattern 31

  32. Decode Marshal.load( Base64.decode64( URI.decode_www_form_component(cookie) .split('--') .first ) ) Improve Cookie-based Session with Decorator Pattern 32

  33. Structure of Rack Cookie Session +------------- uri encode --------------+ | +------ base64 ------+ +- hex -+ | | | +- Marshal.dump -+ | | | | | | | object | | "--" | mac | | | | +----------------+ | | | | | +--------------------+ +-------+ | +---------------------------------------+ Improve Cookie-based Session with Decorator Pattern 33

  34. Decode and Verify def decode_cookie(cookie, secret) cookie = URI.decode_www_form_component(cookie) data, hmac = cookie.split('--') computed_hmac = OpenSSL::HMAC.hexdigest( OpenSSL::Digest::SHA1.new, secret, data ) raise 'invalid hmac' unless computed_hmac == hmac Marshal.load(Base64.decode64(data)) end Improve Cookie-based Session with Decorator Pattern 34

  35. Is Rack::Session::Cookie secure? Improve Cookie-based Session with Decorator Pattern 35

  36. Not Exactly Improve Cookie-based Session with Decorator Pattern 36

  37. Rack::Session::Cookie • Sign with HMAC-SHA1. • No encryption. Improve Cookie-based Session with Decorator Pattern 37

  38. Rack::Session::Cookie • Sign with HMAC-SHA1. • No encryption. Improve Cookie-based Session with Decorator Pattern 38

  39. Rack::Session::Cookie • Sign with HMAC-SHA1. • No encryption. Improve Cookie-based Session with Decorator Pattern 39

  40. Sinatra Improve Cookie-based Session with Decorator Pattern 40

  41. Sinatra Official Document Improve Cookie-based Session with Decorator Pattern 41

  42. require 'sinatra' set :sessions, true set :session_secret, 'set secret' get '/' do session = env['rack.session'] session[:name] = 'tonytonyjan' session[:age] = 28 'Hello world!' end Improve Cookie-based Session with Decorator Pattern 42

  43. Experiment Improve Cookie-based Session with Decorator Pattern 43

  44. Improve Cookie-based Session with Decorator Pattern 44

  45. Improve Cookie-based Session with Decorator Pattern 45

  46. Rails Improve Cookie-based Session with Decorator Pattern 46

  47. Convention over Configuration Improve Cookie-based Session with Decorator Pattern 47

  48. Structure of Rails Cookie +-------------------- uri encode -------------------+ | +------------ base64 ------------+ +- hex -+ | | | +- base64 -+ +- base64 -+ | | | | | | | JSON | "--" | iv | | "--" | mac | | | | +----------+ +----------+ | | | | | +--------------------------------+ +-------+ | +---------------------------------------------------+ Improve Cookie-based Session with Decorator Pattern 48

  49. Decode with ActiveSupport require 'uri' require 'json' require 'active_support' def verify_and_decrypt_session_cookie(cookie, secret_key_base) cookie = URI.decode_www_form_component(cookie) salt = 'encrypted cookie' signed_salt = 'signed encrypted cookie' key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000) secret = key_generator.generate_key(salt)[0, ActiveSupport::MessageEncryptor.key_len] sign_secret = key_generator.generate_key(signed_salt) encryptor = ActiveSupport::MessageEncryptor.new(secret, sign_secret, serializer: JSON) encryptor.decrypt_and_verify(cookie) end Pure Ruby Version: https://goo.gl/vuQPkr Improve Cookie-based Session with Decorator Pattern 49

  50. Encryption in Rack::Session::Cookie Improve Cookie-based Session with Decorator Pattern 50

  51. require 'rack' require 'action_dispatch' secret_key_base = '...secret_key_base...' key_generator = ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000) app = lambda do |env| env['action_dispatch.secret_key_base'] = secret_key_base env['action_dispatch.cookies_serializer'] = :json env['action_dispatch.signed_cookie_salt'] = 'signed cookie' env['action_dispatch.encrypted_cookie_salt'] = 'encrypted cookie' env['action_dispatch.encrypted_signed_cookie_salt'] = 'signed encrypted cookie' env['action_dispatch.key_generator'] = key_generator session = env['rack.session'] session[:name] = 'tonytonyjan' session[:age] = 28 [200, {}, ['it works']] end app = Rack::Builder.app(app) do use ActionDispatch::Cookies use ActionDispatch::Session::CookieStore, key: '_myapp_session' end Improve Cookie-based Session with Decorator Pattern 51

  52. Cons • ActionDispatch is fat. • Stack too deep. Improve Cookie-based Session with Decorator Pattern 52

  53. Cons • ActionDispatch is fat. • Stack too deep. Improve Cookie-based Session with Decorator Pattern 53

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Decorator Pattern Or: a lesson in the Open/Closed principle How many times have we heard this

The Decorator Pattern Or: a lesson in the Open/Closed principle How many times have we heard this

The Decorator Pattern Or: a lesson in the Open/Closed principle How many times have we heard this phrase: Favor composition over inheritance ~some OOP guy who is smarter than I am The decorator pattern is another example of how composition

556 views • 17 slides
Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f;

Cookie Protocol Server sets cookies in response header: Set-Cookie: session=0x4137f; Expires=Wed, 09 Jun 2012 10:18:14 GMT Name Value Expiration Time Browser returns cookies in headers of later requests: Cookie: session=0x4137fd6a CS

701 views • 4 slides
The Decorator Pattern also known as: Wrapper in German: Dekorierer The Problem A bar serves

The Decorator Pattern also known as: Wrapper in German: Dekorierer The Problem A bar serves

The Decorator Pattern also known as: Wrapper in German: Dekorierer The Problem A bar serves several drinks: Coffee Espresso Every drink can be modified using: Whip Milk So there are a lot of

286 views • 18 slides
Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me

Bypassing CSRF Protections A Double Defeat of the Double-Submit Cookie Pattern About Me David Johansson (@securitybits) Security consultant since 2007 Helping clients design and build secure software Security training Based in

821 views • 25 slides
SWEN 262 Engineering of Software Subsystems Decorator Pattern Pizza POS System 1. The Point of

SWEN 262 Engineering of Software Subsystems Decorator Pattern Pizza POS System 1. The Point of

SWEN 262 Engineering of Software Subsystems Decorator Pattern Pizza POS System 1. The Point of Sale (POS) system for a pizzeria must allow employees to prepare a pizza order. a. The order includes pizza size, crust, &amp; toppings. b. The

401 views • 16 slides
Decorator Intent Dynamically attach additional responsibilities to an object

Decorator Intent Dynamically attach additional responsibilities to an object

Decorator Pattern CS356 Object-Oriented Design and Programming http://cs356.yusun.io November 7, 2014 Yu Sun, Ph.D. http://yusun.io yusun@csupomona.edu Decorator Intent Dynamically attach additional responsibilities to an object

734 views • 32 slides
Third to Fifth Grade Interpreting Student Work Task: Cookie Dough Chocolate Chip Cookie Dough

Third to Fifth Grade Interpreting Student Work Task: Cookie Dough Chocolate Chip Cookie Dough

Third to Fifth Grade Interpreting Student Work Task: Cookie Dough Chocolate Chip Cookie Dough Grade Level: 3 $5 a tub Subject: Math Peanut Butter Source: NYC Clear Creek School is fundraising. They Cookie Dough Department of $4 a tub

104 views • 6 slides
41. Composition Filters - A Filter-Based Grey-Box Component Model Lecturer : Dr. Sebastian Gtz

41. Composition Filters - A Filter-Based Grey-Box Component Model Lecturer : Dr. Sebastian Gtz

Fakultt Informatik - Institut Software- und Multimediatechnik 41. Composition Filters - A Filter-Based Grey-Box Component Model Lecturer : Dr. Sebastian Gtz 1. Inheritance Anomaly Prof. Dr. Uwe Amann 2. Design Pattern Decorator

782 views • 33 slides
COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS What does it take to create a new ?

COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS What does it take to create a new ?

COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS What does it take to create a new ? Girl Scout Cookie? COOKIE LEADERSHIP INSTITUTE LITTLE BROWNIE BAKERS Theres a science that goes into every cookie food and nutrition

160 views • 12 slides
Session 4C Escape Routing of Mixed-Pattern Signals Based on Staggered-Pin-Array PCBs Kan Wang,

Session 4C Escape Routing of Mixed-Pattern Signals Based on Staggered-Pin-Array PCBs Kan Wang,

Session 4C Escape Routing of Mixed-Pattern Signals Based on Staggered-Pin-Array PCBs Kan Wang, Huaxi Wang, Sheqin Dong Tsinghua University, Beijing, P.R.China E-mail: wangkan09@mails.thu.edu.cn Moores Law Outline Introduction

573 views • 46 slides
and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max

The Case for a General and Interaction-based Third-party Cookie Policy Istemi Ekin Akkus 1 , Nicholas Weaver 2 1 Max Planck Institute for Software Systems (MPI-SWS) 2 ICSI &amp; UC Berkeley Sample Web Page Content Optimized with Ad web

855 views • 28 slides
Programs Can Improve Your Patient Outcomes MAC, Inc. Living Well Center of Excellence Session

Programs Can Improve Your Patient Outcomes MAC, Inc. Living Well Center of Excellence Session

Appendix E How Evidence-Based Self-Management Programs Can Improve Your Patient Outcomes MAC, Inc. Living Well Center of Excellence Session Discussion Topics Why refer clients/patients, especially older adults, to evidence-based

717 views • 30 slides
Third to Fifth Grade Planning Instruction to Support Students Chocolate Chip Task: Cookie Dough

Third to Fifth Grade Planning Instruction to Support Students Chocolate Chip Task: Cookie Dough

Third to Fifth Grade Planning Instruction to Support Students Chocolate Chip Task: Cookie Dough Cookie Dough Grade Level: 3 $5 a tub Subject: Math Peanut Butter Source: NYC Clear Creek School is fundraising. They Cookie Dough Department

527 views • 8 slides
C -&gt; S: GET http://www.example.com/ S -&gt; C: page, including a login form C -&gt; S: GET

C -&gt; S: GET http://www.example.com/ S -&gt; C: page, including a login form C -&gt; S: GET

C -&gt; S: GET http://www.example.com/ S -&gt; C: page, including a login form C -&gt; S: GET http://www.example.com/login? u=USER&amp;p=PASSWD [server marks this session as authenticated] S -&gt; C: Set-Cookie: sessionid= NONCE (Cookie is an

686 views • 19 slides
Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I:

Cookie Calculator Repetition Hans-Joachim Bckenhauer and Dennis Komm Digital Medicine I: Introduction to Programming Local variables, scopes, and complexity Autumn 2019 October 31, 2019 Example Cookie Calculator Cookie Calculator

685 views • 13 slides
A Pattern Pattern Taxonomy Creational Behavioral Structural Pattern Pattern Pattern

A Pattern Pattern Taxonomy Creational Behavioral Structural Pattern Pattern Pattern

Podcast Ch08-15 Title : Template Design Pattern Description : Generic class diagram; examples; template vs. inheritance Participants : Barry Kurtz (instructor); Brandon Winters, Sara Hyde, Cheng Vue, Dan Baehr (students) Textbook

315 views • 3 slides
1 Recall MIPS word size In hex 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12

1 Recall MIPS word size In hex 31 30 29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14 13 12

Stored program computer MIPS Memory Forms of Address (2 32 -1) . . . MIPS private regs PC (A+24) MIPS machine code and addressing IR (A+20) modes MIPS user regs (A+16) 0 0 0 0 $zero (A+12) $v0

354 views • 7 slides
Before we start... Start downloading Moses: wget

Before we start... Start downloading Moses: wget

Before we start... Start downloading Moses: wget http://ufal.mff.cuni.cz/~tamchyna/mosesgiza.64bit.tar.gz Start downloading our playground for SMT: wget http://ufal.mff.cuni.cz/eman/download/playground.tar Slides can be

1.18k views • 72 slides
Held Hostage? The Influence of Major ASes and CDNs on the Internet Original Idea The

Held Hostage? The Influence of Major ASes and CDNs on the Internet Original Idea The

Held Hostage? The Influence of Major ASes and CDNs on the Internet Original Idea The Internet is strongly hierarchical Original maps ( Rexford 2001 ) show the Inner Core lies in fs ee - speech countries US, France, Sweden But the

557 views • 16 slides
React native Installation and overview Installation On Mac (see tutorialsPoint tutorial)

React native Installation and overview Installation On Mac (see tutorialsPoint tutorial)

React native Installation and overview Installation On Mac (see tutorialsPoint tutorial) Download Xcode from app store Install command line tools (look in preferences) Open the terminal window Install homebrew: see link on

1.15k views • 7 slides
Quadratic Residues Definition : The numbers 0 2 , 1 2 , 2 2 , . . . , ( n 1) 2 mod n , are

Quadratic Residues Definition : The numbers 0 2 , 1 2 , 2 2 , . . . , ( n 1) 2 mod n , are

Quadratic Residues Definition : The numbers 0 2 , 1 2 , 2 2 , . . . , ( n 1) 2 mod n , are called quadratic residues modulo n . Numbers which are not quadratic residues modulo n are called quadratic non-residues modulo n . Example : Modulo 11:

358 views • 6 slides
Unrolling residues to avoid progressions Steve Butler 1 Ron Graham Linyuan Lu 1 Department of

Unrolling residues to avoid progressions Steve Butler 1 Ron Graham Linyuan Lu 1 Department of

Unrolling residues to avoid progressions Steve Butler 1 Ron Graham Linyuan Lu 1 Department of Mathematics Iowa State University CanaDAM June 2013 Coloring 1, . . . , 28 Take the numbers 1 through 28 and place them in two groups (i.e., color

502 views • 16 slides
Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e

Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e

Efficient Finite Field and Elliptic Curve Arithmetic Laurent Imbert CNRS, LIRMM, Universit e Montpellier 2 Summer School ECC 2011 Nancy, September 12-16, 2011 Part 1 Modular and finite field arithmetic 1/40 2/40 Finite fields The

883 views • 49 slides
B11.1 Divisibility Can we equally share n muffins among m persons without cutting a muffin?

B11.1 Divisibility Can we equally share n muffins among m persons without cutting a muffin?

Discrete Mathematics in Computer Science October 28, 2020 B11. Divisibility &amp; Modular Arithmetic Discrete Mathematics in Computer Science B11. Divisibility &amp; Modular Arithmetic B11.1 Divisibility Malte Helmert, Gabriele R oger

307 views • 6 slides

More recommend