Chapter 1, Problem 1FTB

Node.js, Express.js, MongoDB, and Mongoose: Create, Read, Update, and Delete Operations There is a program similar to this assignment given as the last example, CRUD, in the lecture notes for the week that discusses the introduction to MongoDB. Basically, you need to adapt this example program to the data given in this assignment. This program will take more time that previous assignments. So, hopefully you'll start early and you've kept to the schedule in terms of reading the lecture notes. You can use compass if you want to create this database. Or, when your connection string in the model runs it will create the database for you if one does not yet exist. So, ⚫ create a Mongoose model based on the info given below. The index.html page is given in the same folder as these notes. • When you successfully run index.js and instantiate the model, your database is created. • Once the database is created, you need to perfect the addCar route so you can add data using the index.html page. •…

1. Enabled with SSL, HTTPS protocol is widely used to provide secure Web services to Web users using Web browsers on the Internet. How is a secure communication channel established at the start of communication between a Web server running HTTPS and a Web browser? Consider the following threats to Web security and how each of these threats is countered by a particular feature of SSL. Man-in-the-middle attack: An attacker interposes during key exchange, acting as the client to the server and as the server to the client. Password sniffing: Passwords in HTTP or other application traffic are “eavesdropped.” SYN flooding: An attacker sends TCP SYN messages to request a connection but does not respond to the final message to establish the connection fully. The attacked TCP module typically leaves the “half-open” connection around for a few minutes. Repeated SYN messages can clog the TCP module.

SQL Injection on UPDATE Statement for educational purpose only  Based on the information below how do i update this code in order to update the emplyees field, eg admin nickname, email,address, phone number etc? ' ; UPDATE users SET NickName='Hacked' WHERE role='admin' --  If a SQL injection vulnerability happens to an UPDATE statement, the damage will be more severe, because attackers can use the vulnerability to modify databases. In our Employee Management application, there is an Edit Profile page (Figure 2) that allows employees to update their profile information, including nickname, email, address, phone number, and password. To go to this page, employees need to log in first. When employees update their information through the Edit Profile page, the following SQL UPDATE query will be executed. The PHP code implemented in unsafe edit backend.php file is used to update employee’s profile information. The PHP file is located in the /var/www/SQLInjection directory.