xây dựng module firewall tích hợp cho web

8/12/2019 xy dng module firewall tch hp cho web

1/96


2/96

n tt nghip Xy dng m-un firewall tch hp ch

we!

2., Ni$69all O$i#t..........................................................................................2

2.,.1 Khi nim......................................................................................2

2.,.2 &hF nPng a Ni$69all O$i#t......................................................2Ch/ng 3.............................................................................................................3

M? ,"N @= m7Iun nUo dng

ho Bi Qi%m t$a d liu I0u BUo t$D Qhi ti thUnh #h0n mj $ng. ko I>Y

Qhi mt ngDEi !" dng Ui nhng #h0n mj $ng Qhng Im (o an toUn th5 $St d

( Q Su li dng BU tSn ng.............................................................................31

8i t$ang ( nhng !n #h_m hu]'n dng ha] !n #h_m Ip ID

thD^ng mi h>a th5 qu It. =hng !n #h_m tDEng l"a ho Joomla- > th%

hng li ID Qi%u tSn ng nU] nhng Qhng hng ID Qi%u tSn ng

Qh nhD hng ID OWL inX6tionY ZOO nhDng Qhng hng ID koO hoc

u#!h6ll. [i Bi nhng !n #h_mY nhng thi*t ( hu]'n dng Su h5nh $St #hF

t# Ii Bi doanh nghi# Bra BU nhs. ...........................................................31

ko I> 6m hbn gii #h# \] dTng mt Ni$69all O$i#t th h# BUo Joomla-1., I% (o B tSn ng ng nhD lUm !h d liu t$D Qhi thUnh

#h0n Qh a Joomla- " l d liu...................................................................31

Zfi$69all lU tDEng l"a Fng dng 96(Y hot Ing j t0ng ng dng a m

h5nh vOw. => > th% hng ID nhiCu Qi%u tSn ng ti t0ng ng dng nhD

2


3/96


4/96


5/96


we!

DANH MC HNH NH

MC LC.............................................................................................................1

c) Dng phin bn 1.6.x 13 1 5............................................................................1

c) Dng phin bn 1.6.x 17 5...............................................................................1

c) Dng phin bn 1.6.x 17..................................................................................1

DANH MC HNH NH....................................................................................5

DANH MC K H!" #$ CH% #&' '('.................................................11

L* M+ ,-".....................................................................................................1

Ch/ng 1.............................................................................................................1

'0N 2"AN # H! 'H4N 2"N L N D"N...............................1

1.1 Khi nim H thng qun l ni dung.....................................................14

1.2 Gii thiu Joomla....................................................................................1,

1.2.1 Lh !" #ht t$i%n...........................................................................1,

1.2.2 & #hi'n (n................................................................................1

c) Dng phin bn 1.6.x.....................................................................................1I

1.2.3 Ki*n t$+ Joomla 1.,-....................................................................1

1.2.3.1 /a t0ng h thng a Joomla- 1.,...............................................1z

H5nh 1.1 Ki*n t$+ Joomla- 1.,........................................................1z

1.2.2.2 h5nh od6l78i697&ont$oll6$ :8&;...................................21

H5nh 1.2 h5nh 8&...................................................................211.2.4 =h>m =?ng t.............................................................................22

Ch/ng ...........................................................................................................

8 'H!" CH"N # '9*N L:A ;N DN .....................

2.1 @Ang quan BC tDEng l"a Fng dng 96(..................................................24

,


6/96


we!

2.2 u Ii%m a tDEng l"a Fng dng 96(....................................................2,

2.3 Hn h* a tDEng l"a Fng dng 96(.....................................................2)

2.4 =hng $i $o a MN............................................................................2)H5nh 2.1 /ng Inh gi Qi%u tSn ng 6(!it6.........................2

H5nh 2.2 H@@x xa$am6t6$ xollution Hxx ......................................2

H5nh 2.3 &$o!!7!it6 O$i#t H@@x....................................................2

H5nh 2.4 xath @$aB6$!alY Loal}~6mot6 Nil6 wnlu!ion...................2z

2., Ni$69all O$i#t..........................................................................................2z

2.,.1 Khi nim......................................................................................2z

2.,.2 &hF nPng a Ni$69all O$i#t......................................................2z

Ch/ng 3.............................................................................................................31

M? ,"N @= m7Iun nUo dng

ho Bi Qi%m t$a d liu I0u BUo t$D Qhi ti thUnh #h0n mj $ng. ko I>Y Qhi mt ngDEi !" dng Ui nhng #h0n mj $ng Qhng Im (o an toUn th5 $St d

( Q Su li dng BU tSn ng.............................................................................32

8i t$ang ( nhng !n #h_m hu]'n dng ha] !n #h_m Ip ID

thD^ng mi h>a th5 qu It. =hng !n #h_m tDEng l"a ho Joomla- > th%

hng li ID Qi%u tSn ng nU] nhng Qhng hng ID Qi%u tSn ng

)


7/96


we!

Qh nhD hng ID OWL inX6tionY ZOO nhDng Qhng hng ID koO hoc

u#!h6ll. [i Bi nhng !n #h_mY nhng thi*t ( hu]'n dng Su h5nh $St #hF

t# Ii Bi doanh nghi# Bra BU nhs. ...........................................................32

ko I> 6m hbn gii #h# \] dTng mt Ni$69all O$i#t th h# BUo Joomla-

1., I% (o B tSn ng ng nhD lUm !h d liu t$D Qhi thUnh

#h0n Qh a Joomla- " l d liu...................................................................32

Zfi$69all lU tDEng l"a Fng dng 96(Y hot Ing j t0ng ng dng a m

h5nh vOw. => > th% hng ID nhiCu Qi%u tSn ng ti t0ng ng dng nhD

H@@x NloodY OWL inX6tionY ZOOY u# !h6ll. =goUi $aY Zfi$69all > nhiCu hF

nPng (o B an toUn ho ngDEi qun t$ nhD tha] IAi linQ adminY Ict #a!!9o$d

!" dng .ht#a!!9dY ha] !" dng ma!t6$ #a!!9o$d I% qun l Zfi$69all..............32

Hin na] > nhiCu om#on6nt ng nhD #lugin ID Bi*t $a Bi m Ih

ngPn hcn tSn ng tr ('n ngoUi BUo h thng. Oong nhDng thUnh #h0n mj

$ng :6t6n!ion; t$'n ?n > nhiCu hn h*. ko I> Zfi$69all ID Bi*t $a Bi

mong mun > th% hn h* ti Ia thit hi ho m] h ng nhD ho hnh

t$ang 96( Iang ID t$i%n Qhai............................................................................33

3.1 Z\] dTng m7Iun Zfi$69all....................................................................333.1.1 Luyng d liu BUo $a t$ong Joomla-..............................................33

H5nh 3.1 t luyng d liu BUo}$a t$ong Joomla-.........................33

3.1.2 &h thF \] dTng mt om#on6nt t$ong Joomla-......................34

3.1.3 & thUnh #h0n t$ong m7Iun Zfi$69all......................................3)

H5nh 3.4 & od6l t$ong Zfi$69all...............................................4 !n ho Bi hnh !"a

ni ( hoc t$'n nCn wnt6$n6t. t &O thDEng ID !" dng I% lDu t$ tUi liu

$St tt. ~St nhiCu ng t] !" dng &O I% tA hF BU lDu t$ nhng t`# tin dDidng ng ng. =hiCu ng t] !" dng &O > th% hia ! ni dung Bi ngDEi

Qh mt h d dUngY nhD h0u h*t h thng (\] giE.

H thng qun l ni dung t$ang 96( h ]*u ID !" dng I% Qi%m !ot BU uSt

(n BPn (n dTa t$'n tUi liu nhD (Ui Bi*tY tUi liu dng BPn (n BU thng

tin. t &O (5nh thDEng > th% ung S# tnh nPng !au I\]

=h`# BU to $a tUi liuY Bid6o BU h5nh nh

Z Inh ngDEi !" dng hnh BU Bai t$? a m5nh t$ong h thng qun

l ni dung

t Qh nPng I% h Inh mt ! Bai t$? BU qu]Cn li ng Bi h

thng qun l tUi liu Bi Qi%u ni dung Qh nhau hu]'n m.

Z Inh ho Bi qun l BU !^ Iy ong Bi a h thngYIDa $a Inh

nghaY nhim BY BU th`m h > th% gn liCn Bi thng Ii# I% nhU

qun l ni dung ! ID thng (o BC tha] IAi ni dung mt h

th%.

t Qh nPng I% ghi h#Y th6o di BU qun l $St nhiCu #hi'n (n

a ng mt ni dung ha] t`# tin 7 mt h thng qun l tUi liu Bi

nhiCu #hi'n (n

14


15/96


16/96


17/96


we!

1.. Cc phin bn

& d?ng #hi'n (n a Joomla-

Joomla- 1.


18/96


we!

b) Dng phin bn 1.5.x

xhi'n (n Joomla- 1., lU #hi'n (n i ti*n tr Joomla- 1. !" dng ng ngh 6(

2.a #h0n mj $ng ID \] dTng dTa t$'n m h5nh 8&.

1..3 Kimn YVwc FQQPSX 1.5vJoomla- 1., ID #ht t$i%n BU Q*t thra tr #hi'n (n tiCn nhim t$D I> lU 1. ID \] dTng Bi (a t0ng h thng BU thi*t Q* th6o m h5nh 8&. 8i thi*t

Q* nhD B`] ! d dUng ho Bi qun l od6Y d dUng ho Bi #ht t$i%n

thUnh #h0n BU to $a mt hu_n ho ng Iyng #ht t$i%n Fng dng mj $ng.

1


19/96


we!

1..3.1 >X Yng he Yhqng cyX FQQPSXv 1.5

H5nh 1.1 Ki*n t$+ Joomla- 1.,

@0ng thF nhSt lU |t6n!ion! @i6$.[\] lU t0ng t$'n ng a Joomla- f$am69o$QY

t0ng nU] > thUnh #h0n :om#on6nt;Y m Iun :modul6; BU giao din

:t6m#lat6; ID thT thi BU th% hin ha] ?n gbi lU Bi69. /a thUnh #h0n nU] to

n'n Ii%m mnh ho Joomla- I> hnh lU m h5nh 8&. & thUnh #h0n nU] >

hF nPng BU nhim B !au

&om#on6nt! LU mt t$ong thUnh #h0n mj $ng a Joomla-Y thT

hSt n> lU mt Fng dng I l`# t$ong h thng Joomla-. &om#on6nt

ID !" dng I% thT hin mt hF nPng ln nUo I>Y hng hn nhD

Wun l ni dung tin tFY qung oY $ao BctY li'n Q*t 96(Y li'n h...

odul6! LU mt t$ong thUnh #h0n mj $ng a Joomla-Y n> lU mt

Fng dng nhs :thDEng h > BUi fil6 BU #h0n l`# t$5nh ng Qhng

nhiCu; ID !" dng h ]*u I% lS] d liu BU hi%n th thng tin.odul6 thDEng ID dng Q*t h# Qm Bi om#on6nt nhm mj

$ngY ng nhD th% hin $ $Ung h^n hF nPng a om#on6nt.

Khng ging nhD om#on6ntY mt modul6 > th% ID Ict j (St Q B

t$ nUo t$'n t6m#lat6 hoc B t$ do ngDEi dng tT Inh ngha. =goUi $a

mt modul6 > th% ID nh\n (nY ngha lU ng l+ > th% uSt hin

1z


20/96


we!

ti mt B t$ hoc B t$ Qh nhau ha] > th% ti !" dng ho mt

t$ang 96( Qh. & modul6 ID qun l j giao din ngDEi qun t$.

Vi mt modul6 > th% > hoc Qhng > thng ! Su h5nh. 8U

ngDEi qun t$ > th% ho #h# modul6 _n hoc hin j B t$ nUo I>t] th6o thi*t Q*Y hF nPng a t$ang 96(.

@6m#lat6! LU mt g>i (ao gym fil6 xHxY H@LY &OOY JO

:JaBa!$i#t;... BU tSm h5nhY nhY (i%u tDngY Bid6oY fla!h Qm th6o

to n'n giao din :( BU h5nh hUi; a 96(!it6. Joomla- !" dng

giao din Qh nhau ho f$ont76nd :!it6; BU (aQ76nd

:admini!t$ato$;.

@0ng thF hai lU M##liation @i6$. [\] lU t0ng gia a Joomla- f$am69o$Q.

@0ng nU] (ao gym thUnh #h0n mj $ng a l# JM##liation. Hin ti > 4

Fng dng t$ong (n #h\n #hi a Joomla-

Jwn!tallation hu t$h nhim Ui Ict Fng dng a Xoomla BUo 96(

!6$B6$ BU >a (s h+ng !au Qhi qu t$5nh Ui Ict hoUn tSt.

JMdmini!t$ato$ hu t$h nhim ho #h0n qun t$ (aQ76nd.

JOit6 hu t$h nhim ho #h0n f$ont76nd a 96(!it6.

ZL7~x& hV t$ qun t$ tr a a 96(!it6 Xoomla.

@0ng thF (a N$am69o$Q @i6$ [\] ng lU t0ng ui ng a f$am69o$Q. @0ng

nU] hFa

N$am69o$Q [\] hnh lU li :o$6; a Joomla-Y thT hin BU " l

luyng d liu.

Li($a$i6! &hFa l# #h B ho hF nPng thT thi a o$6

ng nhD hF nPng mj $ng mU nhU #ht t$i%n \] dTng.

xlugin Ha] ?n gbi lU mam(ot:t$ong #hi'n (n 1. lU nhng ti*n

t$5nh nhsY thT hin mt ha] nhiCu nhim B mt h tT Ing t$D

Qhi !T Qin I> ] $a.

2


21/96


we!

1... Mj hznh MQTSk#iTWkCQnYVQSSTV {M#C)

/t I0u tr #hi'n (n Joomla- 1.,. hoc #hi'n (n !au nU]Y Joomla- Ip IDa

BUo mt f$am69o$Q miY mang li nhng thu`n ti'n $St ln ho nhng ngDEi

#ht t$i%n. & Ion od6 giE I\] $St d dUng I% Qi%m t$a BU Qh $ $Ung.

N$am69o$Q nU] IDa $a mt mu thi*t Q* miY thi*t Q* 8& :od6l78i697

&ont$oll6$; t$ong Joomla.

H5nh 1.2 h5nh 8&

h5nh 8& lU mt mu thi*t Q* #h0n mCm ID dng I% tA hF Ion mp

th6o h mU Bi " l d liu BU (i%u din d liu th $Ei nhau. [iCu nU] to

$a tiCn IC ho hDng ti*# `n !au nU] Qhi mU Bi " l d liu ID nh>m BUo

t$ong mt !6tionY Qhi I> giao din ha] qu t$5nh tD^ng t Bi ngDEi dng (ao

quanh d liu > th% ID Inh dng BU t] (i*n li mU Qhng #hi l`# t$5nh li

Bi " l d liu na.

21
http://lh5.ggpht.com/_3-soJCn37p8/SuPzz90W2OI/AAAAAAAAADk/aCx0jOywKG8/s1600-h/mvc_arch%5B7%5D.png


22/96


we!

h5nh nU] Ip to $a mt hu_n hung ho ng Iyng #ht t$i%n Joomla-. Wua

I>Y ng Ing #ht t$i%n > th% d dUng IbY #ht t$i%n ng nhD Q* thra nhng

!n #h_m a ngDEi Qh.

=him B BU hF nPng a thUnh #h0n t$ong m h5nh 8&

8i69 &ng nhD t'n gbiY n> th% hin $a ngoUi ho ngDEi !" dng giao

din a hD^ng t$5nhY t$ong l# nU] ngDEi ta tu (i*n I% > th% $a

ID nhiCu Qi%u giao din Qh nhau. &ng ging l# od6lY Qhi mun

tha] IAi giao dinY ngDEi ta h tha] IAi l# 8i69 mU thi.

od6l LU l# qun l tSt Bi t$u] uSt d liu BUo &OkLY (ao gym

Bi th'mY oY !"a &hnh B5 th* Qhi tha] IAi mt HW@ &OkLQhY ngDEi ta h 0n tha] IAi l# od6l nU]. [\] hnh lU li Ii%m

a m h5nh 8& tnh mCm do.

&ont$oll6$ L# nU] ID B nhD hi* D^ng !ng a toUn ( hD^ng

t$5nhY Bi " l luyng d liu ]'u 0u :$6qu6!t; Y gbi BU thT hin

l# od6lY 8i69 L# nU] $St t Qhi hnh !"a n*u Qo > nhu 0u

an thi# BUo h thng.

1.. Nh|P Nng cqY

kT n Joomla- hin ID ho li (ji 1z thUnh Bi'n :(an I0u lU 2m

=?ng t :&o$6 @6am; I*n tr 11 qu gia t$'n th* gii (ao gym ~i Mllin!onY

/$ad /aQ6$Y Oha]n6 /a$tl6ttY L6Bi! /i!!onY ih6ll6 /i!!onY @im /$o6Q6$Y

kaBid GalY ~6] Gigata$a!Y ilo Jan!6nY Johan Jan!!6n!Y Ml6 K6m#Q6n!Y

at6u! K$6!o9i6Y Loui! Land$]Y Mnd] ill6$Y Oam offattY x6t6$ ~u!!6llY

|mi$ OaQiY a$Qo OhmuQY Mntoni6 d6 ild6...

kanh !h 1z thUnh Bi'n a =h>m =?ng t

htt#}}999.Xoomla.o$g}ont6nt}(logat6go$]}43},}

=hng gii thDjng mU Joomla Ip It ID

22


23/96


we!

@hng 1< nPm 2


24/96


we!

Ch/ng

8 'H!" CH"N # '9*N L:A ;N DN

.1 'ng RXn \_ Yfng SX ng ng WTb

@DEng l"a Fng dng 96( : 6( M##liation Ni$69all MN; lU gii #h# (o

m`t toUn din BU mnh m dUnh ho Fng dng 96(. MN IDa $a mt

#hD^ng thF #h?ng B hng li hot Ing nhD Qhai th lV hAng BC giao

thFY lV hAng BC l`# t$5nh ... /'n nh I>Y MN ?n nh (o ho ngDEi qun t$

(i*t BC nhng lVi Fng dng mU haQ6$ > th% Qhai thY Inh # thng tinY

g\] lVi tr hi dh B hoc lUm tha] IAi giao din t$ang 96(.

MN nm gia Fng dng 96( BU ngDEi dng. => hot Ing ng ging nhD

tDEng l"a t$u]Cn thng lU dTa BUo hnh !h ID th h# BUo #h0n

mCm hoc thi*t ( #h0n Fng. MN > th% h] t$ong 1 thi*t ( hoc th

h# nga] t$'n m] h :!6$B6$;.

@DEng l"a Fng dng 96( Qi%m !ot d liu BUo}$aY ng nhD t$u] `# ti

m] h ha] d liu tr m] h uSt $a ngoUi. @u] nhi'nY tDEng l"a

t$u]Cn thng ha] th`m h h thng hng \m nh`# :wxO;Y thi*t ( #h\n

th g>i tin wx ng Qhng th% (o B h*t nhng ngu] ^ tSn ng ho Fng

dng ti t0ng ng dng a m h5nh vOw. =*u Qhng > !T hu_n ( (o B

d liu th5 tDEng l"a hot Ing j t0ng 3 Qhng th% #ht hin BU Qh #h

mi I6 dba a t0ng Fng dng.

MN hot Ing h ]*u j t0ng Fng dng :M##liation la]6$; a m h5nh vOw.

=goUi $a n> ng > th% hot Ing j t$'n mt ! t0ng Qh nhD t0ng #hi'n

:O6!!ion la]6$;Y t0ng t$5nh din :x$6!iontation la]6$;. @i t0ng Fng dngY MN

#h\n th d liu dTa BUo giao thF H@@x. Oau I> dTa BUo lu`t Ip Ict $a

mU n> ho #h# t$u] `# ha] Qhng. t tDEng l"a Fng dng ID oi nhD lU

mt thi*t ( (o B m] h :!6$B6$; Qhsi ( tSn ng.

t ! MN nhD

24


25/96


we!

M$mo$logi 7 x$of6n!6 96( a##liation fi$69all

M$$a] =6t9o$Q! 7 6(all ulti7La]6$6d M##liation O6u$it]

/a$$auda 6( M##liation Ni$69all

&i!o 7 M##liation &ont$ol |ngin6 :M&|; 6( M##liation Ni$69all

&it$i =6tOal6$ 7 M##liation Ni$69all

N, =6t9o$Q! 7 M##liation O6u$it] anag6$ MO

No$tin6t 7 No$ti96( 96( a##liation fi$69all

odO6u$it] 7 v#6n!ou$6 96( a##liation fi$69all ~ad9a$6 7 M##all 6( M##liation Ni$69all

OoniMLL 7 OoniMLL 6( M##liation Ni$69all O6$Bi6

Li!t of Mdditional 6( M##liation Ni$69all! 7 o!ai O6u$it]

~6!6a$h

~Ofi$69all 7 ~!Xoomla.om

Jfi$69all 7 Xfi$69all.om

. 9R liuP cyX Yfng SX ng ng WTb

@nh linh hot aoY Qh nPng t] (i*n dTa th6o mi t$DEng BU h thF ( tSn

ng mU > th% tha] IAi lu`t lUm tPng tnh mCm do a tDjng l"a loi nU].

& lu`t nU] ID IiCu Qhi%n thng qua giao din ngDEi dng G{w :G$a#hial

{!6$ wnt6$fa6;.

Hot Ing t$'n nhiCu mi t$DEng Qh nhau. => > th% hot Ing t$'n h IiCu

hUnh 9indo9 ha] linuY > th% h] t$'n nCn M#ah6 hoc lU wwO.

Gi thUnh $Y I\] lU mt Du th* a MN. &hi #h I% \] dTng tDEng l"a loi

nU] thS# h^n $St nhiCu !o Bi Bi mua mt tDEng l"a hot Ing j mF Qh

t$'n m h5nh vOw th`m h ?n min #h :od!6u$it];.

2,


26/96


we!

@DEng l"a loi nU] > Qh nPng #h\n th ni dung g>i tin mU haQ6$ g"i I*n do

I> hn h* ngu] ^ ( tSn ng $St ao. @$nh tSn ng (ng mp I hi

g"i ti !6$B6$.

.3 H}n chm cyX Yfng SX ng ng WTb

c d tnh linh hot aoY !ong tDEng l"a Fng dng 96( ?n > nhiCu hn h*.

@nh linh hot th% hin $ j mi t$DEng hot Ing. => > th% hot Ing t$'n

nhiCu h IiCu hUnh LinuY 9indo9 & t`# lu`t mCm doY d dUng tha] IAi

ng nhD th'm lu`t miY nhm tPng hiu qu #h?ng hng ngu] ^ tSn

ng.

ko h hot Ing j t0ng M##liationY x$6!iontation BU O6!!ion a m h5nhvOw ho n'n tDEng l"a j mF nU] h hng li ID mt ! Qi%u tSn

ng nhD OWL inX6tionY H@@x NloodY ZOOY Loal attaQY D# #hi'n [i Bi

Qi%u tSn ng j mF dDi :tr t0ng 4 t$j ung; th5 Qhng > Qh nPng

hng li.

[a ! tDEng l"a loi nU] lU nhng #h0n mCm ID th h# l'n !6$B6$ do I>

tnh hu]'n (it Qhng aoY #hi " l nhiCu loi d liu. 85 B`]Y hiu nPng BU

t I " l ! Qhng ao.Wu t$5nh " l ]'u 0u tr #ha ngDEi dng lU Bi lUm Qhng th% thi*uY Bi

" l nU] Ip lUm gim t I mng Ii Ing Q%.

. Nh~ng Vyi VQ cyX Q*t qu nhD !au

2)


27/96


we!

H5nh 2.1 /ng Inh gi Qi%u tSn ng 6(!it6K*t qu ho ta thS]Y Ia ! 96(!it6 ( tSn ng ICu ( nhng Q Su !" dng

BU Qhai th lVi BC OWL inX6tionY ZOO. @Djng hrng lVi nU] $St I^n

gin BU d Qh #hY nhDng t$'n thT t* ho thS] !T Ia dng BC #hD^ng

thF tSn ngY BU !T u]%n hu]%n a h Qhai th lVi Ip Qhu]*n ho nhiCu

lVi hAng ID #ht hin.

=Pm 2

OWL wnX6tion =o$maliationY H@@x xa$am6t6$ xollution HxxY /lindY

Oignatu$6 /]xa!!E" dng tham ! t$u]Cn (i*n a hUm OWL t$u] BSn

ID ]'u 0u t$ BC nhm m ti'u tD^ng t ti d liu t$u] `# t$i #h#

tr #ha ngDEi thT hin tSn ng h thng.

2


28/96


29/96


we!

xath @$aB6$!alY Loal}~6mot6 Nil6 wnlu!ionKe thu`t t$u]Cn (i*n thng qua

t$5nh du]t thT thi mt Ion mp t$i #h# tSn ng BUo h thng.

H5nh 2.4 xath @$aB6$!alY Loal}~6mot6 Nil6 wnlu!ion

8i Qi%u tSn ng nU]Y haQ6$ > th% d dUng 6m ID nhng fil6 a h thng

mU Qhng > qu]%n t$u] `#. [iCu nU] $St ngu] hi%m n*u Qhng Qi%m t$a Qe (i*n t$ong qu t$5nh " l d liu. => > th% lUm l thng tin a !6$B6$ ng

nhD thng tin a ngDEi dng t$'n !6$B6$ I>.

.5 @iVTWXSS EcVipY

.5.1 Khi nieP

Ni$69all O$i#t ung S# mt tDEng l"a > th% ID IiCu hUnh (ji ngDEi dng

t$'n hai hia ! m] h lDu t$ BU m] h a $i'ng hb. => > th% lUnhng fi$69all ID th h# !n t$'n !6$B6$ nhD w#ta(l6!Y mod!6u$it]Y

wOM Ha] n> > th% lU nhng Ion !$i#t ID th h# BUo mp nguyn I% hng

li nhng hUnh Ing t$i #h# Iang din $a.

Ni$69all O$i#t lU mt t$ong nhng loi tDEng l"a Fng dng 96(. => ng lU mt

loi MN Ii%n h5nh ho Bi (o B 96(!it6 (\] giE. [c (it lU din

IUnY 96(!it6 tin tF a ng t] $St d ( Q Su tSn ng g\] thit hi

Qhng nhs I*n tA hFY nh\n nU].

.5. Chc nng cyX @iVTWXSS EcVipY

Ni$69all O$i#t > $St nhiCu loi BU Qh nPng hng li tSn ng ha] lU Qh

nPng Qi%m !ot nhng hUnh Ing (St thDEng a mVi Ni$69all O$i#t lU Qh

nhau. [i Bi mt ! Ni$69all O$i#t > th% Qi%m !ot ID luyng d liuY hng

2z


30/96


we!

ID tSn ng t$'n nhiCu t0ng a m h5nh vOw nhD w#ta(l6!. ct QhY >

nhng Ni$69all O$i#t nhs gbn :h > 1 ha] mt ! fil6; ng > hF nPng

hng li nhiCu tSn ng OWL inX6tionY ZOOY koOY O#am ni dung

Hin na]Y t$'n din IUn thDEng !" dng loi Ni$69all O$i#t xHx. [c

Ii%m a n> lU nhsY nhY Ui Ict d dUng BU ng thT !T ts $a hiu qu I% hng

li tSn ng.

3


31/96


32/96


we!

@h6o thng Q' a t$ang 96( :999.96(a##!6$oadma#.om; nPm 2 $St lU ngu] hi%m. =gu]'n nh\n

h ]*u lU do nhU #ht t$i%n 96( hDa _n th`nY hDa thF $ t0m quant$bng a Bi (o B dT liu a 96(!it6 hoc !^ !uSt t$ong qu t$5nh #ht t$i%n

dn I*n Qhng Qi%m t$a Qe d liu I0u BUo.

Joomla- lU mt f$am69o$Q dUnh ho tA hFY nh\n dng I% gii thiu tin

tFY gii thiu BC ng t]Y lUm (log hoc lUm !" dng BUo thD^ng mi Iin t"

nhD (n hUng qua mng ... /n th\n Joomla- ng hDa > m7Iun nUo dng

ho Bi Qi%m t$a d liu I0u BUo t$D Qhi ti thUnh #h0n mj $ng. ko I>Y

Qhi mt ngDEi !" dng Ui nhng #h0n mj $ng Qhng Im (o an toUn th5 $St d

( Q Su li dng BU tSn ng.

8i t$ang ( nhng !n #h_m hu]'n dng ha] !n #h_m Ip ID thD^ng

mi h>a th5 qu It. =hng !n #h_m tDEng l"a ho Joomla- > th% hng li

ID Qi%u tSn ng nU] nhng Qhng hng ID Qi%u tSn ng Qh nhD

hng ID OWL inX6tionY ZOO nhDng Qhng hng ID koO hoc u#!h6ll.

[i Bi nhng !n #h_mY nhng thi*t ( hu]'n dng Su h5nh $St #hF t# IiBi doanh nghi# Bra BU nhs.

ko I> 6m hbn gii #h# \] dTng mt Ni$69all O$i#t th h# BUo Joomla- 1.,

I% (o B tSn ng ng nhD lUm !h d liu t$D Qhi thUnh #h0n

Qh a Joomla- " l d liu.

Zfi$69all lU tDEng l"a Fng dng 96(Y hot Ing j t0ng ng dng a m h5nh

vOw. => > th% hng ID nhiCu Qi%u tSn ng ti t0ng ng dng nhD H@@x

NloodY OWL inX6tionY ZOOY u# !h6ll. =goUi $aY Zfi$69all > nhiCu hF nPng (o

B an toUn ho ngDEi qun t$ nhD tha] IAi linQ adminY Ict #a!!9o$d !" dng

.ht#a!!9dY ha] !" dng ma!t6$ #a!!9o$d I% qun l Zfi$69all.

32


33/96


we!

Hin na] > nhiCu om#on6nt ng nhD #lugin ID Bi*t $a Bi m Ih ngPn

hcn tSn ng tr ('n ngoUi BUo h thng. Oong nhDng thUnh #h0n mj $ng

:6t6n!ion; t$'n ?n > nhiCu hn h*. ko I> Zfi$69all ID Bi*t $a Bi mong

mun > th% hn h* ti Ia thit hi ho m] h ng nhD ho hnh t$ang 96(Iang ID t$i%n Qhai.

3.1 Ong PjklRn UiVTWXSS

3.1.1 LRng ~ SieR \]Q VX YVQng FQQPSXv

Khi ngDEi dng t$u] `# BUo 96(!it6Y tF lU Ip > Q*t ni gia ngDEi dng BU

96(!it6. Giao din mU ngDEi dng nh5n thS] I> hnh lU do 8i69 ID th% hin

$a. Vi mt &om#on6nt a Joomla- &> th% > mt hoc nhiCu Bi69.

@hng qua 8i69 ngDEi dng > th% tD^ng t Bi 96(!6$B6$ I% !" dng

dh B tin h a n>. Wu t$5nh tD^ng t I# Fng ]'u 0u a ngDEi dng

ID 8i69 hu]%n ti*# ho &ont$ll6$.

H5nh 3.1 t luyng d liu BUo}$a t$ong Joomla-

@h6o m h5nh t$'n ta thS]

1. & ]'u 0u tr ngDEi dng IC ID hu]%n ti &ont$oll6$.

33


34/96


35/96


we!

H5nh 3.2 &Su t$+ mt om#om6nt Joomla- 1., I^n gin

I\] lU Su t$+ a mt om#on6nt > t'n lU omt6!t. & thUnh #h0n (t

(u 0n #hi > I> lU

7 Nil6 t6!t.#h# @'n t6!t Qhng #hi Ict mt h t] mU #hi Ict

t$ng Bi t'n a thD m Qhng > tiCn t om. Ih lU I% lS]

$a t'n hF nPng Qhi ngDEi dng ]'u 0u.

7 Nil6 ont$oll6$.#h# Nil6 nU] ! IiCu Qhi%n od6lY 8i69 ID

lS] $a thng qua t$u] BSn a ngDEi dng.

7 @hD m ont$oll6$! &> th% > hoc Qhng thD m nU]. IS] hFa

&ont$oll6$ > hF nPng Qh nhau t6!tY a##liation

7 @hD m mod6l! @hD m nU] hFa mt ha] nhiCu od6l t] BUo

ngDEi #ht t$i%n th'm hF nPng BUo. & fil6 t$ong IS] #hi > t'nging Bi t'n a &ont$oll6$. Ih lU Joomla- dTa BUo t'n

fil6 nU] I% Ict t'n ho la!! t$ong mVi fil6.

7 @hD m Bi69! @$ong I\] hFa 8i69 BU La]out I% hi%n th ho

ngDEi dng nhng d liu mU hb ]'u 0u. Vi mt 8i69 tD^ng Fng

3,


36/96


37/96


we!

8i69

Zla!! Zfi$69all&ont$oll6$.ont$oll6$

ont$oll6$ n69 Zla!!:;

7 Nil6 ont$oll6$.#h# mc Inh h thng ! t$s I*n fil6 nU] I%n IiCu

Qhi%n BU gbi $a hF nPng n*u >. =*u > nhiCu h^n mt hF nPng

> th% I% &ont$oll6$ BUo t$ong thD m ont$oll6$!.

8 d

}} IDEng dn ti thD Bin ont$oll6$. /t (u #hi >

Xim#o$t:Xoomla.a##liation.om#on6nt.ont$oll6$;

la!! Zfi$69all&ont$oll6$ 6t6nd! J&ont$oll6$

}} hUm nU] ! ID gbi I0u BU thT thi I0u ti'n Qhi

&ont$oll6$ ID gbi ti.

funtion on!t$ut:;

#a$6nton!t$ut:;

}} IiCu Qhi%n lS] 8i69Y La]out 0n thi*t. od6l ng > th%

ID lS] j I\].

funtion di!#la]:;

3


38/96


we!

J~6qu6!t!6t8a$:Bi69Y #an6l;

J~6qu6!t!6t8a$:la]outY d6fault;

#a$6ntdi!#la]:;

7 Nil6 tool(a$.fi$69all.#h# @o thanh m6nu ho Zfi$69all.

8 d hUm to m6nu #h0n Su h5nh Zfi$69all.

funtion O|@@w=GO:;

J@ool/a$H6l#6$titl6: J@6t: &Su h5nh tDEng l"a ;Y

g6n6$i.#ng ;

J@ool/a$H6l#6$(aQ:;

J@ool/a$H6l#6$!aB6:;

7 &ont$oll6$!

&hFa nhng hF nPng a Zfi$69all onfig :Su h5nh fi$69all;Y

i#(laQli!t :qun l danh !h wx ( Sm;Y log :qun l log fil6;

3


39/96


we!

H5nh 3.3 & &ont$oll6$ a Zfi$69all

8 d &ont$oll6$ IiCu Qhi%nY qun l nh`t Q t$ang 96(

}} lS] 8i69 BU od6l tD^ng Fng I% thT thi BU hi%n th giao din

funtion di!#la]:;

Bi69 thi!7g6t8i69:log;

mod6l thi!7g6tod6l:log;

Bi697!6tod6l:mod6l;

Bi697di!#la]:;

7 od6l!

&hFa od6l tD^ng Fng Bi trng hF nPng a Zfi$69all.

3z


40/96


we!

H5nh 3.4 & od6l t$ong Zfi$69all

od6l thT thi t$u] BSn ti &OkL BU lS] d liu 0n thi*t mVi Qhi

&ont$oll6$ gbi I*n.

8 d od6l lS] d liu log tr &OkL

}} hUm lS] d liu

funtion g6tkata:;

d( JNato$]g6tk/v:;

q O|L|&@ N~v fi$69alllog!

d(7!6tWu6$]:qYthi!7g6tOtat6:limit!ta$t;Ythi!7

g6tOtat6:limit;;

it6m! d(7loadv(X6tLi!t:;

if:d(7g6t|$$o$=um:;;

}} t$ BC lVi

J|$$o$$ai!6a$ning: ,


41/96


we!

H5nh 3., & 8i69 t$ong Zfi$69all

8i69 ID &ont$oll6$ gbi I*n BU lS] d liu tr od6l! dTa BUo #hD^ng

thF g6tod6l.

8 d 8i69 nU] Inh ngha hi%n th mUn h5nh qun t$ nh`t Q a t$ang 96(.

funtion di!#la]:t#lnull;

}} lS] d liu tr mod6l (ng #hD^ng thF g6tod6l

mod6l thi!7g6tod6l:log;

it6m! mod6l7g6tkata:;}} hi%n th la]out $a #ha ngDEi dng

#a$6ntdi!#la]:t#l;

7 xlugin

=h`n ]'u 0u tr ngDEi dng BU g"i d liu I*n h6l#6$ t$D Qhi d

liu Ii BUo om#on6nt " l.

41


42/96


43/96


we!

admin

Zfi$69all/loQ{!6$!:; }} Sm u!6$ BUo admin

7 H6l#6$!

&hFa hUm " l tSn ng nhD OWL inX6tionY ZOOY u#load

!h6llY H@@x flood [yng thEi ! t$ li thng (o ho ngDEi dng

(i*t n*u > dSu hiu tSn ng.

H5nh 3. H6l#6$! t$ong Zfi$69all

3.1. HQ}Y lsng cyX PQRn UiVTWXSS

43


44/96


we!

H5nh 3. O^ Iy hot Ing

Zfi$69all lU 1 tDEng l"a Fng dng 96(Y ID th h# t$T ti*# BUo h thng

96(!it6. => ID qun l j #ha (aQ76nd.

H thng a fi$69all (ao gym 4 Qhi ^ (n Khi thu th`# d liuY Khi " l

d liuY Khi hi%n th Q*t quY Log!. & Qhi nU] hot Ing thng !ut Bi nhau

t$ong qu t$5nh " l d liu.

X) Khqi YhR Yhp ~ SieR

=> lU mt #lugin. &> nhim B nh`n tSt d liuY ]'u 0u tr 96(

($o9!6$Y n>i hnh h^n lU ]'u 0u tr #ha ngDEi dng t$D Qhi d

liu nU] I*n om#on6nt. @St d liu nU] ICu ID hu]%n I*n hoQhi " l d liu I% #h\n th.

b) Khqi x SZ ~ SieRa

Khi " l d liu a Zfi$69all hnh lU H6l#6$Y nh`n thng tin tr Qhi thuth`# d liu. L+ nU]Y hUm t$ong H6l#6$ ! Qi%m t$a l0n lDt Qi%u tSn

ng mU Ip ID Inh ngha tr t$D. kTa BUo lu`tY dSu hin nh`n (i*t

mU Zfi$69all > th% Inh ID I\u lU t$u] BSn h# lY I\u lU t$u] BSn Qhng

h# l.

[i Bi Qhi nU] > m7Iun nhs nhD Qi%m t$a tSn ng OWL inX6tionY Qi%m

t$a tSn ng ZOOY Qi%m t$a tSn ng kkoOY Qi%m t$a {# !h6ll qua hF nPng

u#load fil6Y Qi%m t$a wx > thu danh !h /laQli!t ha] Qhng

Oau I> #h\n th d liu ongY Qhi nU] ! IDa $a nh (o n*u t5m thS] dSu

hiu tSn ng.

c) Khqi ghi SQg^a

44


45/96


we!

Ghi li toUn ( nhng !T (St thDEng t$ong qu t$5nh Qi%m t$a d liu a Khi "

l d liu. 8i ghi log nU] gi+# ngDEi qun t$ > th'm thng tin BC lViY h

thF tSn ng I% > nhng (in #h# Q# thEi !"a ha BU ngPn hcn.

) Khqi hiun Yht mY Ra

Hi%n th nh (o BC lVi ho ngDEi dng (i*t n*u Bi #hm lu`t Ip ID

Inh ngha a Khi " l d liu.

3.1.5 C]i lY

X) C]i lYaWu t$5nh Ui Ict $St I^n gin

7 8Uo t$ang qun t$

7 @i #h0n mj $ngY hbn Ui IctY tho g.

7 @i giao din Ui Ict hbn fil6 Ui Ict

7 /Sm n+t Ui Ict I% Ui Ict fi$69all.

H5nh 3.z &Ui Ict modun Zfi$69all

4,


46/96


we!

H5nh 3.1< Giao din hnh a Zfi$69all

@i giao din hnh a hD^ng t$5nhY > m O6ttingY Mdmin LoQ6$Y wx

(laQli!tY Otati!ti!Y MttaQY Log!. @$ong I>

7 O6tting xh0n Su h5nh tDEng l"a.

7 Mdmin loQ6$ [\] lU hF nPng Ict #a!! ho t$ang qun t$ dTa BUo

.ht#a!!9d.

7 wx (laQli!t LU #h0n qun t$ danh !h wx ( Sm t$u] `# BUo

t$ang 96(.

7 Otati!ti! xh\n th luyng d liu I% > (in #h# #h?ng hng.

7 MttaQ nU] I% Su h5nh Qi%u tSn ng.

7 Log! = i ghi nh`t Q t$ang 96(

b) CR hznha&> 2 m 0n ID Su h5nh t$ong Zfi$69all #h0n O6tting BU

#h0n MttaQ!.

[i Bi #h0n O6tting

7 O6$6t linQ &Su h5nh linQ an toUn ho admin.

Otatu! (`t ha] tt hF nPng linQ an toUn

O6$6t Q6] Ict tr Qh>a an toUn Qhi BUo admin.

~6di$6t linQ &hu]%n hDng ngDEi dng !ang t$ang Qh. c

Inh lU BC t$ang h.

4)


47/96


we!

H5nh 3.11 &Su h5nh linQ an toUn

7 /aQ6nd M6!! &ont$ol &Su h5nh t$u] `# BUo admin.

o a!t6$ #a!!9o$d [ct u!6$ BU #a!!9o$d ho tDEng l"a

o {!6$! li!t &ho #h# nhng ngDEi dng nUo ID #h# BUo t$ang

qun t$.

o &om#on6nt! li!t &ho #h# nhng hF nPng nUo ID #h# !"

dng t$ong t$ang qun t$.

4


48/96


49/96


we!

o @im6 9ait @hEi gian hE ho mVi l0n Qh>a tm thEi.

o a onn6t O l0n Q*t ni ti ti Ia t$ong mt Qhong thEi gian

ho #h#.

o @im6 limit Qhong thEi gian ho #h# Fng Bi ! Q*t ni ti Ia.

H5nh 3.14&Su h5nh hng tSn ng kkoO7 {#!h6ll &Su h5nh hng u#!h6ll thng qua fil6.

o /loQ {#!h6ll attaQ /`t ha] Qhng (`t hF nPng nU] l'n. c

Inh lU (`t.

o wn!6$t fil6 t]#6=h`# Iui mj $ng a fil6 mun Sm.

4z


50/96


we!

H5nh3.1, Su h5nh u#!h6ll

3. MsY ^q chc nng cyX PjklRn UiVTWXS

3..1 E2L in`TcYiQn AYYXc

OWL inX6tion lU mt Qe thu`t tSn ng ho #h# nhng Q Su li dng lV hAng

t$ong Bi Qi%m t$a d liu nh`# t$ong Fng dng 96( BU thng (o lVia h qun t$ ^ !j d liu :HW@ &OkL; I% ti'm BUo inX6t BU thi hUnh \u

lnh OWL (St h# #h#. K*t qu lU nhng Q tSn ng > th% th'mY >aY !"aY hi%n

th d liu t$ong ^ !j d liu :&OkL; mU Qhng 0n #hi BUo t$ang qun t$.

=gu]'n nh\n h ]*u dn I*n lVi OWL inX6tion h ]*u lU do l`# t$5nh. =hng

ngDEi #ht t$i%n Qhng Qi%m t$a Qe d liu nh`# BUo n'n nhng Q tSn ng d

dUng Qhai th dT liu mt h t$i #h#.

kSu hiu nh`n (i*t $ nhSt hnh lU Q*t qu t$ BC Qhi th'm dSu mp H@LR2 BUo 1 (i*n t$'n thanh Ia h. =*u uSt hin lVi BC !ai \u lnh OWL ngha

lU Qh nPng lVi OWL inX6tion $St ao. Wua I>Y Q tSn ng > th% thT thi \u

lnh OWL mU h+ng mun. Khi Qhai th d liuY \u lnh OWL thDEng

u]'n ID !" dng {nionY O6l6tY v$d6$ /]Y &onatY G$ou#onatY

HaBing

,


51/96


we!

t lVi na ng 0n #hi nh ti I> hnh lU (] #a!!. LVi nU] ho #h# Q tSn

ng IPng nh`# mt h (St h# #h# mU Qhng 0n #hi I+ng tUi Qhon. ko

Qhng Qi%m t$a t'n IPng nh`# BU m`t Qh_u hFa Q tT Ic (itY n'n ] $a lVi.

H5nh 3.1) &Su h5nh hng tSn ng OWL inX6tion

kTa BUo dSu hiu t$'nY t$ong #h0n Su h5nh Qi%u tSn ngY t$ong #h0n

Su h5nh Qi%u tSn ng OWL inX6tion > m Inh ngha tr Qh>a thDEng (

Qhai th t$ong Qi%u tSn ng nU]. c d $St th ngY nhDng n> ng ts $a hiu

qu t$ong Qi%u tSn ng nU].

,1


52/96


we!

sd Dynamic View

BEGIN

Web Browser

Data

Check SQL

injection Attack

Alert Message

END

Write Log

datastore

Table Log

No

Yes

H5nh 3.1 O^ Iy hot Ing Qi%m t$a tSn ng OWL inX6tion

Khi thT hin mt t$u] BSn t$'n thanh Ia h

htt#}}loalho!t}Xoomla}ind6.#h#

o#tionomont6ntBi69a$til6id2,R2R2wt6mid2

,2


53/96


we!

[on mp Qi%m t$a linQ OWL inX6tion

#$6gmath:d:.im#lod6:Y Q6]9o$d;.;di!Yu$l; #$6gmath:.

#$6fi.:9;!Yu$l; ;=*u t$ong linQ > hFa tr Qh>a t$ong #h0n Su h5nh hoc hFa tiCn t a

(ng t$ong &OkL th5 ! ( hcn li BU ghi log.

H5nh 3.1 &nh (o lVi OWL inX6tion

3.. EE AYYXc

&$o!!7Oit6 O$i#ting ha] ?n ID gbi tt lU ZOO :tha] B5 gbi tt lU &OO I% t$nh

nh0m ln Bi &OO7&a!ading Ot]l6 Oh66t a H@L; lU mt Q thu`t tSn ng

(ng h hn BUo 96(!it6 Ing :MOxY xHxY &GwY JOx ...; nhng thH@L ha] nhng Ion mp !$i#t ngu] hi%m > th% g\] ngu] hi ho nhng

ngDEi !" dng Qh. @$ong I>Y nhng Ion mp ngu] hi%m IT^ hn BUo h0u

h*t ID Bi*t (ng &li6nt7Oit6 O$i#t nhD JaBaO$i#tY JO$i#tY kH@L BU

ng > th% lU th H@L.

Hot Ing 8C ^ (n ZOO ng nhD OWL wnX6tion ha] Oou$6 wnX6tionY n>

ng lU ]'u 0u :$6qu6!t; ID g"i tr m] li6nt ti !6$B6$ nhm hn

BUo I> thng tin BDt qu t0m Qi%m !ot a !6$B6$. => > th% lU mt $6qu6!tID g"i tr fo$m d liu hoc ng > th% I> h lU {~L nhD lU

htt#}}999.6am#l6.om}!6a$h.giqu6$]!$i#tal6$t:ZOO -;}!$i#t

[c Ii%m nh`n (i*t Qi%u tSn ng nU] lU mp h>a Ion mp ZOO (ng mp

H|Z. @hng thDEng lU IDEng linQY fo$mY if$am6 ng > th% t$ong mp

,3


54/96


we!

!! hFa !$i#t I hi nhm lS] # thng tin nhD ooQi6Y !6!!ionY

u!6$nam6Y #a!!9o$d mU ngDEi dng Qhng hC ha] (i*t.

8 d

CVQ^^kEiYT EcVipYing

htt#}}999.6am#l6.om}login}u!6$foo#a!!(a$failu$l R


55/96


we!

sd Dynamic View

BEGIN

Web Browser

Data

Check XSS At tack

Alert Message

END

Write Log

datastore

Table Log

No

Yes

H5nh 3.1z O^ Iy Qi%m t$a tSn ng ZOO

p Qi%m t$a ZOO th6o #hD^ng thF G|@Y xvO@Y ~|W{|O@

,,


56/96


we!

7 Ki%m t$a tr Qh>a XaBa!$i#t

$a1 M$$a]:}: t$n;XaBa!$i#tY }: t$n;B(!$i#tY : t$n;

6#$6!!ionY : t$n;a##l6tY : t$n;m6taY : t$n;mlY :t$n;(linQY : t$n;linQY : t$n;!t]l6Y : t$n;!$i#tY :

t$n;6m(6dY : t$n;o(X6tY : t$n;if$am6Y : t$n;f$am6Y

: t$n;f$am6!6tY : t$n;ila]6$Y : t$n;la]6$Y : t$n;

(g!oundY : t$n;titl6Y : t$n;(a!6;

$a2 M$$a]:ona(o$t: t$n; Y onatiBat6: t$n; Y

onaft6$#$int: t$n;Y onaft6$u#dat6: t$n;Y on(6fo$6atiBat6: t$n

; Y on(6fo$6o#]: t$n; Y on(6fo$6ut: t$n;Yon(6fo$6d6atiBat6: t$n;Y on(6fo$66ditfou!: t$n; Y

on(6fo$6#a!t6: t$n;Y on(6fo$6#$int: t$n;Y on(6fo$6unload:

t$n;Y on(6fo$6u#dat6: t$n;Y on(lu$: t$n;Y on(oun6:

t$n;Y on6llhang6: t$n;Y onhang6: t$n;Y onliQ: t$n

; Y onont6tm6nu: t$n;Y onont$ol!6l6t: t$n;Y ono#]:

t$n; Y onut: t$n; Y ondataaBaila(l6: t$n; Y

ondata!6thang6d: t$n;Y ondata!6tom#l6t6: t$n;Y ond(lliQ:

t$n;Y ond6atiBat6: t$n;Y ond$ag: t$n;Y ond$ag6nd: t$n

;Y ond$ag6nt6$: t$n;Y ond$agl6aB6: t$n;Y ond$agoB6$: t$n

; Y ond$ag!ta$t: t$n;Y ond$o#: t$n;Y on6$$o$: t$n;Y

on6$$o$u#dat6: t$n; Y onfilt6$hang6: t$n;Y onfini!h: t$n;Y

onfou!: t$n; Y onfou!in: t$n; Y onfou!out: t$n; Y

onh6l#: t$n; Y onQ6]do9n: t$n; Y onQ6]#$6!!: t$n; Y

onQ6]u#: t$n;Y onla]outom#l6t6: t$n;Y onload: t$n;Y

onlo!6a#tu$6: t$n; Y onmou!6do9n: t$n;Y onmou!66nt6$: t$n; Y onmou!6l6aB6: t$n; Y onmou!6moB6: t$n; Y

onmou!6out: t$n; Y onmou!6oB6$: t$n; Y onmou!6u#: t$n;Y

onmou!69h66l: t$n;Y onmoB6: t$n;Y onmoB66nd: t$n;Y

onmoB6!ta$t: t$n;Y on#a!t6: t$n;Y on#$o#6$t]hang6: t$n;

Y on$6ad]!tat6hang6: t$n;Y on$6!6t: t$n;Y on$6!i6: t$n;

,)


57/96


we!

Y on$6!i66nd: t$n;Y on$6!i6!ta$t: t$n;Y on$o96nt6$: t$n;

Y on$o96it: t$n;Y on$o9!d6l6t6: t$n;Y on$o9!in!6$t6d: t$n

;Y on!$oll: t$n;Y on!6l6t: t$n;Y on!6l6tionhang6: t$n

; Y on!6l6t!ta$t: t$n;Y on!ta$t: t$n;Y on!to#: t$n;Y

on!u(mit: t$n;Y onunload: t$n;;

7 Ki%m t$a d liu Ip ID mp h>a (ng mp H|Z

#$6g$6#la6:}:Z


58/96


we!

H5nh 3.21 t tSn ng kkoO

kkoO :ki!t$i(ut6dk6nial of O6$Bi6; &ng tD^ng tT nhD tSn ng ko! nhDng

Bi DEng I ng nhD qu] m ln h^n $St nhiCu. K tSn ng !" dng $St nhiCu

wx BU IiCu Qhi%n nhng wx ng mt l+ t$u] `# BUo !6$B6$.K*t qu a It tSn ng koO ha] kkoO lU

k & gng hi*m (Png thng mng BU lUm h thng mng ( ng`# lt

:flood;Y Qhi I> h thng mng ! Qhng > Qh nPng I# Fng nhng

dh B Qh ho ngDEi dng (5nh thDEng.

k & gng lUm ngt Q*t ni gia hai m]Y BU ngPn hcn qu t$5nh t$u] `#

BUo dh B.

k & gng ngPn hcn nhng ngDEi dng th% BUo mt dh B nUo I>

k & gng ngPn hcn dh B Qhng ho ngDEi Qh > Qh nPng t$u]

`# BUo.

Khi tSn ng koO ] $a ngDEi dng > m gi Qhi t$u] `# BUo dh B I>

nhD (

,


59/96


we!

7 ki!a(l6 =6t9o$Q 7 @t Q*t ni mng.

7 ki!a(l6 v$ganiation 7 @A hF ngDng hot Ing.

7 Ninanial Lo!! @Ui hnh ( mSt.

H5nh 3.22 &Su h5nh tSn ng kkoO

@hT t* Ip hFng minhY Qhi u tSn ng kkoO ] $aY l`# tF #h\n th !thS] ID lDu lDng mng $St Qh thDEng. ko I> h0u h*t thu`t ton #h\n

th #ht hin tSn ng kkoO hin na] ICu dTa t$'n tnh Qh thDEng a lDu

lDng mng. t ! ng ngh thng Q' ID # dng I% ti*n hUnh #h\n

thY thng Q' nhng lDu lDng ti lUm Bi I% #ht hin. @r nhng Qe thu`t

#h\n th nU]Y ! > nhng thu`t ton #ht hin I% IDa $a tham ! hoc ng

ngh thng Q'Y mF I ngu] hi%m a u tSn ng.

t ! h #ht hin tSn ng kkoOk xh\n th lDu lDngY (Png thng

k xh\n th t l g>i tin : ]'u 0u; t$ong 1 I^n B thEi gian

k @ l g>i tin I*n BU Ii

k xhD^ng #h# thng Q'

,z


60/96


we!

k @h6o di Ia h wx nguyn

k ...

&> nhiCu h hn h* tSn ng kkoO nhDk O" dng .ht#a!!9d hcn linQ (t I0u t$u] `# BUo t$ang 96(. [iCu nU]

! hn h* t$u] `# t$T ti*# BUo 96(

k O" dng !$i#t Qi%m t$a ooQi6 mVi Qhi BUo linQ a t$ang 96(.

=*u Q*t ni nUo hDa to ooQi6 ! ( hcn li.

k

Zfi$69all Ip !" dng #hD^ng #h# thng Q' g>i tin I*n t$ong 1 I^n B thEi

gian I% #ht hin tSn ng koO BU thng Q' lDng t$u] `# t$ung (5nh I% #ht

hin tSn ng kkoO.

8i tSn ng koO > tham !

k =um(6$ loQout O l0n ( Qh>a tm thEi a 1 wx.

k @im6 9ait @hEi gian hE ho mVi l0n Qh>a.

k a onn6t ! Q*t ni ti Ia t$ong 1 Qhong thEi gian.

k @im6 limit Qhong thEi gian mU 1 Q*t ni ID tnh ( gii hn.

@ ! gia ma onn6t BU tim6 limit lU IiCu Qin I% nh`n (i*t ID nhng

]'u 0u nUo lU h# l BU nhng ]'u 0u nUo lU Qhng h# l. =*u BDt qua th5 wx

I> ! ( Qh>a tm thEi. =*u ! l0n Qh>a tm thEi BDt qu ho #h# th5 wx I> !

( Sm Bnh Bin. t ]'u 0u (5nh thDEng gi !" t$ong mt gi\] h 0n mj tr

2 I*n 3 t$ang. =*u t$ong mt gi\] mU mj nhiCu h^n th* ! ID oi lU (St (5nh

thDEng. 8U nhng t$u] `# (St thDEng nU] ! ( h thng IDa $a nh (o.3.. "p ^hTSS

/ng Bi li dng qu t$5nh u#load fil6Y Q tSn ng ti fil6 Bi Ion mp

thT thi I% thT hin hi*m qu]Cn IiCu Qhi%n h thng ha] lS] # thng tin

)


61/96


we!

t$ong &OkL ha] lU tSn ng nhng t$ang 96( Qh ng nm t$'n !6$B6$ :loal

attaQ;.

H5nh 3.23 &Su h5nh hng u# !h6ll

Zfi$69all ! Sm tSt fil6 > #h0n mj $ng Ip ID Su h5nh. [yng thEiY

Zfi$69all ng ! Qi%m t$a nhng fil6 nh nhm t$nh Bi dSu mp I BUo

nh. =*u t$ong fil6 nh > hFa th html th5 ! >a (s fil6 BU IDa $a hnh (o ti ngDEi dng. p Qi%m t$a

htmltag!

a$$a]:a(($Ya$on]mYadd$6!!Ya##l6tYa$6aYaudio!o#6Y(a!6Y(a!6fontY(doY(

g!oundY(igY(laQfa6Y(linQY(loQquot6Y(od]Y(qY($Y(uttonYa#tionY6nt6$

Yit6Yod6YolYolg$ou#Yomm6ntYu!tomYddYd6lYdfnYdi$YdiBYdlYdtY6mY

)1


62/96


we!

6m(6dYfi6ld!6tYfnYfontYfo$mYf$am6Yf$am6!6tYh1Yh2Yh3Yh4Yh,Yh)Yh6adY

h$YhtmlYif$am6Yila]6$YimgYin#utYin!Yi!ind6YQ6]g6nYQ(dYla(6lYla]6$Yl6g6

ndYliYlimitt6tYlinQYli!tingYma#Yma$qu66Ym6nuYm6taYmultiolYno($Yno6m

(6dYnof$am6!Yno!$i#tYno!ma$tquot6!Yo(X6tYolYo#tg$ou#Yo#tionY#a$amY#l

aint6tY#$6Y$tY$u(]Y!Y!am#Y!$i#tY!6l6tY!6$B6$Y!hado9Y!id6(a$Y!mallY!#

a6$Y!#anY!t$iQ6Y!t$ongY!t]l6Y!u(Y!u#Yta(l6Yt(od]YtdYt6ta$6aYtfootYthYth

6adYtitl6Yt$YttYulYBa$Y9($YmlYm#Y-kv&@x|Y -77;

fo$6ah:htmltag! a! tag;

}} Qi%m t$a t$ong fil6 nh > hFa th html ha] Qhng

if:!t$i!t$:!!h6QY .tag. ; !t$i!t$:!!h6QY .tag.;; unlinQ:fil6itm#nam6; }} >a fil6

Zfi$69alllog!:m6diumY MttaQ!g6twx:;. [ang gng

u#load fil6.fil6nam6.. LVi ZOO; }} ghi log fil6

Zfi$69allh6ad6$:4 th% Qhng h* 1 ! hF nPng t$ong

#h0n qun t$Y ngPn Qhng ho nhng ngDEi !" dng > th% t$u] `# BUo 1 h

t$i #h#.

)2


63/96


we!

H5nh 3.24 &Su h5nh Sm hF nPng t$ong #h0n qun t$

xha admin $St quan t$bng. =*u tUi Qhon admin ( mSt > th% dn ti mSt toUn

( d liu hoc ngu] ^ ( hi*m dng !6$B6$. &hF nPng Ui Ict ! ( li

dng I% u# !h6ll. 85 B`]Y t$ong nhng t$DEng h# Qhng !" dng ti th5 n'n

Qh>a hF nPng Ui Ict nU] li.

@$ong danh !h hF nPngY n*u hbn hF nPng nUo th5 nhng hF

nPng I> ! ID !" dngY ?n li ! ( Sm.

3..6 Chn R^TV

8i hcn u!6$ nU] ! hng li ID tSn ng l6o thang Ic qu]Cn I% hi*m

#h0n qun t$ t$ong admin. &ho n'nY m Ih a hcn u!6$ nU] lU gii hn mt! thUnh Bi'n t$ong nh>m qun t$ > th% t$u] `# ID BUo t$ang qun t$.

H5nh 3.2, &Su h5nh hcn u!6$ t$u] `# BUo #h0n qun t$

=*u ho #h# u!6$ nUo ID t$u] `# BUo admin th5 h Bi hbn t'n u!6$ t$ong

#h0n {!6$! (laQli!t. & u!6$ ?n li Qhng ID hbn ! ( Sm t$u] `# BUo

linQ admin.

)3


64/96


we!

3..7 Chn

H5nh 3.2) Giao din qun t$ wx ( Sm

&hF nPng nU] ho #h# ngDEi qun t$ > th% th'm 1 hoc 1 di Ia h wxY B

d 1z2.1).1.1Y 1z2.1).1..

&> ngha lU n*u ngDEi t$u] `# > Ia h lU 1z2.1).1.1 hoc t$ong di Ia h

1z2.1).1.1 I*n 1z2.1).1.2,4 ! ( Sm t$u] `# BUo t$ang 96(. 8i Sm 1 !

wx ha] 1 di Ia h wx ! hn h* #h0n nUo t$ong u tSn ng koO ha]

kdoO.

3..I >Q \e Sin XPin

@$ang qun t$ lU t$ang > th% t] hnh thng !Y th'm Y !"aY >a

thng tin a t$ang 96(. => qu]*t Inh !T tyn ti a mt 96(!it6. Khi ( hi*m

qu]Cn IiCu Qhi%n t$ang qun t$ th5 mbi d liu a t$ang 96( I> Ip ( l BU mSt.

85 B`] Bi (o B t$ang qun t$ lU IiCu tSt ]*u.

LUm h nUo I% > th% (o B t$ang qun t$ [i Bi XoomlaY > ^ h* IPngnh`# (ng giao thF OOL lUm tPng tnh an toUn ho qu t$5nh IPng nh`# a

ngDEi qun t$. =hDng Ii%m hn h* a n> hnh lU IDEng dn ti t$ang qun

t$. 8i mt IDEng dn ti t$ang admin mc Inh nhD th* ! d dUng ho haQ6$

t5m $a. Khi Ip > tUi Qhon admin ha] tUi Qhon thu nh>m qun t$Y ] ! t$u]

`# BUo IDEng dn nU] BU hi*m qu]Cn IiCu Qhi%n.

)4


65/96


we!

Gii #h# IDa $a ho BSn IC nU] lU IAi linQ adminY Ict #a!! BUo linQ admin.

& hF nPng nU] Ip ID th h# BUo om#on6nt fi$69all nhm hn h*

Qi%u tSn ng !anning t5m linQ admin !au Qhi ( haQ6$ lS] ID #a!! admin.

Kh nPng > th% t5m ID linQ Qhi th'm tiCn t BUo u$l lU $St thS#. @$ong Qhi I>YhF nPng Ict #a!! BUo linQ admin dTa BUo .hta6!! BU .ht#a!!9d ng $St hiu

qu Qhi hng li Qi%u tSn ng t$'n.

H5nh 3.2 &Su h5nh to linQ an toUn ho admin

Khi Ip ho #h# to linQ an toUn ho adminY th5 linQ t$u] `# BUo ! Qhng #hi

lU linQ mc Inh (an I0u na mU > dng

htt#}}loalho!t}Xoomla}admini!t$ato$}!6$6tQ6]

hochtt#}}loalho!t}Xoomla}admini!t$ato$}ind6.#h#!6$6tQ6]

@$ong I> !6$6tQ6] lU Qh>a ( m`t Ip ID nh`# t$ong #h0n Su h5nh a tDjng

l"a. =*u t$u] `# I+ng th5 ! BUo giao din IPng nh`#Y ?n Qhng I+ng th5 !

),


66/96


we!

hu]%n I*n t$ang Ip ID Inh ngha t$ong m ~6di$6t #ath. c Inh lU

qua] t$j BC t$ang h.

O" dng fil6 .ht#a!!9d BU .hta6!! ng lU mt gii #h# (o m`t ho #h0n

qun t$.

H5nh 3.2 &Su h5nh Ict #a!!9o$d !" dng .ht#a!!9d

Khi I>Y mVi Qhi t$u] `# BUo t$ang qun t$Y ngDEi dng #hi IPng nh`# Bi t'n

BU m`t Qh_u Ip ID to Qhi Su h5nh.

H5nh 3.2z Giao din IPng nh`# Qhi Su h5nh Ict #a!! (ng .ht#a!!9d

))


67/96


we!

3..J MX^YTV pX^^WQV

&hF nPng nU] nhm (o B fi$69all Qhsi ( nhng ngDEi Qh BUo I% hnh

!"a Su h5nh fi$69all. [iCu nU] $St ngu] hi%m. Gii !"Y mt ngDEi dng > qu]Cn

anag6 IPng nh`#. Hb Bn > th% !" dng om#on6nt fil69all nU]Y (ji B5

Xoomla 1., hDa hV t$ hF nPng #h\n qu]Cn I*n trng om#on6ntY I*n trng

hF nPng th% mU h lU #h0n qu]Cn mc Inh a Xoomla. 85 B`]Y nhng

ngDEi nU] Bn > qu]Cn !" dng fi$69all.

H5nh 3.3< &Su h5nh a!t6$ #a!!9o$d

Khi hF nPng a!t6$ #a!!9o$d ID (`tY ngDEi dng :nh>m qun t$; mun !"

dng fi$69all th5 #hi IPng nh`# Bi u!6$nam6 BU #a!!9o$d a ma!t6$ #a!!9o$d

th5 hb mi > th% t$u] `# BUo fi$69all.

H5nh 3.31 Giao din IPng nh`# a!t6$ u!6$

3..1 hi SQg

Ghi log lU mt hF nPng 0n thi*t ho ngDEi qun t$ #h\n thY Inh gi nhng

(St thDEng ] $a Qhi 96( !it6 hot Ing. Wua I>Y admin > nhng (in #h# "

l Q# thEi.

)


68/96


69/96


we!

k Mdmin tool! ko aQ66(a(aQu#.omY lU ng h*t !F mnh m.

Khng h (o B 96(!it6 mU ?n (o B ('n t$ong t$ang qun t$.

=> > th% nh (o ho ngDEi qun t$ (i*t BC nhng tha] IAiY nhng

Ui Ict mi ha] nhng `# nh`t mi.

k XHaQGua$d [D thi*t Q* (ji !it6g$ound.om. [c Ii%m nAi (`t lU

nhY hng ID mt ! Qi%u tSn ng ^ (n nhD ZOOY ~6mot6 &od6

|6ution!Y OWL inX6tion

k O6u$6LiB6 LU h thng an ninh ti'n ti*nY Bi hF nPng (o B

n\ng ao ho nhiCu f$am69o$Q Qh nhau. [D \] dTng (ji

!6u$6liB6.om.

Wu t$5nh Qi%m t$a gym lVi !au

k /lind OWL wnX6tion

k koO

k Nil6 u#load

k Nil6 inlu!ion

k ZOO

3.3.1 >Sin E2L n`TcYiQn

O" dng linQ !au

ind6.#h#o#tionomont6ntBi69a$til6id71 union !6l6t

1Y2Y3Y4Y,Y)YYYzY1


70/96


71/96


we!

K*t qu

k Zfi$69all [p #ht hin $a BU t$ BC t$ang lVi.

k ~Ofi$69all Khng #ht hin $a.k XNi$69all Khng #ht hin $a.

k Mdmin tool! Khng #ht hin $a.

k XHaQGua$d Khng #ht hin $a.

k O6u$6LiB6 Khng #ht hin $a.

3.3. @iST incSR^iQn

@i*n hUnh Qi%m t$a Bi linQ

ind6.#h#o#tionomont6ntBi69..}..}..}..}..}..}..}..}..}..}..}6t}#a!!9d

K*t qu

k Zfi$69all [p #ht hin $a BU t$ BC t$ang lVi.

k ~Ofi$69all Khng #ht hin $a.

k XNi$69all Khng #ht hin $a.k Mdmin tool! Khng #ht hin $a.

k XHaQGua$d Khng #ht hin $a.

k O6u$6LiB6 Khng #ht hin $a.

3.3.5 EE

Ki%m t$a Bi linQ

ind6.#h#o#tionomont6ntBi69a$til6id2wt6mid1


72/96


73/96


we!

#h_m tu] hDa #hi toUn din nhDng n> ng hFng ts ID #h0n mCm > th%

#ht hin BU hng li ID nhng tSn ng #hA (i*n nhSt hin na].

Zfi$69all > th% #ht hin BU hng li Qi%u tSn ng koO dng flood H@@x.

=hng tDEng l"a ng loi mi h nh`n (i*t ID Qi%u tSn ng dTa BUo t$5nh

du]t t$u] `# > #hi lU mt t$5nh du]t ha] Qhng. =hiCu Qi%u tSn ng Ip lUm

gi ID t'n t$5nh du]tY IiCu nU] ! B dng ho nhng tDEng l"a dTa BUo dSu

hiu nU]. 8 d nhD ~Ofi$69all a ~OXoomla.

&> nhiCu h I% hng li nhm hn h* u tSn ng koO BU kkoO. t

t$ong ! lTa hbn I> lU !" dng ooQi6 ng Bi #hD^ng #h# thT I%

t$nh t$u] BSn t$T ti*# BU tT do t$u] `# a Ii tDng !" dng. ko B`]Y n>

lUm gim tnh !n !Ung a t$ang 96(. I\]Y Zfi$69all !" dng ^ h* dTa BUo

! t$u] BSn ti !6$B6$ I% hn h* Qi%u tSn ng. 85 B`]Y tnh !n !Ung lU lun

lun >. [i Qhi ng > th% nh0m ln Bi ]'u 0u hnh Ing nhDng Qhng

> h ngPn hcn nUo > th% t$it I% BU Qhng > $i $o mU nhSt lU tSn ng

koO ha] kkoO.

t h (o B an toUn ho admin I> hnh lU tha] IAi IDEng dn t$u] `# t$T

ti*# BUo #h0n IPng nh`# qun t$. =*u !" dng mt fil6 Qh I% IPng nh`# BUo

th5 ng > th% ( #ht hin nhDng th'm tr Qh>a an toUn BUo linQ th5 $St Qh> ho

Ion BU t5m $a tr Qh>a IS]. [iCu nU] ! gim Ing Q% ho tSn ng Qi%u

!anning I% t5m $a linQ g IPng nh`# BUo t$ang qun t$. Gi !"Y B5 mt lVi !^

nUo I> ha] mt Q tSn ng nUo I> D# ID tUi Qhon admin nhDng ] ng

Qhng th% nUo Ion $a ID linQ I% BUo #h0n qun t$ I% hi*m qu]Cn IiCu

Qhi%n.

@o $a fil6 .ht#a!!9d I% (o B t$ang admin. =gu] ^ ( haQ6$ hi*m qu]Cn

qun t$ $St ao Qhi t$ang 96( I> Qhng > #hD^ng #h# nUo I% (o B. 85 B`]Y

to $a mt fil6 .ht#a!!9d I% (o B ho t$ang qun t$ ! lU (F tDEng n Qhng

nhs ho nhng ai mun BDt qua n>.

3


74/96


we!

3.. Nh[c liuP

Khng > #h0n mCm nUo lU hoUn hoY mVi #h0n mCm ICu > nhng #h0n Qhng

tt a n>. Zfi$69all ng B`]Y tu] > th% #h?ng hng nhiCu Qi%u tSn ng !ong

n> Bn hDa ID hoUn hnh BU toUn din ng nhD #h?ng hng t$it I% nhng

Qi%u tSn ng mang tnh hSt mCm do Qh> > th% #ht hin nhD OWL inX6tionY

ZOO.

xh0n qun l hF nPng hDa thT !T ti Du. =*u !" dng #hD^ng #h# Ict

m`t Qh_u !" dng a!t6$ #a!!9o$d th5 ! hiu qu h^n $St nhiCu !o Bi Bi

Qh>a trng hF nPng. /ji B5Y Qhi Qh>a nhD B`]Y nga] admin > qu]Cn ao

nhSt ng Qhng th% nUo !" dng ID n>. [iCu nU] $St (St tin.

xh?ng hng koO BU kkoO Bn hDa thT !T hiu qu. c d !" dng #hD^ng

#h# thng Q' I% tPng tnh !n !Ung #h B dh B ho ngDEi dng nhDng

hnh IiCu nU] ng Qhng th% hcn mt h t$it I% tSn ng koO BU kkoO.

ko DEng I tSn ng a kkoO $St lU ln n'n Bi !" l d liu gc# Qh> QhPn.

8U Qh> #ht hin ID tSn ng kkoO B5 Qhng th% #h\n (it ID lDng t$u]

`# th`t o.

@Sn ng OWL inX6tion BU ZOO $St lU #hF t#Y d dUng BDt qua lu`t I%ti'm BUo Ip Ion mp t$u] BSn I hi. ct Qh nhng Qi%u tSn ng nU] >

tnh mCm do aoY Qh> > th% hng li mt h hoUn toUn. Hin na]Y > $St

nhiCu Qi%u tSn ng ZOO BU OWL inX6tion mi ID #ht hin $a. 85 B`]Y I%

ngPn hcn ID hiu qu BU gim thi%u thit hi th5 0n nhU #ht t$i%n #hi

hi%u $ ID t0m quan t$bng a m5nh t$ong Bi #ht t$i%n Fng dng. [yng

thEi #hi hi%u ID (n hSt a nhng tSn ng t$'n. Khi I> ! _n th`n h^n

t$ong qu t$5nh \] dTng #h0n mCm ID an toUn.

4


75/96


we!

K&' L"GN

8i Fng dng gii #h# MN I?i hsi mt qu t$5nh t$i%n Qhai l\u dUi B5 (n

th\n mi t$DEng wnt6$n6t Ip lun hFa ITng nhiCu $i $o tSn ng dh BY mpIY thD $Y..=gU] na]Y ng Bi nhu 0u #ht t$i%n p hiY dh B thD^ng mi

Iin t" mang I*n nhiCu tin h mua (n hUng t$'n mng onlin6Y giao dh

hFng QhonY Ict B Qhh !nY !\n (a]Y =hng Bi nU] ! to ^ hi tt ho

Q Su :haQ6$; t5m h tSn ngY Qhai th thng tin.

Gii #h# MN ID IDa $a I# Fng ID nhu 0u (o m`t Fng dng 96(

hin na]Y !ong ('n nh I> nhU ung S# dh B ng 0n #hi (i*t Q*t h#

Bi gii #h# tDEng l"a t$u]Cn thng nhm mang li mt gii #h# hoUnhnh ho toUn h thng IiCu na] hnh lU Bi a nhU th h# h thng

0n lUm.

KmY R l}Y l[c

@$'n I\] lU nhng Qi%u tSn ng I^n gin nhDng qua I> ho thS] mi hi%m

hba lun lun $5nh $`# ung quanh 96(!it6. & Qi%u tSn ng ngU] Ung

#hong #h+ BU Ia dng. @nh hSt ngu] hi%m BU mF I thit hi ngU] Ung ao.

ko I> nhng ngDEi #ht t$i%n #hi lun lun thS] ID $ t0m quan t$bng a

m5nh t$ong Bi #ht t$i%nY to $a #h0n mCmY #h0n mj $ng.

Zfi$69all > th% hng ID mt ! Qi%u tSn ng I^n gin nhDng hDa t$it I%

Bn ?n nhiCu Qi%u tSn ng Qh $St ngu] hi%m. @r I> ng ho thS]Y Zfi$69all

#h0n nUo ng Ip ts $a hiu qu t$ong Bi #h?ng hng BU (o B 96(!it6.

Oau h^n 1 thng nghi'n Fu BU #ht t$iCn #h0n mCmY 6m Ip \] dTng ong mt

hD^ng t$5nh > th% hng li mt ! Qi%u tSn ng thng dng nhDk OWL inX6tion.

k ZOO.

k {# !h6ll.

k koO.

,


76/96


we!

@h'm BUo I> lU #hD^ng #h# (o B #ha ngDEi qun t$ nhm gim thi%u $i

$o t$ong Bi l tUi QhongY mSt tUi QhonY l6o thang Ic qu]Cn tUi Qhon admin.

[i Bi tSn ng koO (ng #hD^ng #h# H@@x NloodY Zfi$69all Ip #ht hin BU

Sm wx a Q Iang tSn ng.

8i Qi%u tSn ng !anning admin th5 Zfi$69all ts $a hiu qu t$ong Bi hng

li. /ji B5 linQ admin Ip ID th'm BUo (ng mt t$u] BSn t$'n linQ n'n Q Su

Qh> > th% Ion ID Qh>a ( m`t nU] Qhi !" dng ng $? qut.

Zfi$69all > th% #ht hin $a nhng Qi%u tSn ng nhD lU u# !h6ll thng qua nh.

=hng Qi%u tSn ng nU] tu] I^n gin nhDng n*u Qhng _n th`n th5 $St d ( li

dng. Khi I> 96(!it6 ! gc# ngu] hi%m. Nh~ng h}n chm

&hDa ti Du h>a h thngY nhSt lU #h0n qun l hF nPng

[i Bi #h0n Qi%m t$a tSn ng koO Ii Qhi nh0m ln Bi ]'u 0u

(5nh thDEng.

Wu t$5nh Qi%m t$a d liu ho Qi%u tSn ng OWL inX6tion BU ZOO

?n I^n gin. 85 th*Y Q Su > th% thT hin tSn ng 96(!it6

Hdng phY YViun cyX l_ Y]i

@i Du h>a #h0n qun l hF nPng. O" dng hF nPng a!t6$

#a!!9o$d mt h ti Du I% hn h* Bi !" dng hF nPng mt

h t] tin. &hF nPng nU] $St hu h ho ngDEi qun t$ Qhi mU m`t

Qh_u ( l th5 Bn ?n mt l# thT na th5 mi ID !" dng

hF nPng.

HoUn thin hF nPng #h?ng hng kkoO I% gim thi%u ti Ia thit

hi. [% #ht hin tSn ng kkoO thT !T $St Qh> QhPnY Bi Inh

Ung !m Ung gim thit hi ho 96(. Oong Qhng #hi d dUng #ht

hin $a mt h hnh BU nhanh h>ng. 85 B`]Y Bi hoUn thin ^

h* dTa BUo #hD^ng #h# thng Q' ng mi #hD^ng #h# #h\n th

)


77/96


78/96


79/96


we!

H LC

}

funtion h6Qwx/laQLi!t:; Ki%m t$a 1 wx > nm t$ong danh !h Sm ha]

Qhng

=*u > th5 Sm Qhng ho t$u] `#

}

funtion h6Qwx/laQLi!t:i#;

i#! MttaQ!g6twx/laQLi!t:;

if:ount:i#!;


80/96


we!

[*m ! onn6t a mt wx t$ong 1 I^n B thEi gian.

=*u BDt qu gii hn nU] th5 wx ! ( Sm tm thEi

=*u ! l0n Sm tm thEi BDt qu ! l0n ho #h# th5 wx ( Sm Bnh Bin

}

funtion h6QkoO:;

i# MttaQ!g6twx:t$u6;

no9 tim6:;

attaQ Zfi$69allg6tMttaQ&onfig:;

tim6limit :int;attaQ7tim6limit

}} lS] numloQ ho mVi wx

numloQ MttaQ!g6t=umloQ:i#;

}} lS] ! $6qu6!t ti !6$B6$ a 1 wx

$o9! MttaQ!(uildWu6$]&h6QkoO/]wx:i#;

if:ount:$o9!;


81/96


we!

if:MttaQ!i!ku$ation:du$ationYtim6limit;;

ount }} n*u ! gi\] a 1 Q*t ni nhanh h^n gii hn th5

(i*t I*m tPng l'n 1

if:ount :int;attaQ7maonn6t;

}} $6!6t ount

ount a tm thEi

numloQ

}} u#dat6 numloQ

MttaQ!u#dat6=umloQ:$o97idYnumloQ;

}} [Da $a nh (o ho ngDEi dng

MttaQ!loQout:numloQYi#;

MttaQ!u#dat6=umloQ:$o97idYnumloQ;

}

Ki%m t$a linQY n*u hFa tr Qh>a Sm th5 t$ BC t$ang (o lVi

1


82/96


we!

}

funtion h6QOWLwnX6tion{~w:u$l;

onfig n69 J&onfig:;

#$6fi onfig7d(#$6fi


Q6]9o$d Zfi$69all6#lod6:attaQ7!qlQ6]9o$d;

}} Qi%m t$a Bi tr Qh>a thsa mpn unionY !6l6tY d6l6t6Y onat

if :#$6gmath:d:.im#lod6:Y Q6]9o$d;.;di!Yu$l;

#$6gmath:.#$6fi.:9;!Yu$l; ;

if:#$6gmath:.#$6fi.:9;!Yu$l;;

l6B6l high

6l!6 l6B6l m6dium

od6 OWLinX6tion attaQY u$l.Zfi$69all{$l|nod6:u$l;

Zfi$69alllog!:l6B6lYod6;

$6tu$n t$u6

$6tu$n fal!6

}

funtion h6QOWLwnX6tion:; Ki%m t$a gi t$

2


83/96


we!

a #hD^ng thF G|@YxvO@Y ~|W{|O@

}

funtion h6QOWLwnX6tion:a$$a];

glo(al o#tion

m6$g6$ n69 6$g6$M$$a]:a$$a];

$6!ult! m6$g6$7g6tM$$a]:;

onfig n69 J&onfig:;

#$6fi onfig7d(#$6fi


Q6]9o$d Zfi$69all6#lod6:attaQ7!qlQ6]9o$d;

fo$6ah :$6!ult! a! Balu6;

if :6m#t]:Balu6;; ontinu6

if :-i!!t$ing:Balu6;; ontinu6

}} Ki%m t$a {~L 6m ho hFa tr Qh>a OWL inX6tion ha] Qo

if :#$6gmath::.im#lod6:Y Q6]9o$d;.;i!YBalu6; #$6gmath:.

#$6fi.:9;!YBalu6;;

if:#$6gmath:.#$6fi.:9;!YBalu6;;l6B6l high

6l!6 l6B6l m6dium

od6 OWLinX6tion attaQY Balu6.Zfi$69all{$l|nod6:Balu6;

3


84/96


we!

Zfi$69alllog!:l6B6lYod6;

$6tu$n t$u6

$6tu$n fal!6

}

funtion Qi%m t$a tSn ng fil6 inlu!ion

}

funtion h6QNil6wnlud6:;

u$l MttaQ!g6t{~L:;

if:#$6gmath:..}uYu$l;;

}} Ghi log

Zfi$69alllog!:m6diumY OWL inX6tion attaQ fil6 inlu!ion;

}} [Da $a thng (o

Zfi$69allh6ad6$:4


85/96


we!

funtion i!OWLinX6tion:; Ki6m t$a loi OWL inX6tion dua Bao a $6qu6!t tu

{~LY G|@YxvO@

}

funtion i!OWLinX6tion:;

if :-6m#t]:O|~8|~~|W{|O@{~w;

MttaQ!h6QOWLwnX6tion{~w:u$ld6od6:O|~8|~~|W{|O@{~w;;;

$6tu$n t$u6 }} OWL wnX6tion

if :-6m#t]:G|@; MttaQ!h6QOWLwnX6tion:G|@;; $6tu$n t$u6 }}

OWL wnX6tion

if :-6m#t]:xvO@; MttaQ!h6QOWLwnX6tion:xvO@;; $6tu$n t$u6 }}

OWL wnX6tion

if :-6m#t]:xvO@; MttaQ!h6QOWLwnX6tion:~|W{|O@;; $6tu$n

t$u6 }} OWL wnX6tion

$6tu$n fal!6

}

funtion h6QNil6{#load:fil6!; Ki%m t$a tSt fil6 ID u#load l'n

=*u #ht hin nhng fil6 hFa mp I ! >a BU IDa $a nh (o.

}

funtion h6QNil6{#load:fil6!;

,


86/96


we!

}

Xim#o$t:Xoomla.fil6!]!t6m.fil6;


6t(loQ Zfi$69all6#lod6:attaQ7fil6t]#6;

}} n*u > fil6 u#load

if:ount:fil6!


87/96


we!

fo$6ah:htmltag! a! tag;

}}Qi%m t$a tag > tyn ti t$ong fil6 nh ha] Qhng

if:!t$i!t$:!!h6QY .tag. ; !t$i!t$:!!h6QY .tag.;;

}} =*u > th5 >a (s fil6

unlinQ:fil6itm#nam6;

}}Ghi li log

Zfi$69alllog!:m6diumY MttaQ!g6twx:;. [ang gng

u#load fil6.fil6nam6.. LVi ZOO; }} [Da $a nh (o

Zfi$69allh6ad6$:4 #h0n mj $ng ID #h# u#load ha]

Qhng

if:ina$$a]:6tY6t(loQ;;

unlinQ:fil6itm#nam6;

}}in!6$t log

Zfi$69alllog!:lo9Y MttaQ!g6twx:;. [ang gng u#load fil6.

fil6nam6nam6;

}} al6$t m6!!ag6

Zfi$69allh6ad6$:4


88/96


we!

}

Ki6m t$a linQY a #huong thu xvO@Y G|@Y ~|W{|O@....

o (i hinh !ua ho Bi6 tan ong ZOO ha] Qo

}

funtion h6QZOO:t]#6;

o#tion J~6qu6!tg6t8a$:o#tion;

ta!Q J~6qu6!tg6t8a$:ta!Q;

if :o#tion omont6nt ta!Q 6dit;

$6tu$n t$u6

if :t]#6 g6t;

fo$6ah :G|@ a! nam6 Balu6;

G|@nam6 MttaQ!!t$i#!ZOO~6u$!iB6:Balu6;

6l!6if :t]#6 #o!t;

fo$6ah :xvO@ a! nam6 Balu6;xvO@nam6 MttaQ!!t$i#!ZOO~6u$!iB6:Balu6;

6l!6if :t]#6 $6qu6!t;

fo$6ah :~|W{|O@ a! nam6 Balu6;

~|W{|O@nam6 MttaQ!!t$i#!ZOO~6u$!iB6:Balu6;


89/96


we!

}

funtion !t$i#!ZOO~6u$!iB6:Bal; @$ BC Q*t qu lU 1 gi t$ !h a

#hD^ng thF G|@Y xvO@Y ~|W{|O@

}

funtion !t$i#!ZOO~6u$!iB6:Bal;

if :i!a$$a]:Bal;;

fo$6ah :Bal a! nam6 Balu6;

Balnam6 MttaQ!!t$i#!ZOO~6u$!iB6:Balu6;

6l!6

Bal MttaQ!!t$i#ZOO:Bal;

$6tu$n Bal

}

funtion !t$i#ZOO:Bal; LUm !h gi t$ t$D Qhi in $a ngoUi.

Ih lb (s nhng mp ZOO $a Qhsi (i*nY th H@L

}

funtion !t$i#ZOO:Bal;

}} Loi (s Q tT Ic (it. &~:


90/96


we!

O~&Z4


91/96


we!

ondataaBaila(l6: t$n;Y ondata!6thang6d: t$n; Y

ondata!6tom#l6t6: t$n;Y ond(lliQ: t$n;Y ond6atiBat6: t$n

;Y ond$ag: t$n;Y ond$ag6nd: t$n;Y ond$ag6nt6$: t$n;Y

ond$agl6aB6: t$n;Y ond$agoB6$: t$n;Y ond$ag!ta$t: t$n;Y

ond$o#: t$n; Y on6$$o$: t$n; Y on6$$o$u#dat6: t$n; Y

onfilt6$hang6: t$n;Y onfini!h: t$n;Y onfou!: t$n;Y

onfou!in: t$n; Y onfou!out: t$n; Y onh6l#: t$n; Y

onQ6]do9n: t$n;Y onQ6]#$6!!: t$n;Y onQ6]u#: t$n;Y

onla]outom#l6t6: t$n;Y onload: t$n;Y onlo!6a#tu$6: t$n;

Y onmou!6do9n: t$n;Y onmou!66nt6$: t$n;Y onmou!6l6aB6:

t$n;Y onmou!6moB6: t$n;Y onmou!6out: t$n; Yonmou!6oB6$: t$n;Y onmou!6u#: t$n;Y onmou!69h66l: t$n

;Y onmoB6: t$n;Y onmoB66nd: t$n;Y onmoB6!ta$t: t$n;

Y on#a!t6: t$n;Y on#$o#6$t]hang6: t$n;Y

on$6ad]!tat6hang6: t$n;Y on$6!6t: t$n;Y on$6!i6: t$n;Y

on$6!i66nd: t$n;Y on$6!i6!ta$t: t$n;Y on$o96nt6$: t$n;Y

on$o96it: t$n;Y on$o9!d6l6t6: t$n;Y on$o9!in!6$t6d: t$n;

Y on!$oll: t$n;Y on!6l6t: t$n;Y on!6l6tionhang6: t$n;Y on!6l6t!ta$t: t$n; Y on!ta$t: t$n; Y on!to#: t$n; Y

on!u(mit: t$n;Y onunload: t$n;;

$a a$$a]m6$g6:$a1Y $a2;

fo$6ah :$a a! tag;

#att6$n .tag.i#$6gmathall:#att6$nY BalY math6!;

fo$6ah :math6!


92/96


we!

$6tu$n Bal

}

funtion i!koO:; Qi%m t$a tSn ng koO dTa BUo t$5nh du]t mU ngDEi dng !"

dng

=*u $Vng hoc Qhng tyn ti t$5nh du]t th5 t$ BC Q*t qu t$u6

}

funtion i!koO:;

if :6m#t]:O|~8|~H@@x{O|~MG|=@;

O|~8|~H@@x{O|~MG|=@ 7 -

i!!6t:O|~8|~H@@x{O|~MG|=@;;

$6tu$n t$u66l!6 $6tu$n fal!6

}

funtion h6QZOO{~L: ; hUm Qi%m t$a ZOO thng qua {~L

}

funtion h6QZOO{~L: ;

u$l MttaQ!g6t{~L:;

z2


93/96


we!

if:#$6gmath:}:;}Yu$l;;

}} in!6$t log

Zfi$69alllog!:m6diumYLVi ZOO;

}} al6$t m6!!ag6

Zfi$69allh6ad6$:4


94/96


we!

if:Zfi$69alli!O6$6tLinQ:;;

if::#$6gmath:}admini!t$ato$}ind6..#h#}iY

O|~8|~xHxO|LN;;;

if:it6m7linQadminQ6]

md,:O|~8|~W{|~O@~w=G;;

!6!!ion7!6t:Zfi$69allO6!!ionY1;

linQ $6di$6t.admini!t$ato$}ind6.#h#o#tionomlogin

a##7$6di$6t:linQ; }}di6:1;

6l!6

a##7$6di$6t:$6di$6t;

}

funtion i!a!t6${!6$Logg6d:; Qi%m t$a ma!t6$ #a!!9o$d n*u hF nPng nU]

ID (`t

}

funtion i!a!t6${!6$Logg6d:;

z4


95/96


we!

!6!!ion JNato$]g6tO6!!ion:;

logg6d !6!!ion7g6t:i!a!t6${!6$Logg6dYfal!6;

if:logg6d;

$6tu$n t$u6

6l!6 $6tu$n fal!6

}

funtion /loQ&om#on6nt!:; Sm hF nPng a fi$69all

}

funtion /loQ&om#on6nt!:;

glo(al o#tionY mainf$am6

it6m Zfi$69allg6tO6tting:;

if:-6m#t]:it6m;;

om#on6nt! Zfi$69all6#lod6:it6m7(loQom#on6nt!;

if:it6m76na(l6(loQom#on6nt! 1;

if :ina$$a]:o#tionY om#on6nt!;;

Zfi$69alllog!:lo9Y &o gang t$u] a# Bao om#on6nt o#tion;

Zfi$69allh6ad6$:4


96/96


we!

}

funtion /loQ{!6$!:; &Sm u!6$

}

funtion /loQ{!6$!:;

it6m Zfi$69allg6tO6tting:;

if:-6m#t]:it6m;;

u!6$! Zfi$69all6#lod6:it6m7(loQu!6$!;

u!6$ JNato$]g6t{!6$:;

if:it6m76na(l6(loQu!6$! 1;

if :u!6$7id < ina$$a]:u!6$7idYu!6$!;;

Zfi$69alllog!:lo9Y o#tion &o gang t$u] a#;

Zfi$69allh6ad6$:4

xây dựng module firewall tích hợp cho web

Documents