Image storing in MYSQL
-
Upload
dharshan-raj -
Category
Documents
-
view
216 -
download
0
Transcript of Image storing in MYSQL
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 1/25
Government Engineering College, Hassan 573 201Visvesvaraya Technological University (VTU), Belgaum
Seminar on
Storing Images in MySQL Database
4GH09CS034 RAKSHITH.A.C
Under the Guidance of
Mr.Raghu.M.EB.E.M.Tech.
Associate ProfessorDept. of Computer Science & Engineering
Govt.Engneering College, Hassan
Department of Computer Science & Engineering
Govt. Engineering College, Hassan
Feburuary 2013
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 2/25
Government Engineering College, Hassan 573 201
Visvesvaraya Technological University (VTU), Belgaum
Certificate
Certified that the Seminar titled Storing Images in MySQL Database is a bonafide
work carried out by Rakshith.A.C (4GH09CS034) of the Student in partial fulfillment for
the award of Bachelor Degree in Computer Science and Engineering during the year 2012-
13. It is certified that the Seminar topic Storing images in MySQL Database has
been reported and presented satisfactorily. The report has been approved as it satis-
fies the academic requirements in respect of Technical seminar work prescribed for the
Bachelor of Engineering Degree.
Guide
Mr.Raghu.M.E
Associate Professor
Dept.of CS & E
GEC, Hassan 573 201
Coordinator
Mr.Raghu.M.E
Associate Professor
Dept.of CS & E
GEC, Hassan 573 201
Head of the Department
Dr.K.C.Ravishankar
Professor and Head
Dept.of CS & E
GEC, Hassan 573 201
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 3/25
Acknowledgement
“Acknowledgement - At the outset I express my most sincere grate-
ful thanks to my Seminar Guide, Mr.Raghu.M.E,Associate Professor,
Department of CS & E,GECH, for his continous support and advice not
only during the course of my seminar but also during the period of our stay
in GECH.
I express my gratitude to Dr. K. C. Ravishankar, Professor and Head,
Department of CS & E,GECH for his encouragement and support through-
out my work.
I wish to express my thanks to beloved Dr. Karisiddappa, Principal,GECH for encouragement throughout my studies.
I wish to express my thanks to beloved Mr.Annaiah.H,Assistant Pro-
fessor,Department of CS & E,GECH for encouragement throughout my
seminar.
Finally I express my gratitude to all teaching and non-teaching staff of Dept.
of CSE, Fellow classmates and my parents for their timely support and sug-gestions.
Rakshith.A.C
i
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 4/25
Table of Contents
Table of Contents ii
Abstract iv
1 Introduction 11.1 ADVANTAGES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 DISADVANTAGE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 VPN TYPES 3
2.1 REMOTE ACCESS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2.2 SITE-TO-SITE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
3 TUNELLING 5
3.1 PRIVATE NETWORKS . . . . . . . . . . . . . . . . . . . . . . . . . . . 63.2 OUTSOURCE A PRIVATE SITE . . . . . . . . . . . . . . . . . . . . . . 6
3.3 SHARE AN OUTSOURCED SITE . . . . . . . . . . . . . . . . . . . . . 7
3.4 OUTSOURCE A PRIVATE ACCESS SERVER . . . . . . . . . . . . . . 7
3.5 SHARE AN OUTSOURCED ACCESS SERVER . . . . . . . . . . . . . 9
3.6 STANDARDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.7 RFC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.8 INTERNET DRAFTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.9 FIREWALLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113.10 ENCRYPTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.11 IPSEC PROTOCOL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.12 IPSEC FAVOURING FOR A SECURE SYSTEM . . . . . . . . . . . . . 12
3.13 AAA SERVER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4 HOW IT WORKS 14
5 Applications 16
5.1 Site-to-Site VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165.2 Site-to-Site VPNs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
ii
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 5/25
5.3 Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
5.4 Industries That May Use a VPN . . . . . . . . . . . . . . . . . . . . . . 16
6 CONCLUSION 18
References 19
iii
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 6/25
Abstract
This seminar is an introduction to using the blob column data type in
MySQL. The concept is introduced by familiarising users with storing images
in a MySQL table. Definitely a controversial topic in PHP-land, but at least
knowing how to do it will help you make a decision on whether or not its for
you. This argument continues to rage and many lives have been lost trying
to prove that this is a Bad Idea. The facts are, this method of binary storage
is very successful and has many advantages over filesystem storage. Some
advantages are: Referential integrity,Ease of backup,Saving of Inodes,Easy
categorisation,Central point of operations.
Many of the sayers will have you believe that storing of images or otherbinary data creates too much overhead. A large database can be stored on
a RAW partition and in fact be faster as it has no filesystem overhead to
contend with. Some would say that access is slow when SELECTing from
the database.The three methods of access for an image:Access image from
file,Store image in filesystem and store the url in the database,Store the image
in the database.
iv
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 7/25
Chapter 1
Introduction
The world has changed a lot in the last couple of decades.Instead of simply dealing with
local or regional concerns, many businesses now have to think about global markets and
logistics. Many companies have facilities spread out across the country or around the
world, and there is one thing that all of them need: A way to maintain fast, secure and
reliable communications wherever their offices are.Until fairly recently, this has meant
the use of leased lines to maintain a wide area network (WAN). Leased lines, ranging
from ISDN (integrated services digital network, 128 Kbps) to OC3 (Optical Carrier-3,
155 Mbps) fiber, provided a company with a way to expand its private network beyond
its immediate geographic area. A WAN had obvious advantages over a public network
like the Internet when it came to reliability, performance and security. But maintaininga WAN, particularly when using leased lines, can become quite expensive and often rises
in cost as the distance between the offices increases.
As the popularity of the Internet grew, businesses turned to it as a means of extending
their own networks. First came intranets, which are password-protected sites designed
for use only by company employees
A simple VPN model is shown below.
1.1 ADVANTAGES
The primary advantage of a VPN is that it cut cost.Compared to the traditional WAN,VPN
are a cheap way to build global networks,It partially eliminates the modem banks,access
server,phone lines and other types of hardware organizations must install to provide re-
mote access to traditional private networks.To connect two far flung networks,all that is
the dedicated link or backbone between these two networks.Since the Internet is a public
network,cost are shared by all Internet users,resulting in low access cost.
1
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 8/25
STORING IMAGES IN MySQL DATABASE Chapter 1
Another advantage is that network expansion becomes a function of how quickly
one can get a leased data connection to the nearest ISP.For the sharing of networked
resources by business partners is facilitated since the question of incompatible system is
already addressed in the Internet.Remote entry by authorized users with Internet access
is possible.
A well-designed VPN can benefit a company by the following factors.Extend geo-
graphic connectivity;Improve security; Reduce operational costs versus traditional WAN;
Reduce transit time and transportation costs for remote users; Improve productivity;
Simplify network topology; Provide global networking opportunities; Provide telecom-
muter support; Provide broadband networking compatibility and Security.
And forall practical purposes a VPN is a transparent as a traditional WAN.Whatever
can be done on a WAN can be done and a VPN
1.2 DISADVANTAGE
If the level of security provided is insufficient,then it can be hazardeous.Since VPN is
connected to the public network-Internet,it is prone to be hacked.Though all the network
have some basic security-user authentication thru password verification that prevents
such access,they are often insufficient.
Therefore two key security issues are protecting the network from breaking and also
protecting the integrity of data being transmitted and validate the identity of the userover the Internet.This can be achieved by using a combination of encryption, host au-
thentication and protocol tunneling.
Dept Of CS & E, GEC, Hassan 2
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 9/25
Chapter 2
VPN TYPES
We all know WAN is simply the collection of local area networks,each located in geograph-
ically diverse locations connected to each other to form a single network. Leased lines
which were initially used though forms a private network,it ought to be expensive.But
VPN,using the power of the public medium,it helped to create a private connection called
tunnel to switch data from one geographical location to the other.
A VPN provides network to network or remote user to network connectivity via the
encrypted tunnel.Datas must be encapsulated in a IP packet before it can be sent across
a VPN.Network users use various encryption and authentication schemes to provide secu-
rity. Some VPN require specialized hardware,while some may require specialized software
or some both that adds VPN capabilities to firewall,server or router.Since VPN depends critically on the Internet,ISP becomes drivers of VPN technol-
ogy.Therefore organization using VPN becomes dependent on the ISP.If ISP faces band-
width limitation or technical difficulties,the VPN will also face the same.
VPN can be of following types:
• REMOTE ACCESS
• SITE TO SITE
2.1 REMOTE ACCESS
Also called a virtual private dial-up network (VPDN), this is a user-to-LAN connection
used by a company that has employees who need to connect to the private network from
various remote locations. Typically, a corporation that wishes to set up a large remote-
access VPN will outsource to an enterprise service provider (ESP). The ESP sets up a
network access server (NAS) and provides the remote users with desktop client software
for their computers. The telecommuters can then dial a toll-free number to reach theNAS and use their VPN client software to access the corporate network.
3
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 10/25
STORING IMAGES IN MySQL DATABASE Chapter 2
A good example of a company that needs a remote-access VPN would be a large firm
with hundreds of sales people in the field. Remote-access VPNs permit secure, encrypted
connections between a company’s private network and remote users through a third-party
service provider.
2.2 SITE-TO-SITE
Through the use of dedicated equipment and large-scale encryption, a company can
connect multiple fixed sites over a public network such as the Internet. Site-to-site VPNs
can be either:
Intranet-based - If a company has one or more remote locations that they wish to join
in a single private network, they can create an intranet VPN to connect LAN to LAN.
Extranet-based - When a company has a close relationship with another company
(for example, a partner, supplier or customer), they can build an extranet VPN that
connects LAN to LAN, and that allows all of the various companies to work in a shared
environment.
The following is the examples of the three types of VPN.
Dept Of CS & E, GEC, Hassan 4
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 11/25
Chapter 3
TUNELLING
Virtual Private Network protect tunelled data through a combination of encryption,mutual
host authentication and protocol tunelling.One of the most basic method of protecting
transmitted data is encryption.This involves scrambling the transmitted data using math-
ematical formula,so that even though the data transmission may be intercepted, it cannot
be recovered without the correct key.
Encryption can be either hardware enabled through network devices like routers or
through software.While in the case of software,encryption takes place when you correct
through the tunneling protocol like PTTP,in the case of router encryption it is performed
on the fly.
One of the biggest difficulty encountered over the Internet is identifying the person ora computer at the other end of the wire.This is addressed by the authentication,a process
where the two hosts verify eachother.This can be done through the X.2509 standard digital
certificate which exchanges electronic signatures between the two parties.This electronic
signature is then verified by a trust third party,usually a public-certifying authority or
the company‘s own certificate server.
Alternatively,the host can also verify each other using protocols like Secure Shell(SSH).In
this case the hosts exchange two keys,a host key and a server key.The receiving computer
compares the host key with the keys inthe database. If the keys checks out,the computerat the other end is validated as a genuine case.The PC then generates a session key using
the host an the server key which is used to encrypt data transmission between the two
computers.To ensure a high level of protection,the server key is changed on an hourly
basis.
Finally there is a protocol tunneling.When data is transmitted on a network in the
form of packets,the header-which gives information on the packet source,destination and
number of packets transmitted- is in text format.The information can be used by hackers
to gain access to either the system or the data being transmitted.Protocol tunneling
takes data packets,encrypts them and then encapsulates them again in another clear
5
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 12/25
STORING IMAGES IN MySQL DATABASE Chapter 3
text packet.This ensures that even if data transmission is intercepted the original header
information is not available.Once these packets reach their destination,a router equipped
with encryption and decryption capabilities decrypts the packet restoring the original
data packets.
3.1 PRIVATE NETWORKS
The too old trend or large companies to have own fully private dial in networks(completely
with modem banks,access servers and technical service personnel deployed at each com-
pany sites is being reversed as the presence of Internet access site makes it attractive to
use the resources offered by the Internet service providers(ISP).Such outsourcing allows
employees to dial-in to an access server at a nearby ISP site and send packets over the
Internet router for delivery to their Co. home networks.The very router vendor who
provide VPN tunnels between permanent Co. sites are also competing for the stage to
provide VPN tunnels for dial-in users as well.But they are handicapped in the solution
they can offer because they model tunnels as router-to-router constructs though there‘s
no router at the user end.If these vendors are to have a share in the outsourcing of a
company‘s dial-in service,this has to be achieved using one of the following models:
• Outsource a private site
•
Share an outsourced site
• Outsource a private access server
• Share an access server
3.2 OUTSOURCE A PRIVATE SITE
A company desiring to outsource its access responsibility can ask an ISP to manage a
site for it.ISPs themselves generally put their own dial-up equipment in the locations
are termed as points of presence(POP).Under this model,a company may enter into a
contract with the ISP to establish private POPs for its employees.This really moves the
company‘s private dial-up equipment to the site which is managed by the ISP.
If the resources of a POP are dedicated to a single company,then the POP is not
different from a remote company site,and therefore the same routing equipment used at
the company‘s headquarters can be used at the POP.Since the site is private,all packets
at the site can be in the clear.Tunnels only run between the router at the POP and the
router at the company‘s headquarters.
This approach offloads the access responsibility to the ISP, but it is likely to be more
expensive than any other option because equipment cost are not shared.It has the furtherDept Of CS & E, GEC, Hassan 6
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 13/25
STORING IMAGES IN MySQL DATABASE Chapter 3
disadvantage that it require private facilities at as many POP as needed to provide local
access to employees. Such an arrangement also locks employees.
Finally, an ISP has to manage a list of authorized user name and password on behalf
of the company to help control access to the private site.All this necessitates that a very
close relationship exists between the outsourcing company and the ISP for this model to
succeed.In this model,if the company employees want to simultaneously access company
and Internet resources,they tunnel to the company ,and then venture out to the Internet
as though they were initiating contact from their place of work.
3.3 SHARE AN OUTSOURCED SITE
This model is an extension of the previous one in that a number of companies enter into
a contract with an ISP to avail of the latters access service not privately, but in a shared
manner. The major benefit, of course. is the resulting cost saving for the outsourcing
company. In this model, we presume that each company using the shared site provides a
router to tunnel its private traffic back to its headquarters.
If the equipment at the POP is not dedicated to a single company, the shared access
server and LAN element need to be trusted, since company packets will be vulnerable on
their way to and from the companys dedicated router. Such packets are exposed to ISP
personnel at the site, and are subject to routing misadventures that expose them more
generally to the entire Internet, and in particular to other companies who have their ownencrypting routers on the POPs shared LAN. If access servers are shared then user and
password databases will be co-mingled at the site, and the access server software will
have to be careful enough to direct all packets from a given dial-in port to the one and
only one tunneling router. If packets go through the wrong tunnel, They will end up at
the wrong headquarters.
In this model, users cannot go through their tunnel to work, and then on to the
Internet without running the risk that their return packets will be routed back through
a wrong tunnel. This means that an Internet access all tunneling routers at the siteare exposed to an arbitrary Internet packet traffic. This makes security considerations
a major issue for outsourcing companies, and hence this model is not workable in many
scenarios.
3.4 OUTSOURCE A PRIVATE ACCESS SERVER
The previous models are not very attractive in that they are expensive, restrictive, and in
some cases not very secure. They treat the ISP as a trusted extension of the outsourcing
company. Though site outsourcing may make sense in certain situations, it is not likely
Dept Of CS & E, GEC, Hassan 7
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 14/25
STORING IMAGES IN MySQL DATABASE Chapter 3
to become a common practice. Site outsourcing may not be favoured by router vendors,
except when they can sell a bunch of new routers to ISPs. All this brings us to another
approach.
Instead of beginning the tunnel at the site router on behalf of all access servers with
the ISP, it should be possible to begin a tunnel at each access server. This way, packets
received at a dial-in port can be encrypted and encapsulated, and thus enter the tunnel
before leaving the server so that they are never in the clear on the ISP LAN. Placing the
tunnel function in the access server is such a compelling improvement over the earlier two
models that it has received a focalattention of all vendors. It has also provided the impetus
for many new or proposed standards that may offer a multivendor interoperability for
server-router tunnels.
This model assumes that an outsourcing company asks an ISP to deploy some access
servers at each POP, and dedicate them for the companys employees. The phone numbersof these dedicated resources are made available only to company personnel. Of course,
the ISP must know employee names and passwords so as to guard access to these servers,
but if the servers are effectively protected, the company does not have to worry about
uses on other servers getting into one of their tunnels. Under this scheme, new codes are
required for both access servers and the HQ (headquarters) router.
This is because, among other things, there is more than one tunnel from all ISP sites.
The router itself becomes just another dial-in server, having logical ports in place of
physical ports. Each tunnel terminates at one of the routers logical ports, and from therethe de-encapsulated, decrypted packets are gated on to the company LAN. To distinguish
such a logical access server from routers, an increasingly popular term home gateway is
being used. Almost all of these server-to-home gateway tunneling schemes are direct
outgrowths of ubiquitous PPP (point-to point protocol) schemes used for exchanging
packets between desktops and access servers over telephone lines.
In tunneling schemes, the access server and the home gateway assume the roles played
in PPP by the dialing desktop and the dialedaccess server respectively. Tunnel protocols
allow for the user name and password originally collected by the ISP to be forwarded
to the home gateway so that the company can perform user authentication if it wants
to. However, the access server must not only perform the new tunnel functions, but also
IPX and Appletalk encapsulation functions (these funny packets must be handled on
the PPP link with the user. but are encapsulated in IP packets so that they never hit
the ISP LAK). Also the company itself must worry about providing full service desktop
software to all its employees as before. It is possible for employees to have two different
accounts with the ISP so that they can alternately receive tunnel, or clear Internet service.
Current approaches do not offer a way to support both tunnelled and clear traffic services
simultaneously.
Dept Of CS & E, GEC, Hassan 8
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 15/25
STORING IMAGES IN MySQL DATABASE Chapter 3
3.5 SHARE AN OUTSOURCED ACCESS
SERVER
Because the new access servers are able to establish tunnels on behalf of each dial-in
port, there is no reason why each tunnel cannot go to a different home gateway. Home
gateways can be selected on the basis of user identity as authenticated by the ISP, and
so tunnels from a single access server can go to different companies at the same time.
Economy apart, this functionality is not necessarily any better than the prior scheme,
and may be inferior in many ways. For example. in this model, company authentication
data does need to be held by the ISP, and access servers need to be trusted more than
ever before. In additionuntil tunneling protocols are truly interoperable, it may not be
possiblefor access serves from vendor A to talk to home gateways from vendor B. This
implies many constraints for ISPs in the deployment of servers and allocation of phone
numbers, modem types, etc
chapterVPN PROTOCOLS
The term VPN has taken on many different meanings in recent years. VPNC has a white
paper about VPN technologies (PDF format) that describes many of the terms used in
the VPN market today. In specific, it differentiates between secure VPNs and trusted
VPNs, which are two very different technologies.
For secure VPNs, the technologies that VPNC supports are
• IPsec with encryption
• L2TP inside of IPsec
For trusted VPNs, the technologies that VPNC supports are:
• MPLS with constrained distribution of routing information.
IPsec is by far the most dominant protocol for secure VPNs. L2TP running under IPsec
has a much smaller but significant deployment. For trusted VPNs, the market is split on
the two MPLS-based protocols.
3.6 STANDARDS
The various VPN protocols are defined by a large number of standards and recommenda-
tions that are codified by the Internet Engineering Task Force (IETF). There are many
flavors of IETF standards, recommendations, statements of common practice, and so on.
Some of the protocols used in IPsec are full IETF standards; however, the others are
often useful and stable enough to be treated as standard by people writing IPsec soft-ware. Neither of the trusted VPN technologies are IETF standards yet, although there
Dept Of CS & E, GEC, Hassan 9
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 16/25
STORING IMAGES IN MySQL DATABASE Chapter 3
is a great deal of work being done on them to get them to become standards.
3.7 RFCThe IETF codifies the decisions it comes to in documents called ”Requests For Com-
ments”. These are almost universally called by their acronym ”RFCs”. Many RFCs are
the standards on which the Internet is formed.
The level of standardization that an RFC reaches is determined not only by how good
the RFC is, but by how widely it is implemented and tested. Some RFCs are not solid
standards, but they nonetheless document technologies that are of great value to the
Internet and thus should be used as guidelines for implementing VPNs. For the purpose
of defining VPNs, any protocol that has become an IETF Request For Comments (RFC)
document can be treated as some what of a standard. Certainly, any IPsec-related RFC
that has been deemed to be on the IETF ”standards track” should certainly be considered
a standard.
3.8 INTERNET DRAFTS
Before a document becomes an RFC, it starts out as an Internet Draft (often called ”IDs”
or ”I-Ds”). IDs are rough drafts, and are sometimes created for no other benefit thanto tell the Internet world what the author is thinking. On the other hand, there is often
very good information in some IDs, particularly those that cover revisions to current
standards.
Some Internet Drafts go along for years, but are then dropped or abandoned; others
get on a fast track to becoming RFCs, although this is rare. Internet Drafts are given
names when they first appear; if they become RFCs, the I-D name disappears and an
RFC number is assigned.
It should be emphasized here that it is unwise to make any programming decisionsbased on information in Internet Drafts. Most IDs go through many rounds of revisions,
and some rounds make wholesale changes in the protocols described in a draft. Further,
many IDs are simply abandoned after discussion reveals major flaws in the reasoning that
lead to the draft.
That being said, it is worthwhile to know which IDs pertain to areas of interest. The
following is a list of the IDs that are related to Internet mail. Some of these drafts will
likely become RFCs in the months or years to come, possibly with heavy revision; some
will be merged with other drafts; others will be abandoned.
chapterVPN SECURITY
Dept Of CS & E, GEC, Hassan 10
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 17/25
STORING IMAGES IN MySQL DATABASE Chapter 3
A VPN uses several methods for keeping your connection and data secure:
3.9 FIREWALLS
A firewall provides a strong barrier between your private network and the Internet. You
can set firewalls to restrict the number of open ports, what type of packets are passed
through and which protocols are allowed through. Some VPN products, such as Cisco’s
1700 routers, can be upgraded to include firewall capabilities by running the appropriate
Cisco IOS on them. You should already have a good firewall in place before you implement
a VPN, but a firewall can also be used to terminate the VPN sessions.
If you have been using the Internet for any length of time, and especially if you work
at a larger company and browse the Web while you are at work, you have probably use
firewall. For example, you often hear people in companies say things like, I can’t use that
site because they won’t let it through the firewall.If you have a fast Internet connection
into your home (either a DSL connection or a cable modem), you may have found yourself
hearing about firewalls for your home network as well. It turns out that a small home
network has many of the same security issues that a large corporate network does. You
can use a firewall to protect your home network and family from offensive Web sites and
potential hackers.
Basically, a firewall is a barrier to keep destructive forces away from your property. In
fact, that’s why its called a firewall. Its job is similar to a physical firewall that keeps a
fire from spreading from one area to the next.
3.10 ENCRYPTION
This is the process of taking all the data that one computer is sending to another and
encoding it into a form that only the other computer will be able to decode. Most
computer encryption systems belong in one of two categories:
• Symmetric-key encryption
• Public-key encryption
In symmetric-key encryption, each computer has a secret key (code) that it can use to
encrypt a packet of information before it is sent over the network to another computer.
Symmetric-key requires that you know which computers will be talking to each other
so you can install the key on each one. Symmetric-key encryption is essentially thesame as a secret code that each of the two computers must know in order to decode the
Dept Of CS & E, GEC, Hassan 11
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 18/25
STORING IMAGES IN MySQL DATABASE Chapter 3
information. The code provides the key to decoding the message.For example: You create
a coded message to send to a friend in which each letter is substituted with the letter
that is two down from it in the alphabet. So ”A” becomes ”C,” and ”B” becomes ”D”.
You have already told a trusted friend that the code is ”Shift by 2”. Your friend gets
the message and decodes it. Anyone else who sees the message will see only nonsense.
The sending computer encrypts the document with a symmetric key, then encrypts the
symmetric key with the public key of the receiving computer. The receiving computer
uses its private key to decode the symmetric key. It then uses the symmetric key to
decode the document.
Public-key encryption uses a combination of a private key and a public key. The private
key is known only to your computer, while the public key is given by your computer
to any computer that wants to communicate securely with it. To decode an encrypted
message, a computer must use the public key, provided by the originating computer, andits own private key. A very popular public-key encryption utility is called Pretty Good
Privacy (PGP), which allows you to encrypt almost anything. You can find out more
about PGP at the PGP site.
3.11 IPSEC PROTOCOL
3.12 IPSEC FAVOURING FOR A SECURE
SYSTEM
Internet Protocol Security Protocol (IPSec) provides enhanced security features such as
better encryption algorithms and more comprehensive authentication. IPSec has two
encryption modes: tunnel and transport. Tunnel encrypts the header and the payload of
each packet ginwhile transport only encrypts the payload. Only systems that are IPSec
compliant can take advantage of this protocol. Also, all devices must use a common key
and the firewalls of each network must have very similar security policies set up. IPSec
can encrypt data between various devices, such as:
• Router to router
• Firewall to router
• PC to router
• PC to server
Dept Of CS & E, GEC, Hassan 12
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 19/25
STORING IMAGES IN MySQL DATABASE Chapter 3
3.13 AAA SERVER
AAA (authentication, authorization and accounting) servers are used for more secure
access in a remote-access VPN environment. When a request to establish a session comes
in from a dial-up client, the request is proxied to the AAA server. AAA then checks thefollowing:
• Who you are (authentication)
• What you are allowed to do (authorization)
• What you actually do (accounting)
The accounting information is especially useful for tracking client use for security auditing,
billing or reporting purposes.
Dept Of CS & E, GEC, Hassan 13
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 20/25
Chapter 4
HOW IT WORKS
To make use of the VPN, the remote user’s workstation must have the VPN client soft-
ware installed. A firewall sits between a remote user’s workstation or client and the host
network or server. When connection to the corporate network is attempted, the VPN
client software will first connect to the VPN server by means of a tunneling protocol. Af-
ter the remote computer has been successfully authenticated, a secure connection (secret
tunnel) between it and the VPN server will then be formed as all subsequent data being
exchanged through this tunnel will be encrypted at the sending end and correspondingly
decrypted at the receiving end of the tunnel. As such, the network tunnel between them,
even though established through the un-trusted Internet, is still considered secure enough
that the remote computer can be trusted by local computers on the corporate LAN.In short, you connect to the Internet through your ISP. The VPN client software on your
computer initiates a connection with the VPN server. The VPN server encrypts the data
on the connection so it cannot be read by others while it is in transit. The VPN server
decrypts the data and passes it on to other servers and resources.
For better security, many VPN client programs can be configured to require that all IP
traffic must pass through the tunnel while the VPN is active. From the user’s standpoint,
this means that while the VPN client is active, all access outside their employer’s secure
network must pass through the same firewall as would be the case while physically con-nected to the office ethernet. This reduces the risk that an attacker might gain access
to the secured network. Such security is important because other computers local to the
network on which the client computer is operating may not be fully trusted. Even with
a home network that is protected from the outside internet by a firewall, people who
share a home may be simultaneously working for different employers over their respective
VPN connections from the shared home network. Each employer would therefore want
to ensure their proprietary data is kept secure, even if another computer in the local
network gets infected with malware. And if a travelling employee uses a VPN clientfrom
a Wi-Fi access point in a public place, such security is even more important. However,
14
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 21/25
STORING IMAGES IN MySQL DATABASE Chapter 4
the use of IPX/SPX is one way users might still be able to access local resources.
Dept Of CS & E, GEC, Hassan 15
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 22/25
Chapter 5
Applications
5.1 Site-to-Site VPNs• Large-scale encryption between multiple fixed sites such as remote offices and central
offices
• Network traffic is sent over the branch office Internet connection
• This saves the company hardware and management expenses
5.2 Site-to-Site VPNs
5.3 Remote Access
• Encrypted connections between mobile or remote users and their corporate networks
• Remote user can make a local call to an ISP, as opposed to a long distance call to
the corporate remote access server.
• Ideal for a telecommuter or mobile sales people.
• VPN allows mobile workers telecommuters to take advantage of broadband connec-
tivity. i.e. DSL, Cable
5.4 Industries That May Use a VPN
• Healthcare: enables the transferring of confidential patient information within the
medical facilities health care provider
• Manufacturing: allow suppliers to view inventory allow clients to purchase online
safely16
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 23/25
STORING IMAGES IN MySQL DATABASE Chapter 5
• Retail: able to securely transfer sales data or customer info between stores the
headquarters
• Banking/Financial: enables account information to be transferred safely within de-
partments branches
• General Business: communication between remote employees can be securely ex-
changed
Dept Of CS & E, GEC, Hassan 17
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 24/25
Chapter 6
CONCLUSION
As the cost of setting up the global network is prohibitively costly for small and medium
sized business,Virtual private network offers cheap way to build WAN.The problems
accomplished by VPN concerns security and performance. The standardization of VPN
technology will lead to its wide spread use among network users A virtual private network
(VPN) allows the provisioning of private network services for an organization or orga-
nizations over a public or shared infrastructure such as the Internet or service provider
backbone network. The shared service provider backbone network is known as the VPN
backbone and is used to transport traffic for multiple VPNs, as well as possibly non-VPN
traffic. VPN provides you a secure channel between your local computer and a computer
at the remote location.The network user can access this from any part of the world provided internet connection
and accessibility to the resources is available.
18
7/29/2019 Image storing in MYSQL
http://slidepdf.com/reader/full/image-storing-in-mysql 25/25
References
[1] Ramez Elmasri,ShamKant B.Navathe,“Fundamental Database System”,Addison-
Wesley,2009.
[2] Navathe.S,“An initative approaches to Database”,Pearson,2002.
[3] Ramez Elmasri,Navathe.S,Sashidhar.N,“Database System”,Pearson,2002.
”http://www.mysql.co.in“
”http://www.xampp.co.in“
[4] Rastogi, B. K. and. Jaiswal, R. K. An introduction to MySQL -Addison Wisley-1999.
[5] ”http://www.wikipedia.org/wiki/xampp“
”http://www.wikipedia.org/wiki/mysql“
http://forums.mysql.com/
19