Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Read the rest of this entry »

• 0 Comments

The 1,000,000 plant specimens stored at the National Herbarium of New South Wales are a major resource used by scientific botanists to confirm the identification of plants. The Digital Imaging project will provide an Internet- accessible electronic image bank of the herbarium collections. These data will be managed in the NSW collections database system. The images will be accessible through PlantNET on the RBG website. The first phase of the project will include all NSW native (including rare and endangered) and weedy species, subspecies and varieties. This web based database will provide a resource that can be used to confirm plant identifications by the community. This project will link images and enhance the continuing development of the EucaLink, WattleWeb and other similar projects that are part of PlantNet. It is also closely coordinated with the national Australia’s Virtual Herbarium (AVH) project being undertaken by all herbaria in Australia.
Read the rest of this entry »

• 0 Comments

As already mentioned in the short summary above the scenario used for this collaboration brief deals with two key components: Microsoft Active Directory and SAP Central User Administration. Active Directory, being the integrated, distributed directory service included with Microsoft Windows Server 2003 and Microsoft Windows 2000 Server, provides a central user repository used to centrally maintain user data, thus avoiding the redundant, error-prone maintenance of user information in several systems. Most organizations already use Active Directory to organize and manage information about all kinds of their different resources like users, computers, applications and so on.
Read the rest of this entry »

• 0 Comments

A number of new geospatial viewing tools from major players in the Internet industry have recently appeared on the scene and are taking the geospatial world by storm. Google,Yahoo, Microsoft, and Amazon have all released web-based mapping tools in the recent past, and collectively these new players to the industry have raised the bar for Internet mapping. Although their functional capabilities don’t provide anything we haven’t seen in web offerings from traditional GIS vendors, their emergence has been significant in that they have managed to capture a wider audience. Google, in particular, has emerged as the leader of this pack with it’s recently released Google Maps product which provides a slick, highly responsive visual interface built using AJAX technologies along with detailed street and aerial imagery data, and an open API allowing customization of the map output including the ability to add application specific data to the map.
Read the rest of this entry »

• 0 Comments

BioTeam first became interested in Univa UD’s software efforts after hearing Univa CTO Steve Tueckespeak in Regensburg, Germany at the 2007 Grid Engine workshop. Shortly after that event Univa formally became Univa UD after merging with United Devices. At the time, Steve’s company seemed to be one of the few companies positioning themselves to offer full support and professional services encompassing commonly used open source products such as Sun Grid Engine that BioTeam often works with in the field. Individually these popular open source resources are relatively easy to acquire but Univa UD seemed to be making an interesting effort to become the one stop shop for a fully supported and integrated set of commonly required tools and technology.
Read the rest of this entry »

• 0 Comments

Despite significant efforts in the field of Autonomic Computing, system operators will still play a critical role in administering Internet services for many years to come. However, very little is know about how system operators work, what tools they use and how we can make them more efficient. In this paper we study the practices of operators in a large-scale Internet service Amazon.com and propose a new set of tools for operators. The first tool lets the operators explore the health of system components and dependencies between them; the other monitors the actions of operators and automatically suggests solutions to recurring problems.
Read the rest of this entry »

• 0 Comments

Many developers have learned to use PHP over the years because it’s a good solution for creat- ing Web pages and the price is right. The PHP acronym is like many other new acronyms for the Internet—the acronym is recursive (refers back to itself). PHP stands for PHP Hypertext Processor. This general-purpose HTML scripting language works much like ASP (see Chapter 6) or other page description languages you might have used. Essentially, you mix HTML with scripting information. When the PHP process sees HTML, it sends the text directly to the user. It processes any scripting information, and passes the resulting HTML to the user as well.
Read the rest of this entry »

• 0 Comments

This How To shows you how to create and configure a custom least-privileged service account to run an ASP.NET Web application. By default, an ASP.NET application on Microsoft Windows Server 2003 and IIS 6.0 runs using the built-in Network Service account. In production environments, you usually run your application using a custom service account. By using a custom service account, you can audit and authorize your application separately from others, and your application is protected from any changes made to the privileges or permissions associated with the Network Service account. To use a custom service account, you must configure the account by running the Aspnet_regiis.exe utility with the -ga switch, and then configure your application to run in a custom application pool that uses the custom account’s identity.
Read the rest of this entry »

• 0 Comments