Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Read the rest of this entry »

• 0 Comments

The rise of the software-as-a-service paradigm has led to the development of a new breed of sophisticated, interactive applications often called Web 2.0. While web applications have become larger and more complex, web application developers today have little visibility into the end-to-end behavior of their systems.
Read the rest of this entry »

• 0 Comments

Preparing a policy or procedure document for UC Santa Cruz’ InfoSlug on-line policy and procedure system is not as mysterious or difficult as you might think. This guide is designed to explain the campus’ policy and procedure framework, to help policy and procedure owners organize their written documentation, and to act as a resource as they navigate the approval process. You will find the information in this “how to” guide helpful if you are responsible for formulating or documenting new or existing policies and procedures.
Read the rest of this entry »

• 0 Comments

This guide is for customers who want to upgrade PureMessage for Microsoft Exchange as follows:
? From version 2.6.1 to version 3.0.x.
? From version 3.0 to version 3.0.x.
The guide tells you:
? What’s new.
? Where to find system requirements.
? How to upgrade on a non-clustered server.
? How to upgrade on clustered servers.
? How to navigate to common menu options in the new version.
? How to contact technical support.
Read the rest of this entry »

• 0 Comments

Concurrent programming is still challenging and difficult. “Since concurrency techniques have become indispensable for programmers who create highly available services and reactive applications, temporal dimensions of correctness introduced by concurrency, i.e., safety and liveness, are central concerns in any concurrent design and its implementation” [Lea 98]. And without expert guidance and concurrent design-pattern description, they’re expected to occasionally fail. Thus providing significant examples and paradigms for teaching good and correct style is of prime importance.

Learning concurrency paradigms is necessary but it is not sufficient. The choice of the run-time semantics must be known since it may introduce subtle design and programming errors. It is the aim of this paper to exemplify the importance of process queuing and awaking policies (whether processes are named threads or tasks) resulting from possible choices of the monitor concept implementation.
Read the rest of this entry »

• 0 Comments

Setting Up Mac OS X Server for the First Time 41 Getting Help for Everyday Management Tasks 41 Getting Additional Information 41 1 Administering Your Server 43 Highlighting Key Features 43 Ease of Setup and Administration 43 Networking and Security 44 File and Printer Sharing 44 Open Directory Services 45 Comprehensive Management of Macintosh Workgroups 45 High Availability 46 Extensive Internet and Web Services 46 Highlighting Individual Services 46 Directory Services 47 Open Directory 47 Password Validation 47 Search Policies 48 File Services 48 Sharing 48 Apple File Service 49 Windows Services 49 Network File System (NFS) Service 49 File Transfer Protocol (FTP)
Read the rest of this entry »

• 0 Comments