We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

Nowadays, transacting business through E-commerce platform has become an important business trading way in modern society. E-commerce has been applied to literally every aspect of our society. The requirements of users are variable, different methods are in need of realizing E-commerce, even the deployment platforms are different. The JSP, ASP, HTML and other traditional scripting language has become unable to meet the needs of designing a complex system, even if it has been realized, the coupling between codes, the configuration environment and system deployment dependency fall far short of various requirements of users. It is a highly skilled work which demands good conception of beauty and much professional knowledge of the program designers. However, it is difficult to fulfill the needs in reality.
Read the rest of this entry »

• 0 Comments

The .NET framework was designed to be the “lingua franca” for Windows development, with the expectation that it will set a new standard for building integrated software for Windows. However, it is inevitable that there is a time lag before .NET is fully adopted and existing applications are recoded. In particular, there is a large body of legacy code that will likely never be rewritten in .NET. To address this situation, Microsoft provides attributes, assembly, and marshaling. At the Numerical Algorithms Group (where I work), our particular interest in using these techniques is to utilize numerical software developed in C from within the .NET environment. Because C# is the premier .NET language, the examples I present here are in C#. While I use an example of data types that are current in the NAG C Library, the techniques I present are general enough for calling unmanaged code written in C from C# directly.
Read the rest of this entry »

• 0 Comments

Object data allows you to create a simple database in a map and store text and numeric data in your maps directly attached to any object. It is far more powerful than block attributes because object data works with any object, not just blocks. Use object data tables to save any kind of information, run queries based on information in the tables and to create thematic maps. Object data can associate an object with documents from other applications. However, Autodesk Map works with object data created only in Autodesk Map and does not recognize object data from other applications, including AutoCAD®.
Read the rest of this entry »

• 0 Comments

So - you are wrapping up development of yet another Web app. The database is in place, CRUD functions are working, user interface and reports have been signed off. Now your thoughts are turning to access control. Just enough time to splice in that trusty user authentication and roles module, make a few tweaks and move on to the next project. Wait! Do you really want to contribute yet another authorization stovepipe to the growing forest? We all curse the proliferation of authentication and authorization “solutions” on the Web. Yet we continue to treat access control as an after thought.
Read the rest of this entry »

• 0 Comments

Data visualisation has been defined as: The set of techniques used to turn a set of data into visual insight. It aims to give the data a meaningful representation by exploiting the powerful discerning capabilities of the human eye. Part 1 of this briefing paper will highlight some examples of new collaborative web services using Web 2.0 technologies which venture into the numeric data visualisation arena. These mashups allow researchers to upload and analyse their own data in ‘open’ and dynamic environments. Broadly speaking the numeric data being referred to could be micro-data (data about the individual), macro-data or country-level data, derived or summary data.
Read the rest of this entry »

• 0 Comments

This Illustrated Roadmap was designed to help the Computer Coordinator customize GradeQuick for their school and for teachers to make further customizations that will affect only their files. The Illustrated Roadmap will also assist teachers through various GradeQuick features and will serve as an easy reference to guide teachers through the school year using GradeQuick.
Read the rest of this entry »

• 0 Comments

Berkeley Madonna is a program that numerically solves systems of ordinary differential equations (ODEs) and difference equations. It was originally developed to execute models written in STELLA® more quickly. Over time, we added our own unique features which have made Berkeley Madonna into a fast, self-contained, and easy-to-use modeling tool. Berkeley Madonna is available for both Macintosh and Windows platforms. While these versions are mostly identical, there are some differences which are noted throughout this guide with the notation [Macintosh] or [Windows].
Read the rest of this entry »

• 0 Comments