One of the great benefits of using Oracle products is their support for multiple programming frameworks. By supporting .NET, Java/J2EE, PHP, and C/C++ applications, all developers can use Oracle’s advanced database features, providing true flexibility for development organizations. Each of Oracle’s data access drivers is designed to maximize performance of its respective framework and to enable access to the latest database features.
Read the rest of this entry »

• 0 Comments

Application server platforms are the most important category of application platform software for most enterprises. An application server platform is infrastructure software for building Web and composite applications and, increasingly, applications based on service-oriented architecture (SOA) design principles. An application server platform integrates an application server, which manages user requests, data access, and business logic, with portal servers and integration/business process management (BPM) servers — and often additional features, as well.
Read the rest of this entry »

• 0 Comments

Web services, an emerging paradigm for architecting and implementing business collaborations within and across organizational boundaries, are currently of interest to both software vendors and scientists. In this paradigm, the functionality provided by business applications is encapsulated within web services: software components described at a semantic level, which can be invoked by application programs or by other services through a stack of Internet standards including HTTP, XML, SOAP, WSDL and UDDI [3,18]. Once deployed, web services provided by various organizations can be inter-connected in order to implement business collaborations, leading to composite web services.
Read the rest of this entry »

• 0 Comments

The SIP Servlet API is a part of JAIN APIs and being standardized as JSR116 of JCP (Java Community Process). The SIP Servlet API version 1.0 was published in February, 2003.
Note: In this document, the term “SIP Servlet” is used to represent the API, and “SIP servlet” is used to represent an application created with the API. J2EE provides Java Servlet that is a main technology of building Web applications. Although Java Servlet is used only to develop HTTP protocol-based applications on a Web application server, it basically has functions as a generic API for server applications. SIP Servlet is defined as the generic servlet API with SIP-specific functions added.
Read the rest of this entry »

• 0 Comments

Everybody who wants to install a web server database but does not know which software is necessary and how it is installed should benefit from reading this text. This text provides all information necessary to get a SQL database for a web server going; it does not go into any detail of CGI programming, nor does it explain the SQL database language. Excellent books are available on both topics, and it is the intention of this text to provide a working platform based on which a user can then study CGI programming and SQL. For getting a small scale SQL system running (not the notorious example of a major airline booking system, or space mission management database) it will be sufficient to have the software described in this text and the documentation accompanying it. The user manual of msql (a database introduced in this text) provides sufficient information on SQL for building your own database.
Read the rest of this entry »

• 0 Comments

This paper will examine the differences between the security posture of Microsoft’s SQL Server and Oracle’s RDBMS based upon flaws reported by external security researchers and since fixed by the vendor in question. Only flaws affecting the database server software itself have been considered in compiling this data so issues that affect, for example, Oracle Application Server have not been included. The sources of information used whilst compiling the data that forms the basis of this document include:
Read the rest of this entry »

• 0 Comments

The health of databases is of critical importance to business managers, application owners and enterprise IT teams. The life of an organization is literally represented inside its database servers. Take away the ability to reliably run enterprise applications or complete customer transactions and you will watch the business come to a standstill. One quantifiable indicator of risk to the enterprise of business disruption, or leakage of confidential data, is the number of vulnerabilities that exist in the technical infrastructure. There is a correlation between the number of vulnerabilities and the number of undiscovered vulnerabilities as well as the risk to the enterprise of an exploit successfully launched against the vulnerable database. It is very clear that the more vulnerabilities that exist, the more likely it is that an attack will be successful.
Read the rest of this entry »

• 0 Comments

This paper will not cover basic SQL syntax or SQL Injection. It is assumed that the reader has a strong understanding of these topics already. This paper will focus on advanced techniques that can be used in an attack on a (web) application utilizing Microsoft SQL Server as a backend. These techniques demonstrate how an attacker could use a SQL Injection vulnerability to retrieve the database content from behind a firewall and penetrate the internal network. This paper is meant to educate security professionals of the potential devastating effects SQL Injection could have on an organization.
Read the rest of this entry »

• 0 Comments