A Word About Secure Database Access
Unfortunately, this database access code exhibits insecurities of its own. For example, you should never use the sa account (or an equivalent) to access databases from Web applications. Instead, use weak accounts that lack permission to drop tables, insert, update, and delete records, and the like. In addition, you should use stored procedures or parameterized commands in lieu of dynamic SQL commands for added protection against malicious input parameters. Finally, consider encrypting database connection strings to minimize the risk of information disclosure if your source code falls into the wrong hands. And note that truly paranoid ASP.NET programmers encrypt connection strings and store them in ACLed registry keys. When it comes to Web security, a little paranoia can be a good thing.
Read the rest of this entry »

• 0 Comments

This paper briefly describes several common classes of coding error generally encountered when auditing web applications running on the Active Server Pages (ASP) platform. The paper is broken down into three broad sections, each of which addresses several common coding problems. The following is a list of the common errors that are discussed in this document, divided into three broad categories. The remainder of the document deals with each of these problems in turn. Any ASP code samples assume that the default language is VBScript, but all of the points apply equally to JavaScript. Equally, all occurrences of the SQL language assume that Microsoft SQL Server is being used as the back – end database.
Read the rest of this entry »

• 0 Comments

Facebook Open Platform (fbOpen) is a snapshot of the infrastructure that runs Facebook Platform. It includes the API infrastructure, the FQL parser, the FBML parser, and FBJS, as well as implementations of many common methods and tags. We’ve included samples and some dummy data to help you get started fast. Facebook Open Platform also has extensibility points built in so you can add your own functionality, such as your own FBML tags, API methods, and so forth.
Read the rest of this entry »

• 0 Comments

This article shows you how a Java™ 2 Platform, Enterprise Edition (J2EE) application was enhanced with an Ajax-style architecture by using the IBM® WebSphere® Application Server Feature Pack for Web 2.0. Learn how to combine Ajax-style architectures with an existing application without having to rewrite the entire Web application. You’ll also discover some ideas on how to apply the Web 2.0 Feature Pack to your own J2EE applications for IBM WebSphere Application Server. The “Plants by WebSphere” application is among a number of samples that are provided with the IBM WebSphere Application Server Feature Pack for Web 2.0.
Read the rest of this entry »

• 0 Comments

The Oracle Academy’s Hosted Database offering provides web-enabled access to an Oracle database for schools that have experienced IT staff to teach database fundamentals using their own curriculum. Using Oracle’s HTML DB web interface, schools harness the power of the Oracle database to teach students relational database concepts. Because this service is hosted by Oracle, there is no need to install or maintain any hardware or software.
Read the rest of this entry »

• 0 Comments

Whether you want to build an AJAX-based web application, or a Windows game, the Academic Resource Kit is a great place to start. A Microsoft Romania initiative aimed at driving technology access and adoption, ARK is designed as a comprehensive collection of tools and resources addressing both the development and design aspects of building software solutions. I had the chance to chat with Microsoft Romania’s Todi Pruteanu about the ARK initiative, and the interview below will provide you with a great insight into the Academic Resource Kit.
Read the rest of this entry »

• 0 Comments

Access 97 was released about the same time as HTML Help, so there is zero support for this particular help system from Access 97. For example, you won’t be able to use the help functionality of the MsgBox function with HTML Help as it only works with WinHelp. The way to fix this particular problem is to use Sönke Huckfeldt’s techniques for creating custom MsgBox and InputBox functions. These techniques can be found in a sample database which is available from the same page you retrieved this article from.
Read the rest of this entry »

• 0 Comments

This tutorial covers the main packages in the Spring Framework. For full details, we refer you to Rod Johnson’s book, Expert One-on-One J2EE Design and Development, published by Wrox Press in 2002. The book’s ISBN number is 1-86100-784-1. The code for the Spring Framework is contained in package com.interface21. We provide UML diagrams for the subpackages, as well as code samples.
Read the rest of this entry »

• 0 Comments