Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Read the rest of this entry »

• 0 Comments

Java Server Faces (JSF) is a MVC (Model View Control) framework for (dynamic) Web-Pages. Facelets is using x-Html pages and Templates to replace JSP (Java Server Pages) for Java Server Faces. It completes the picture and creates a REAL MCV concept (One could use java code within JSP pages). This document tries to explain how JSF with Facelets works, and give a few short directions on how to get it to work. It will also cover how Web 2.0 can be used, and what this means for SVG (Scalable Vector Graphics). All Example-Code within this document is taken from the SVG-Paint Project.
Read the rest of this entry »

• 0 Comments

In the beginning, the World Wide Web (WWW) was flat. It was an electronic library where academics and scientists posted dissertations and dusty data for reading with clunky, text-only browsers. With the advent of graphical browsers, the consumer oriented Web took off. Content became vastly more colorful. Remember where you were the first time you experienced the exciting blink and marquee tags? (I bet you wish you could forget those gems!) Anyway, the Web has evolved as a rich, interactive, and personalized medium. In the new version of Web (Web 2.0), functional pages aren’t enough. User experience (abbreviated as UX in geekspeak) is hot, and sites are cool. This chapter looks at Microsoft’s tools and technologies for creating and delivering engaging Web content.
Read the rest of this entry »

• 0 Comments

The customizable PHP script Generic HTML Form Processor is intended to assist researchers and students in quickly setting up surveys and experiments that can be administered via the Web. This script relieves researchers from the burdens of writing new cGi scripts and building databases for each Web study. Generic HTML Form Processor processes any syntactically correct HTML form input and saves it into a dynamically created open-source database. We describe five modes for usage of the script that allow increasing functionality but require increasing levels of knowledge of PHP and Web servers: The first two modes require no previous knowledge, and the fifth requires PHP programming expertise. use of Generic HTML Form Processor is free for academic purposes, and its Web address is www.goeritz.net/brmic.
Read the rest of this entry »

• 0 Comments