Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Read the rest of this entry »

• 0 Comments

The 4D Ajax Framework v11 component comes in two flavors, For 4D 2004 and For 4D v11 SQL. Thus, there are two sets of installation instructions.
- Installing the 4D Ajax Framework v11 component in a 4D 2004 database
- Installing the 4D Ajax Framework v11 component in a 4D V11 SQL database Follow the set that best suits your situation.
Read the rest of this entry »

• 0 Comments

This tutorial is intended to give a very basic introduction to using the Zend Framework to write a basic database driven application.
NOTE: This tutorial has been tested on versions 1.0.0 of the Zend Framework. It stands a very good chance of working with later versions, but it’s unlikely to work on versions prior to version 1.0.0
Read the rest of this entry »

• 0 Comments

The customizable PHP script Generic HTML Form Processor is intended to assist researchers and students in quickly setting up surveys and experiments that can be administered via the Web. This script relieves researchers from the burdens of writing new cGi scripts and building databases for each Web study. Generic HTML Form Processor processes any syntactically correct HTML form input and saves it into a dynamically created open-source database. We describe five modes for usage of the script that allow increasing functionality but require increasing levels of knowledge of PHP and Web servers: The first two modes require no previous knowledge, and the fifth requires PHP programming expertise. use of Generic HTML Form Processor is free for academic purposes, and its Web address is www.goeritz.net/brmic.
Read the rest of this entry »

• 0 Comments

XDoclet is basically just a code generation tool. Many applications have redundant code and/or interfaces and this is where XDoclet comes into play. You can update one source file and use XDoclet to regenerate the affected files. The incredible improvements to content management are clearly obvious. XDoclet parses source code like JavaDoc. By reading JavaDoc tags embedded in source code, XDoclet uses predefined templates to generate code based on those tags. A common use of XDoclet is to embed tags in EJB’s and automatically generate all of the interfaces, beans, and XML descriptors.
Read the rest of this entry »

• 0 Comments