We present a practical protection mechanism against SQL injection attacks. Such attacks target databases that are accessible through a web front-end, and take advantage of flaws in the input validation logic of Web components such as CGI scripts. We apply the concept of instruction-set randomization to SQL, creating instances of the language that are unpredictable to the attacker. Queries injected by the attacker will be caught and terminated by the database parser. We show how to use this technique with the MySQL database using an intermediary proxy that translates the random SQL to its standard language. Our mechanism imposes negligible performance overhead to query processing and can be easily retrofitted to existing systems.
Read the rest of this entry »

• 0 Comments

The history of computers starts out about 2000 years ago, at the birth of the abacus, a wooden rack holding two horizontal wires with beads strung on them. When these beads are moved around, according to programming rules memorized by the user, all regular arithmetic problems can be done. Another important invention around the same time was the Astrolabe, used for navigation. Blaise Pascal is usually credited for building the first digital computer in 1642. It added numbers entered with dials and was made to help his father, a tax collector. In 1671, Gottfried Wilhelm von Leibniz invented a computer that was built in 1694. It could add, and, after changing some things around, multiply. Leibniz invented a special stepped gear mechanism for introducing the addend digits, and this is still being used.
Read the rest of this entry »

• 0 Comments

How is it different from building an application using visual studio for dot net or any visual java development tool?
The basic difference is the amount of programming that needs to be done is significantly reduced. Reasonably complex applications ERP, CRM, HMS, HCMS, etc can be built without writing programs in any programming language. However, fundamental database and SQL (select statements)
Read the rest of this entry »

• 0 Comments

A Word About Secure Database Access
Unfortunately, this database access code exhibits insecurities of its own. For example, you should never use the sa account (or an equivalent) to access databases from Web applications. Instead, use weak accounts that lack permission to drop tables, insert, update, and delete records, and the like. In addition, you should use stored procedures or parameterized commands in lieu of dynamic SQL commands for added protection against malicious input parameters. Finally, consider encrypting database connection strings to minimize the risk of information disclosure if your source code falls into the wrong hands. And note that truly paranoid ASP.NET programmers encrypt connection strings and store them in ACLed registry keys. When it comes to Web security, a little paranoia can be a good thing.
Read the rest of this entry »

• 0 Comments

The EPICS toolkit consists of a set of software components with which Application Developers can create a control system. The basic component types are:
•OPI
Operator Interface. A UNIX- or NT-based workstation or PC which can run various EPICS tools—the “clients.”
•IOC
Input Output Controller. A VME/VXI-based chassis containing a Motorola 68K or PPC processor with various VME I/O modules for analog and digital signals, and for access to field buses such as Allen-Bradley, GPIB, CANbus or CAMAC.
•LAN
TCP/IP-based Local Area Network. A communication network which connects the IOCs and OPIs. EPICS provides a software com- ponent, Channel Access, which provides network transparent commu- nication between every client—such as OPI—and an arbitrary number of servers—such as IOC.
Read the rest of this entry »

• 0 Comments

Graphical objects, also known as entities, are the visible objects (lines, circles, raster images, and so forth) that make up a drawing. Each graphical object has methods that allow an application to perform most of the AutoCAD editing commands, such as Copy, Erase, Move, Mirror, and so forth. These objects also have methods for setting and retrieving extended data (xdata), highlighting and updating, and retrieving the bounding box of the object. Graphical objects have typical properties such as Layer, Linetype, Color, and Handle. They also have specific properties, depending on their object type, such as, Center, Radius, and Area.
—ActiveX Automation User’s Guide, AutoCAD help file
Read the rest of this entry »

• 0 Comments

Object data allows you to create a simple database in a map and store text and numeric data in your maps directly attached to any object. It is far more powerful than block attributes because object data works with any object, not just blocks. Use object data tables to save any kind of information, run queries based on information in the tables and to create thematic maps. Object data can associate an object with documents from other applications. However, Autodesk Map works with object data created only in Autodesk Map and does not recognize object data from other applications, including AutoCAD®.
Read the rest of this entry »

• 0 Comments

This article shows you how a Java™ 2 Platform, Enterprise Edition (J2EE) application was enhanced with an Ajax-style architecture by using the IBM® WebSphere® Application Server Feature Pack for Web 2.0. Learn how to combine Ajax-style architectures with an existing application without having to rewrite the entire Web application. You’ll also discover some ideas on how to apply the Web 2.0 Feature Pack to your own J2EE applications for IBM WebSphere Application Server. The “Plants by WebSphere” application is among a number of samples that are provided with the IBM WebSphere Application Server Feature Pack for Web 2.0.
Read the rest of this entry »

• 0 Comments