 |
|
|
|
|
|
Introduction to MVC programming with Agavi, Part 5: Add paging, file uploads, and custom input validators to your Agavi application
This is the final article in a five-part series written for the PHP developer interested in learning about an open-source, flexible, and scalable framework called Agavi. You'll learn to support file uploads, store user data in sessions, integrate third-party libraries and create custom input validators for your Agavi application.
|
|
Articles |
|
27 Oct 2009 |
|
| |
Introduction to MVC programming with Agavi, Part 3: Add authentication and administrative functions with Agavi
Continue to build the Web Automobile Sales Platform by adding the ability to add, delete, and update the automobile records in Part 3 of a five-part series. You will also see how to separate user functions from administrative functions with authentication.
|
|
Articles |
|
27 Oct 2009 |
|
| |
Connecting to the Cloud, Part 3: Cloud governance and security
In the third and final part of this three-part series on building a hybrid cloud application, examine governance and security for cloud computing. Build on the example of the HybridCloud application from Part 2 by examining how to add access control policies to its use of Amazon Simple Queue Service (SQS). Look in detail at how the HybridCloud application authenticates itself to cloud services and how to add a log audit trail to Amazon's S3 (Simple Storage Service). Lastly, see how Google Apps uses OAuth and how Force.com cloud services require built-in testing to avoid inadvertent Denial-of-Service (DoS) attacks.
|
|
Articles |
|
16 Jun 2009 |
|
| |
Understanding IBM InfoSphere MDM Server Security, Part 4: Using SAML in MDM Server Security
The IBM InfoSphere Master Data Management (MDM) Server allows you to provide
your own security data format to integrate into MDM security framework. This article
describes how to use Security Assertion Markup Language (SAML) assertions in MDM security.
|
|
Articles |
|
18 Dec 2008 |
|
| |
Build Web services with transport-level security using Rational
Application Developer V7, Part 3: Configure HTTPS
Part 1 and Part 2 of this three-part tutorial series showed you how to
develop Web services and clients, and configure HTTP basic authentication. In this
final installment, you create a self-signed certificate, keystore, trust store, and
Secure Sockets Layer (SSL) configuration using the IBM WebSphere Administrative
Console. Then you configure HTTPS for your Web services and Web services client, and
test HTTPS Web services from both a Java EE client and a stand-alone Java client.
|
|
Tutorials |
|
21 Feb 2008 |
|
| |
Avoid the dangers of XPath injection
With the proliferation of simple XML APIs, Web services, and Rich Internet Applications (RIAs), more organizations have adopted XML as a data format for everything from configuration files to remote procedure calls. Some people have even used XML documents instead of more traditional flat files or relational databases, but like any other application or technology that allows outside user submission of data, XML applications can be susceptible to code injection attacks, specifically XPath injection attacks.
|
|
Articles |
|
17 Jul 2007 |
|
| |
Overcome security threats for Ajax applications
Asynchronous JavaScript + XML (Ajax), a key technology in Web 2.0, allows user interaction with Web pages to be decoupled from the Web browser's communication with the server. In particular, Ajax drives mashups, which integrate multiple contents or services into a single user experience. However, Ajax and mashup technology introduce new types of threats because of their dynamic and multidomain nature. Learn about the threats associated with Ajax technologies, and discover some best practices to avoid them.
|
|
Articles |
|
19 Jun 2007 |
|
| |
Top ten XML articles and tutorials - June 2007
Explore the XML content that your fellow readers recently focused on.
|
|
|
|
12 Jun 2007 |
|
| |
Signing, encrypting, and decrypting Atom
Atom is a
great format for relaying information, but what about security concerns? XML Digital Signatures can ensure that data comes from a trusted party and that it is unaltered, and XML Encryption can obscure sensitive information from prying eyes. But how can you use these technologies without destroying Atom structures? This article shows you how digital signatures and encryption can easily mesh with Atom data using the Apache Abdera API.
|
|
Articles |
|
22 May 2007 |
|
| |
Top ten XML articles and tutorials - April 2007
Explore the XML content that your fellow readers recently focused on.
|
|
|
|
04 May 2007 |
|
| |
Enforce resource property semantics with metadata
The WS-ResourceProperties specification defines a standard for declaring strongly-typed properties as part of a Web service interface, but it does not say anything about permissions, validation, and other important topics. Fortunately, the WS-ResourceFramework authors have provided a new specification, WS-ResourceMetadata, that can help you deal with these issues in a standard way. The Apache Muse project provides implementations of both of these specs and lets you associate metadata with your resource properties with just a small XML file. This article describes how to use metadata to secure and validate your properties and how to test different metadata settings.
|
|
Articles |
|
24 Apr 2007 |
|
| |
Shaping the future of secure Ajax mashups
Current Web browsers weren't designed to easily and securely get content from multiple sources into one page. Discover how developers have stretched the available tools to fit the task and how doing so has put strain on the resulting applications with respect to security and scalability. Also, learn about several browser improvements being proposed to remedy the situation and how to become part of the conversation that will bring Web development beyond this hurdle to a new level of interoperability.
|
|
Articles |
|
03 Apr 2007 |
|
| |
Enable XML awareness in WebSphere Extended Deployment with WebSphere DataPower SOA Appliances
Learn how to use the newly acquired IBM WebSphere DataPower SOA Appliances to enable the WebSphere Extended Deployment On Demand Router (ODR) to classify requests based on XML.
|
|
Articles |
|
19 Jul 2006 |
|
| |
Thinking XML: Manage XML data sets for security
Most developers have to learn a different playbook when they deal with XML and they're used to database technologies. XML's transparency requires a lot of care when you expose XML to applications on a network. Carelessness in this regard can lead to security breaches. Learn about the security implications of XML's transparency and how to avoid the vulnerabilities.
|
|
Articles |
|
11 Jul 2006 |
|
| |
Comment lines: Bill Hines: The (XML) threat is out there...
New technologies mean new types of attacks on systems and data. Knowing what kinds of attacks are possible is one step toward protect your environment from them. Another may be the implementation of a new type of hardware appliance like those available from DataPower.
|
|
Articles |
|
22 Mar 2006 |
|
| |
XML in Firefox 1.5, Part 1: Overview of XML features
The open source Firefox Web browser continues to grow in popularity. Users like the security and convenience features it offers. Developers like the Firefox attention to standards compliance, inherited from its Mozilla roots. The most recent version, Firefox 1.5, comes with many features for XML developers, including XML parsing, XHTML, CSS, XSLT, SVG, XML Events in JavaScript, and XForms. Additional third-party extensions provide even more XML support. In this article, Uche Ogbuji provides an overview of XML features in Firefox 1.5.
|
|
Articles |
|
21 Mar 2006 |
|
| |
Secure XML messaging with JMS, Part 2: Using XSS4J to implement XML Security
Java Message Service (JMS) is a Java language-based messaging API. XML provides a simple, human-readable data format for information exchange, and is a popular syntax for the formating of enterprise data. Therefore, integrating XML into JMS applications can provide significant advantages in enterprise applications. This tutorial demonstrates the use of XML Security Suite for Java (XSS4J) to achieve secure XML messaging over an existing JMS network.
|
|
Tutorials |
|
21 Feb 2006 |
|
| |
Work with Web services in enterprise-wide SOAs, Part 9: Integrate RFID Web services into EAI applications in multiple SOAs
Want to develop Radio Frequency Identification (RFID) Web Services using IBM Relational Web Developer for WebSphere Software? Judith M. Myerson demonstrates how to integrate RFID Web services into Enterprise Application Integration (EAI) applications in multiple Service-Oriented Architectures (SOAs). Follow along with an example of how to resolve the problem by developing or modifying RFID Web services rather than by making changes to a long-running EAI application.
|
|
Articles |
|
10 Jan 2006 |
|
| |
Secure XML messaging with JMS: Secure XML messaging with JMS, Part 1: Extending JMS to support XML authoring and processing
Java Message Service (JMS) is a Java language-based messaging API. XML provides a simple, human-readable data format for information exchange, and is a popular syntax for the formatting of enterprise data. Therefore, integrating XML into JMS applications can provide significant advantages in enterprise applications. This tutorial teaches you how to include support for secure XML messaging over an existing JMS network.
|
|
Tutorials |
|
22 Nov 2005 |
|
| |
Tip: Configure SAX parsers for secure processing
Because XML systems often accept and process data from many different sources, it's important to consider the effect bad data may cause if it's intentionally or unintentionally injected into the system. Although validation and well-formedness checking provide a substantial amount of protection compared to traditional binary formats, you also need to consider some issues that are unique to XML. Fortunately, proper configuration of the parser and some reasonable intelligence about what to store can ameliorate most security concerns.
|
|
Articles |
|
27 May 2005 |
|
| |
XML Security: Manage identities more effectively with SPML
Gain a basic understanding of what Service Provisioning Markup Language (SPML) is and how it works. After an explanation of SPML's role in the management of the identity lifecycle, this article guides you through an actual working SPML scenario, using OpenSPML. Along the way, the author explains the architecture and design of SPML. Ultimately, you learn to appreciate the usefulness of this technology, and are equipped to participate in the implementation of the standard.
|
|
Articles |
|
05 Jan 2005 |
|
| |
Introducing XML canonical form
XML is careful to separate details of a file or other data source, bit-by-bit, from the abstract model of an XML document. This can be an inconvenience when comparing two XML documents for equality -- either directly (for instance, as part of a test suite) or by comparing digital signatures for security purposes -- to determine whether an XML document has been tampered with in some way. The W3C addresses this problem with the XML Canonicalization spec (c14n), which defines a standard form for an XML document that is guaranteed to provide proper bit-wise comparisons and thus consistent digital signatures. In this article, Uche Ogbuji introduces XML Canonicalization.
|
|
Articles |
|
07 Dec 2004 |
|
| |
XML Matters: Summary
Welcome to XML Matters, a regular column that illustrates general programming concepts and offers programming code to the programming community that you, as an individual developer, can utilize for your own purpose.
|
|
Articles |
|
03 Dec 2004 |
|
| |
XML Security: Control information access with XACML
Providing the right people with the right access to information is as important as (if not more important than) having the information in the first place. eXtensible Access Control Markup Language -- or XACML -- provides a mechanism to create policies and rules for controlling access to information. In this article, author Manish Verma continues his series on XML security issues by showing you how to incorporate XACML into your own applications.
|
|
Articles |
|
18 Oct 2004 |
|
| |
Tip: Use a proxy network library for SOAP behind a firewall
If you are trying to access a SOAP service from behind a firewall and your SOAP library does not have support for proxying network connections, you may not be able to get through by direct request. In such cases, you can use socket redirection programs to make the connection through a proxy server. Uche Ogbuji shows how to do so in this tip.
|
|
Articles |
|
26 Mar 2004 |
|
| |
XML Security: Ensure portable trust with SAML
The Security Assertion Markup Language, or SAML, addresses the long-felt need to provide a mechanism that transfers information about entities between various cooperating domains without the need for those domains to lose the ownership of that information. The information exchanged could be assertions related to a subject or authentication information. This is also known as single sign-on.
|
|
Articles |
|
23 Mar 2004 |
|
| |
XML Security: Ensure portable trust with Security Assertion Markup Language
The Security Assertion Markup Language, or SAML, addresses the long-felt need to provide a mechanism that transfers information about entities between various cooperating domains without the need for those domains to lose the ownership of that information. The information exchanged could be assertions related to a subject or authentication information. This is also known as single sign-on.
|
|
Articles |
|
19 Mar 2004 |
|
| |
XML Security: The XML Key Management Specification
The XML Key Management Specification (XKMS) outlines an easy mechanism for accessing and integrating with Public Key Infrastructure (PKI). In this article, Manish Verma explains the objective behind XKMS and then offers a step-by-step guide to using the XKMS service to register and retrieve information related to a public and/or private key.
|
|
Articles |
|
27 Jan 2004 |
|
| |
XML Security: Implement security layers, Part 2
A host of emerging technologies, such as Web services, use XML extensively for data exchange. As a result, the security of XML, while in transit as well as when in storage, assumes very high importance. This series explores the technologies that help make XML secure. Part 1 covered the basic plumbing technologies required for XML security. This article builds on that base, covering the core technologies required for XML security -- XML encryption and XML signature. It also goes through the step-by-step process of using these technologies to secure an XML message.
|
|
Articles |
|
30 Oct 2003 |
|
| |
XML security: Implement security layers, Part 1
As a format for exchanging information over the Internet, XML's popularity is continuing to grow -- and one of the key issues associated with information exchange is security. No information exchange format is complete without a mechanism for ensuring the security and reliability of the information. This is the first in a series of articles by Manish Verma that will discuss the technologies that play a crucial role in securing XML. This article focuses on the basic plumbing technologies, defining security in an XML context, XML canonicalization, and PKI infrastructure, and providing a step-by-step guide to generating keys. Part 2 will discuss XML encryption and XML signature. This series will give you a practical grasp of the basic technology used for securing XML messages.
|
|
Articles |
|
21 Oct 2003 |
|
| |
Debunking SAML myths and misunderstandings
At the beginning of 2003, the Organization for the Advancement of Structured Information Standards (OASIS) group approved the Security Assertion Markup Language (SAML) specification. With 25 companies participating, you would think that the software development community would have a good understanding of SAML. However, misconceptions about SAML still exist, so this article aims to detail and debunk many of the myths and misunderstandings surrounding SAML.
|
|
Articles |
|
08 Jul 2003 |
|
| |
Working XML: Use Eclipse to build a user interface for XM
Anyone familiar with XM -- the low-cost, open-source content management solution based on XSLT -- knows that for all its good points, it still lacks a decent user interface. In this article, columnist Benoît Marchal uses the Eclipse platform's open universal framework to build a user interface for XM.
|
|
Articles |
|
01 Oct 2002 |
|
| |
XML Watch: Support online communities with FOAF
In this installment, Edd Dumbill explores some of the issues involved in making the FOAF vocabulary useful when supporting online communities.
|
|
Articles |
|
01 Aug 2002 |
|
| |
Exploring XML Encryption, Part 2
In this second installment, Bilal Siddiqui examines the usage model of XML Encryption with the help of a use case scenario. He presents a simple demo application, explaining how it uses the XML Encryption implementation. He then continues with his last implementation of XML Encryption and makes use of JCA/JCE classes to support cryptography. Finally, he briefly discusses the applications of XML Encryption in SOAP-based Web services.
|
|
Articles |
|
01 Aug 2002 |
|
| |
Donald Eastlake on XML digital signatures
In this exclusive developerWorks interview, XML Digital Signatures pioneer Donald Eastlake responds to Larry Loeb's recent article on the topic by clarifying a number of issues about how this technology is used.
|
|
Articles |
|
01 Mar 2002 |
|
| |
Exploring XML Encryption, Part 1
XML Encryption provides end-to-end security for applications that require secure exchange of structured data. XML itself is the most popular technology for structuring data, and therefore XML-based encryption is the natural way to handle complex requirements for security in data interchange applications. Here in part 1 of this two-part series, Bilal explains how XML and security are proposed to be integrated into the W3C's Working Draft for XML Encryption.
|
|
Articles |
|
01 Mar 2002 |
|
| |
Real-world XML Schema
This article presents a set of 17 broadly applicable practices for using XML. These practices were published by the Association for Retail Technology Standards to aid its development of standardized XML messages for exchange between information technology systems that support retail stores.
|
|
Articles |
|
01 Jan 2002 |
|
| |
XML signatures: Behind the curtain
The XML Digital Signature Standard establishes how XML can functionally sign itself over an insecure network like the Internet. While this effort does not require an established PKI to function, it may require the use of trusted XML servers for authentication. Consequently, each enterprise will have to evaluate the potential security risk of outsourcing this increasingly critical business function.
|
|
Articles |
|
01 Dec 2001 |
|
| |
Enabling XML security
XML is a major enabler of what the Internet, and latterly Web services, require in order to continue growing and developing. Yet a lot of work remains to be done on security-related issues before the full capabilities of XML languages can be realised. At present, encrypting a complete XML document, testing its integrity, and confirming the authenticity of its sender is a straightforward process. But it is increasingly necessary to use these functions on parts of documents, to encrypt and authenticate in arbitrary sequences, and to involve different users or originators. At present, the most important sets of developing specifications in the area of XML-related security are XML encryption, XML signature, XACL, SAML, and XKMS. This article introduces the first two.
|
|
Articles |
|
01 Sep 2001 |
|
| |
