In this article, by Martin Brampton author of PHP 5 CMS Framework Development, we get into the detailed questions involved in providing continuity for people using our websites. Almost any framework to support web content needs to handle this issue robustly, and efficiently. In this article, we will look at the need for sessions, and the PHP mechanism that makes them work. There are security issues to be handled, as sessions are a well known source of vulnerabilities. Search engine bots can take an alarmingly large portion of your site bandwidth, and special techniques can be used to minimize their impact on session handling. Actual mechanisms for handling sessions are provided. Session data has to be stored somewhere, and it is better to take charge of this task rather than leave it to PHP. A simple but fully effective session data handler is developed using database storage.Read Sessions and Users in PHP 5 CMS in full
SOA governance is the combination of people, policies, and processes within your organization that will ensure that the desired behaviors of your strategic SOA initiative are achieved.It includes the traditional areas associated with IT Governance, which is the selection and funding of IT projects. These projects define the initial scope for technology utilization and can either help or hinder the SOA effort, based upon the scope chosen. In this article by Todd Biske we will see that the SOA effort only gets executed through projects, and if the execution is poor, the SOA effort will be poor. Therefore, the project governance activities of an organization must be adjusted to include policies associated with achieving the desired behaviors associated with SOA adoption.
Advasco had initial success with their Customer Information Service and then opened the flood gates for development by the rest of the organization. These efforts were successfully reigned in by the newly formed Center of Excellence. Now, the team at Advasco faces a new challenge: modifying an existing service to handle the needs of a new consumer. This article will go over the challenges faced by the team and then present guidance for handling this situation within your own organization.Read Service Versioning in SOA in full
In this article by Binildas C. A., author of Service Oriented Java Business Integration, we will cover practical use of JBI Proxy—to proxy external web services in the JBI bus.Read Service Oriented JBI: Invoking External Web Services from ServiceMix in full
We will cover the following in this article by Binildas A. Christudas, author of Service Oriented Java Business Integration:
- Proxy design pattern in general
- Proxy support in Java SDK with examples
- ServiceMix JBI Proxy
- A few samples of defining and exposing proxies to services in the JBI bus
Many of you as (Java) programmers generate business purpose code, like "confirming an order" or "find available products". At times, you may also want to connect to external systems and services, since your application in isolation alone will not provide you the required functionality. When the number of such connections increases, you would be generating more and more of "integration code", mixed along with your business code.
In this short article, Binildas A. Christudas introduces the Java Business Integration (JBI) specification and discusses how it is covered in his new book, Service Oriented Java Business IntegrationRead Service Oriented Java Business Integration - What's & Why's in full
The main tunable settings for PostgreSQL are in a plain text file named postgresql.conf that's located at the base of the database directory structure. This will often be where $PGDATA is set to on UNIX-like systems, making the file $PGDATA/postgresql.conf on those platforms.
This article by Gregory Smith, author of PostgreSQL 9.0 High Performance, mirrors the general format of the official documentation's look at these parameters at http://www.postgresql.org/docs/current/static/runtime-config.html. However, it is more focused on guidelines for setting the most important values, from the perspective of someone interested in performance tuning, rather than describing the meaning of every parameter. This should be considered a supplement to rather than a complete replacement for the extensive material in the manual.Read Server Configuration Tuning in PostgreSQL in full
In order to make our site successful, we need to attract and retain site visitors. SEO is a method of site analysis and best practices for building web pages that are easily discovered and indexed by search engines. SEO is used to make our content more relevant and easily read by search engines and their crawling and indexing software. Successful SEO makes it easier for both existing and potential customers to find your website. Fundamentally, SEO is about having your URL added to a search provider's database and appearing favorably in their search results. Well executed SEO is a process of making reasonable ongoing assumptions, following consistent practices, and includes continual site review and changes. SEO is constantly evolving and best practices are a big part. In this article by Thom Robbins, author of Kentico CMS 5 Website Development, let's look at some of the best practices that you can use when managing your site.Read SEO with Kentico CMS 5 in full
Specifically, we will cover the following points:
- The base component class
- Layouts revisited
This article covers every aspect of a form, including the different form fields offered by Sencha Touch, configuring each one of them for the user in a form, and configuring ways by which a typical form validation can be done. Fields such as Search, E-mail, DatePicker, Select, Slider, Checkbox, TextArea, FieldSet, and so on are covered in this article along with their detailed usage.
In this article by Ajit Kumar, author of Sencha Touch Cookbook, we will cover:
- Getting your form ready with FormPanel
- Working with search
- Putting custom validation in the e-mail field
- Working with dates using DatePicker
- Making a field hidden
- Working with the select field
- Changing the value using Slider
- Spinning the number wheel using Spinner
- Toggling between your two choices
- Checkbox and checkbox group
- Text and TextArea
- Grouping fields with FieldSet
- Validating your form
Traditionally, web hosts have had a difficult time offering efficient, highly secure web space for a multitude of customers. Generally, a host will provide cheap accounts on a shared server and offer virtual machines as a more expensive option for the more security-conscious site owners. In this article, Joshua Kramer will explain how to provide highly secure hosting for Python-based web applications in an efficient manner. With the popularity of applications such as Trac, Django, and TurboGears, Python-based web applications will become more prevalent in the future, and the concepts presented in this article will become more valuable.Read SELinux - Highly Secured Web Hosting for Python-based Web Applications in full
In this article by Jacob Gube, we will look at:
- The $() and $$() function
- Selecting HTML elements with pseudo-class selectors
- Selecting HTML elements based on their attributes
So let’s get on with it...Read Selecting DOM Elements using MooTools 1.2: Part 1 in full
While Plone is quite fortunate to be built on top of the very safe and secure Zope 2 application server, there is always more we can do to make sure our site is running as safely and securely as possible.
Because security is such a big topic, there are many areas where we can perform audits and make improvements such as operating system (OS), flesystem (FS), through the web (TTW), and so on.
Lastly, there are some miscellaneous tasks that fall under the security umbrella; we can take this opportunity to learn them.
So let's get to it.
In this article by Alex Clark, author of Plone 3.3 Site Administration you will learn:
- Restricting TCP/IP access to localhost or LAN host
- Managing IP addresses and ports effectively
- Configuring the Zope 2 effective user dynamically
- Installing Cassandra to audit through the web (TTW) security
- Applying security and bug fixes to Plone
In this article by John Horton, PrestaShop 1.3 Beginner's Guide, we shall:
- Look at ways your shop can be damaged
- Add users, profiles, and permissions to increase security
- Talk about and optionally implement SSL to protect your customers' private information
- Learn how to backup and restore your shop in case everything else fails
- Talk about upgrading PrestaShop and how this helps keep your business secure
Even though a trixbox system is a phone system, it is still a basic computer system like any other. One of the problems that we face is that extensions and VoIP service providers typically come into the system over the open Internet; this means that certain aspects of our system are wide open to the outside world. During the week that this article was written, several new scripts came out that allowed people to scan machines over the Internet, find systems that are running Asterisk, get the list of available extensions, and then hack the passwords. These tools allow a malicious hacker to get into your system and start making long-distance phone calls. There were numerous instances of companies with phone bills reaching into the thousands and even tens of thousands of dollars. Because of issues like this, it is more imperative than ever that you understand how to properly secure your trixbox server from the outside world. In this article by Kerry Garrison, we will focus on how to secure the trixbox server.Read Securing Your trixbox Server in full
As an information system, JIRA is all about data. It should come as no surprise to you that security plays a big role in JIRA not only to ensure that only the right people get access to the data, but also to maintain data integrity by preventing accidental changes.
By the end of the article by Patrick Li, author of JIRA 4 Essentials, you will have learned:
- How to utilize user management features in JIRA
- About JIRA's permission hierarchy
- About general access control in JIRA
- How to manage fine-grained permission settings
The web services model brings into the system unique security challenges because the business data in the form of XML documents may be required to travel across untrusted networks and has the chance of being manipulated by external systems.
Throughout the entire business transaction, different classes of users and systems need access to the entire business transaction. If any part of this chain is compromised, the whole business application deployed as a service will fail. Web services are inherently about how to share the process of computing across a distributed network of systems. Web services' communication channel being XML, messages are text-based, readable, and self describing.Read Securing XML Documents in full
This article by David Overton covers the process of finishing the network protection and routing setup and configuring the protection of the data on the server. We will cover:
- Configuring the firewall ports
- Configuring and testing backups
- Configuring anti-malware
In this article by Ken Finnigan, Luca Stancapiano and Piergiorgio Lucidi , authors of GateIn Cookbook, we will cover
Securing with JBoss AS
Securing with Tomcat
Choosing the JAAS modules
Creating a login page
OpenSSO is the answer to many complexities that have emerged during recent years because of the complexity and dynamicity of the security functionality required for software systems. The complexity in software security increases as a result of the increase in complexity of security requirements of the target business that the software should drive and diversity in the integration between different partner's software systems that collaborate to complete a client request.
In this article by Masoud Kalali, author of GlassFish Security, we will discuss how to go about securing our application using OpenSSO.Read Securing our Applications using OpenSSO in GlassFish Security in full