The web services model brings into the system unique security challenges because the business data in the form of XML documents may be required to travel across untrusted networks and has the chance of being manipulated by external systems.
Throughout the entire business transaction, different classes of users and systems need access to the entire business transaction. If any part of this chain is compromised, the whole business application deployed as a service will fail. Web services are inherently about how to share the process of computing across a distributed network of systems. Web services' communication channel being XML, messages are text-based, readable, and self describing.Read Securing XML Documents in full
As an information system, JIRA is all about data. It should come as no surprise to you that security plays a big role in JIRA not only to ensure that only the right people get access to the data, but also to maintain data integrity by preventing accidental changes.
By the end of the article by Patrick Li, author of JIRA 4 Essentials, you will have learned:
- How to utilize user management features in JIRA
- About JIRA's permission hierarchy
- About general access control in JIRA
- How to manage fine-grained permission settings
Even though a trixbox system is a phone system, it is still a basic computer system like any other. One of the problems that we face is that extensions and VoIP service providers typically come into the system over the open Internet; this means that certain aspects of our system are wide open to the outside world. During the week that this article was written, several new scripts came out that allowed people to scan machines over the Internet, find systems that are running Asterisk, get the list of available extensions, and then hack the passwords. These tools allow a malicious hacker to get into your system and start making long-distance phone calls. There were numerous instances of companies with phone bills reaching into the thousands and even tens of thousands of dollars. Because of issues like this, it is more imperative than ever that you understand how to properly secure your trixbox server from the outside world. In this article by Kerry Garrison, we will focus on how to secure the trixbox server.Read Securing Your trixbox Server in full
In this article by John Horton, PrestaShop 1.3 Beginner's Guide, we shall:
- Look at ways your shop can be damaged
- Add users, profiles, and permissions to increase security
- Talk about and optionally implement SSL to protect your customers' private information
- Learn how to backup and restore your shop in case everything else fails
- Talk about upgrading PrestaShop and how this helps keep your business secure
In this article by Martin Spasovski, author of OAuth 2.0 Identity and Access Management Patterns, we'll learn about the security features that the OAuth 2.0 provides, and which security considerations we can take into account in order to build more secure applications.Read Security considerations in full
While Plone is quite fortunate to be built on top of the very safe and secure Zope 2 application server, there is always more we can do to make sure our site is running as safely and securely as possible.
Because security is such a big topic, there are many areas where we can perform audits and make improvements such as operating system (OS), flesystem (FS), through the web (TTW), and so on.
Lastly, there are some miscellaneous tasks that fall under the security umbrella; we can take this opportunity to learn them.
So let's get to it.
In this article by Alex Clark, author of Plone 3.3 Site Administration you will learn:
- Restricting TCP/IP access to localhost or LAN host
- Managing IP addresses and ports effectively
- Configuring the Zope 2 effective user dynamically
- Installing Cassandra to audit through the web (TTW) security
- Applying security and bug fixes to Plone
This article by Aurelio De Rosa the author of Instant JQuery Selectors, describes how many and what are the selectors to collect elements by their attributes.
In this article, we'll see how to select elements by their attributes paying attention to some quirks that can lead to an unexpected behavior.Read Selecting by attributes (Should know) in full
In this article by Jacob Gube, we will look at:
- The $() and $$() function
- Selecting HTML elements with pseudo-class selectors
- Selecting HTML elements based on their attributes
So let’s get on with it...Read Selecting DOM Elements using MooTools 1.2: Part 1 in full
In this article by Jonathan Chaffer and Karl Swedberg, the authors of Learning jQuery Fourth Edition, we will cover the structure of the elements on a web page, how to use CSS selectors to find elements on the page, and custom jQuery extensions to the standard set of CSS selectors. The jQuery library harnesses the power of Cascading Style Sheets (CSS) selectors to let us quickly and easily access elements or groups of elements in Document Object Model (DOM).Read Selecting Elements in full
This article created by Simon Lidberg the author of Getting Started with SQL Server 2012 Cube Development, serves as an introduction to Business Intelligence solutions and specifically self-service solutions.Read Self-service Business Intelligence, Creating Value from Data in full
In this article by James Serra and Bill Anton, authors of Reporting with Microsoft SQL Server 2012, we will look into what self-service reporting is and talks about how Power View solves self-service reporting needs, covering its main features and functionalities.Read Self-service reporting in full
Traditionally, web hosts have had a difficult time offering efficient, highly secure web space for a multitude of customers. Generally, a host will provide cheap accounts on a shared server and offer virtual machines as a more expensive option for the more security-conscious site owners. In this article, Joshua Kramer will explain how to provide highly secure hosting for Python-based web applications in an efficient manner. With the popularity of applications such as Trac, Django, and TurboGears, Python-based web applications will become more prevalent in the future, and the concepts presented in this article will become more valuable.Read SELinux - Highly Secured Web Hosting for Python-based Web Applications in full
This article covers every aspect of a form, including the different form fields offered by Sencha Touch, configuring each one of them for the user in a form, and configuring ways by which a typical form validation can be done. Fields such as Search, E-mail, DatePicker, Select, Slider, Checkbox, TextArea, FieldSet, and so on are covered in this article along with their detailed usage.
In this article by Ajit Kumar, author of Sencha Touch Cookbook, we will cover:
- Getting your form ready with FormPanel
- Working with search
- Putting custom validation in the e-mail field
- Working with dates using DatePicker
- Making a field hidden
- Working with the select field
- Changing the value using Slider
- Spinning the number wheel using Spinner
- Toggling between your two choices
- Checkbox and checkbox group
- Text and TextArea
- Grouping fields with FieldSet
- Validating your form
Specifically, we will cover the following points:
- The base component class
- Layouts revisited
In order to make our site successful, we need to attract and retain site visitors. SEO is a method of site analysis and best practices for building web pages that are easily discovered and indexed by search engines. SEO is used to make our content more relevant and easily read by search engines and their crawling and indexing software. Successful SEO makes it easier for both existing and potential customers to find your website. Fundamentally, SEO is about having your URL added to a search provider's database and appearing favorably in their search results. Well executed SEO is a process of making reasonable ongoing assumptions, following consistent practices, and includes continual site review and changes. SEO is constantly evolving and best practices are a big part. In this article by Thom Robbins, author of Kentico CMS 5 Website Development, let's look at some of the best practices that you can use when managing your site.Read SEO with Kentico CMS 5 in full
The main tunable settings for PostgreSQL are in a plain text file named postgresql.conf that's located at the base of the database directory structure. This will often be where $PGDATA is set to on UNIX-like systems, making the file $PGDATA/postgresql.conf on those platforms.
This article by Gregory Smith, author of PostgreSQL 9.0 High Performance, mirrors the general format of the official documentation's look at these parameters at http://www.postgresql.org/docs/current/static/runtime-config.html. However, it is more focused on guidelines for setting the most important values, from the perspective of someone interested in performance tuning, rather than describing the meaning of every parameter. This should be considered a supplement to rather than a complete replacement for the extensive material in the manual.Read Server Configuration Tuning in PostgreSQL in full
In this article by Hussein Nasser, author of Administering ArcGIS for Server, we will learn how to read logfiles and understand them in order to extract useful information that can help solving problems that might occurRead Server Logs in full
This article by Prabath Siriwardena, the author of Enterprise Integration with WSO2 ESB, helps you gain knowledge about Service Chaining. The Enterprise Service Bus(ESB) today serves as a key component in most of the enterprise grade deployments. In most cases the ESB removes point-to-point dependencies in your system to build a highly scalable and loosely coupled solution. But that does not necessarily mean ESB means SOA. ESB is a key ingredient to build an SOA infrastructure, but it's not a must. Even with an ESB if not followed industry best practices and patterns you will end up with a mess.Read Service Chaining in full
Many of you as (Java) programmers generate business purpose code, like "confirming an order" or "find available products". At times, you may also want to connect to external systems and services, since your application in isolation alone will not provide you the required functionality. When the number of such connections increases, you would be generating more and more of "integration code", mixed along with your business code.
In this short article, Binildas A. Christudas introduces the Java Business Integration (JBI) specification and discusses how it is covered in his new book, Service Oriented Java Business IntegrationRead Service Oriented Java Business Integration - What's & Why's in full