Osgeo Journal Is a Publication of the Osgeo Foundation

Total Page:16

File Type:pdf, Size:1020Kb

Osgeo Journal Is a Publication of the Osgeo Foundation Volume 1, April 2007 Editorial Call For Articles You can help by providing articles or papers for pub- by Tyler Mitchell lication. The next edition of this newsletter will have articles that cover several other open source projects in various topics: Dear GRASS and other open source users, • OSGeo-related news items • ... continues on next page ... It is my pleasure to introduce the future expan- • GIS sion of GRASS-News. The next edition will be morphed into a broader Open Source Geospatial • Remote Sensing Newsletter covering projects from the OSGeo Foun- • Web-based mapping and GIS dation and beyond. The aim is to bring relevant news and articles to a larger audience by widening the fo- • Geostatistics / spatial statistics cus and changing the name. • Geospatial data access GRASS-News has always covered more than just • and more... GRASS. It has also shown itself to be a high quality production that we can be proud of reading or even Do you have layout and design skills? You can help printing to share with friends. With the potential of by applying your skills to make OSGeo-News even reaching a larger audience, as well as maintain a sin- better. Translators into different languages are also gle high quality newsletter, the editors have decided needed. You can help by volunteering as: to re-brand it as an OSGeo-News production. I have always been encouraged by the content, layout and • Editor ideas represented by the GRASS-News volumes and hope to see it continue. • Layout Designer Contents of this volume: Introducing openModeller ............ 14 QLandkarte .................... 18 Editorial ...................... 1 MapGuide Open Source in the San Francisco OSGeo Celebrates 1st Anniversary ....... 2 Urban Forest Project .............. 21 North Carolina's OSGEO affiliated Open Using the R— GRASS interface ......... 22 Source GIS user group holds first meeting at Tikiwiki a GeoCMS ................ 25 the 2007 NC GIS Conference ......... 4 Processing geospatial operations via Internet Activity Report of OSGeo-India at Map World on remote servers – PyWPS .......... 28 Forum 2007 ................... 5 Producing Press-Ready Maps with GRASS Ottavo Meeting degli utenti italiani di GRASS and GMT .................... 32 & GFOSS ..................... 7 Spatial Relationships In GIS - An Introduction 38 A short introduction to Mapbender ....... 8 Evaluation of the OGC Web Processing Service deegree – Building Blocks for Spatial Data In- for Use in a Client-Side GIS .......... 40 frastructures ................... 11 Developer Updates - 2007 Q1 .......... 47 • Reviewer • Translator Tyler Mitchell • etc. Please take a moment to thank the editorial staff and Tyler Mitchell contributors of GRASS-News who have made a great Executive Director newsletter. I am encouraged to see their interest in OSGeo making the publication applicable to even more peo- http: // osgeo. org ple. I look forward to seeing the next edition. tmitchell AT osgeo.org OSGeo Celebrates 1st Anniversary • Project Incubation - monitoring and guiding projects through the incubation process by Tyler Mitchell • Promotion and Visibility - developing promo- February 4th, 2007 was the first anniversary of OS- tional material, coordinating OSGeo presence Geo. One year ago 25 people met face-to-face, at conferences, creating press releases and many more via phone and IRC, to discuss • Conference planning - helping organise the an- the possibility of starting an umbrella organisa- nual OSGeo FOSS4G conference event tion. These participants represented over 13 different open source projects. The foundational purpose of • Fundraising - raising funds to cover day-to- the organisation was to help promote and continue day costs of the foundation and its projects to develop open source tools in the geospatial sphere. Since that time, much has happened and momentum • Public Geospatial Data - working towards around OSGeo continues to develop. Here are only a making more data publicly available and few highlights from that first year. building tools for finding it • Education/Curriculum development - work- Members Added ing towards a set of teaching tools for bringing open source into the academic mapping and The initial 25 charter members were expanded to a GIS environment full 45 voting members after a public nomination process. These are the members who are responsi- ble for voting in the Board. Regular members were Projects Joining also invited to join at no cost and without any formal process. The development of a membership manage- The primary goal of OSGeo is to help further develop ment application is currently underway, which will and promote particular software projects. An initial allow members to formally sign up. set of projects joined the incubation process at the be- ginning and since then a couple have graduated and a few more have joined. Even more are waiting for Committees Established approval to join the process. Projects can be loosely categorised into the following groupings. Several committees are overseeing day-to-day work and special projects: Web Mapping Software • A Board of Directors was created early on and • Mapbender (graduated) expanded to include 9 representatives from around the world. The Board has been very ac- • Community MapBuilder (graduated) tive in setting direction, policies and helping in general. • MapGuide Open Source • Website and Systems Administration commit- • MapServer tees - focused on website content and infras- tructure maintenance and development • OpenLayers Desktop Applications Here are a few other events that OSGeo has had speakers or exhibition presence at in 2006 or early • GRASS GIS 2007: • OSSIM • Autodesk University Geospatial Libraries • GIS-IDEAS • GDAL/OGR • Intergeo • GeoTools • LinuxTag Metadata Catalog Software • Map World Forum • GeoNetwork Opensource • OSCON • Where 2.0 Joined in 2007 • FDO Newsletter • Quantum GIS (QGIS) OSGeo is joining with the famous GRASS GIS Together these projects represent a massive Newsletter to produce a new version that is target- amount of development effort and cover a wide ted at a wider audience. A joint GRASS/OSGeo spectrum of core geospatial technologies. All Newsletter was produced in 2006. Further OSGeo projects are being actively developed and have vi- newsletters are planned for 2007. brant user communities behind them. Executive Director Hired Local Chapter Development In November I was hired by the board as the Execu- OSGeo’s goals and mission have garnered interest tive Director for OSGeo. The goal of the position is to from many particular countries, regions and lan- help facilitate day-to-day administrative operations, guage groups. Early on it was decided that there increase communication and serve as a formal con- should be a way for these groups to associate with tact for those who need to talk to the organisation. OSGeo, hence the creation of Local Chapters. Having this position has allowed us to get a handle To date there are 4 approved local chapters in: on various administrative functions and provided a China, India, Japan and Ottawa (Canada). consistent point of contact for the community, public, Many additional local chapters are hoping to sponsors and media. form and at various stages of development, includ- ing: Australian, Brazilian, New Mexico (USA) re- gions and French, German, Italian languages. Additional Developments • Several new sponsors - In addition to contin- Promotion / Events uing Sustaining Sponsor Autodesk, new As- sociate Sponsors include Lizardtech and 1Spa- OSGeo has been represented at several events in the tial. The GDAL/OGR project also has several past year. Some with several thousands of partic- project sponsors. ipants. The purpose of having OSGeo presence at events is to build awareness for the OSGeo projects. • A logo was selected for the organisation, based Speakers and those managing an OSGeo booth help on submissions and voting from the commu- describe case studies or show demonstrations of ap- nity. Some modifications of the original were plications. Brochures for each project have been recently completed to make the logo more us- made available and are distributed. able for various printing and media purposes. The primary international conference that OSGeo A brand guidebook is also being developed. members were involved in is FOSS4G. The confer- ence was a great success and very encouraging. This Planning for the FOSS4G 2007 event is already well underway. • A cafepress.com store was started • Internet infrastructure services were upgraded couple things to watch for: at the end of 2006, allowing for more control over mailing lists and code repositories as well • Formation of more local chapters as implementing a content management sys- tem for the website • More software projects joining OSGeo • OSGeo has been featured in various news web sites and mentioned at several conferences and • How to participate in international and local in magazine articles events • More great features added and bugs squished The Horizon for Year 2 • Increased promotional opportunities I will leave the outlook for 2007 to another post, but it’s looking to be even busier than 2006. Here are a • FOSS4G in Victoria, BC, Canada North Carolina's OSGEO affiliated Open Source GIS user group holds first meeting at the 2007 NC GIS Conference • Welcome - Julia Harrell, GIS Coordinator, NC Department of Environment and Natural Re- by Julie Harrell sources (NC DENR) Bi-annually, North Carolina GIS professionals hold a statewide GIS conference to showcase their many • Short
Recommended publications
  • Javascript Hijacking Brian Chess, Yekaterina Tsipenyuk O'neil, Jacob West
    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West March 12, 2007 Summary An increasing number of rich Web applications, often called AJAX applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read sensitive data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed the 12 most popular AJAX frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET AJAX (a.k.a. Atlas), XAJAX and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles sensitive data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction1 Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
    [Show full text]
  • Ajax for Dummies (2006).Pdf
    01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page i Ajax FOR DUMmIES‰ 01_785970 ffirs.qxp 1/20/06 10:51 AM Page ii 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iii Ajax FOR DUMmIES‰ by Steve Holzner, PhD 01_785970 ffirs.qxp 1/20/06 10:51 AM Page iv Ajax For Dummies® Published by Wiley Publishing, Inc. 111 River Street Hoboken, NJ 07030-5774 www.wiley.com Copyright © 2006 by Wiley Publishing, Inc., Indianapolis, Indiana Published by Wiley Publishing, Inc., Indianapolis, Indiana Published simultaneously in Canada No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit- ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at http://www.wiley.com/go/permissions. Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc.
    [Show full text]
  • Copyrighted Material
    15_043067 bindex.qxd 6/15/06 7:38 PM Page 330 INDEX accessing XML on server, 172–173 A downloading and installing, 170–171, 176 absolute positioning, 288–289 downloading XML data, 174–175 add function, 40–41 stripping out whitespace, 172, 173, 174 addition function for XML data extraction, 82–83 URL encoding, 171 addition operator (+) (JavaScript), 40, 44, 45 alert boxes Ajax (Asynchronous JavaScript + XML). See also Ajax display by JavaScript function, 30–31 XMLHttpRequest frameworks; object displaying, 28–29 advantages, 2, 3, 62 displaying text from text fields, 37 attributes, 29, 262–263 aligning text in CSS, 278–279 downloading JavaScript, 94–95 AND logical operator (JavaScript), 53 event attributes, 29 anonymous JavaScript functions, 68 example of data Submit and fetch, 4–5 Apache Tomcat Java-based server, 231 XMLHttpRequest importance of object, 62 Apple Safari, 63 server-side scripts and PHP used with, 76–77 arguments, passing to functions, 38–39 Ajax frameworks arithmetic operators (JavaScript), 45 ! caution: importance of files and placement, 152 assignment operators (JavaScript), 44, 45 resultXML ! caution: naming global variable “ ”, 171, 175 asynchronous versus synchronous requests, ! caution: on use of global variables, 155, 159 178, 180 advantages, 152–153 attributes (Ajax), 29, 262–263 Ajax tag library, 236–239 autocomplete capability AJAXLib Ajax framework, 170–175 example demonstration site, 8–9 browser-based versus server-side, 152 support for, in Ajax tag library, 236–237 downloadable and free, 182 installing and allowing
    [Show full text]
  • Javascript Hijacking
    JavaScript Hijacking Brian Chess, Yekaterina Tsipenyuk O'Neil, Jacob West {brian, katrina, jacob}@fortifysoftware.com March 12, 2007 Summary An increasing number of rich Web applications, often called Ajax applications, make use of JavaScript as a data transport mechanism. This paper describes a vulnerability we term JavaScript Hijacking, which allows an unauthorized party to read confidential data contained in JavaScript messages. The attack works by using a <script> tag to circumvent the Same Origin Policy enforced by Web browsers. Traditional Web applications are not vulnerable because they do not use JavaScript as a data transport mechanism. We analyzed 12 popular Ajax frameworks, including 4 server-integrated toolkits – Direct Web Remoting (DWR), Microsoft ASP.NET Ajax (a.k.a. Atlas), xajax and Google Web Toolkit (GWT) -- and 8 purely client-side libraries -- Prototype, Script.aculo.us, Dojo, Moo.fx, jQuery, Yahoo! UI, Rico, and MochiKit. We determined that among them only DWR 2.0 implements mechanisms for preventing JavaScript Hijacking. The rest of the frameworks do not explicitly provide any protection and do not mention any security concerns in their documentation. Many programmers are not using any of these frameworks, but based on our findings with the frameworks, we believe that many custom-built applications are also vulnerable. An application may be vulnerable if it: • Uses JavaScript as a data transfer format • Handles confidential data We advocate a two-pronged mitigation approach that allows applications to decline malicious requests and prevent attackers from directly executing JavaScript the applications generate. 1. Introduction Although the term “Web 2.0” does not have a rigorous definition, it is commonly used in at least two ways.
    [Show full text]
  • Ajax, State of The
    AjAjaax,x, ststaattee ooff tthhee aarrtt Tarek Ziadé, Nuxeo [email protected] WWhhoo aamm ii ● I am engineer at Nuxeo ● I work on CPS, the famous ECM Plateform ;) ● I©ve been lately in charge of Ajax stuff in CPS ● I read Ajax related feeds before I go to bed WWhhaatt iiss AAjjaaxx ?? A dutch football club (a good one) A cleanser (really works) AA WWeebb 22..00 tteechchnnoollooggyy Asynchronous Javascript And XML WWhhaatt©©ss WWeebb 22..00 ?? TTiimm OO©©RReeiillllyy©©ss ©©ccoommppaacctt©© ddeeffiinniittiioonn:: Web 2.0 is the network as platform, spanning all connected devices; Web 2.0 applications are those that make the most of the intrinsic advantages of that platform: delivering software as a continually-updated service that gets better the more people use it, consuming and remixing data from multiple sources, including individual users, while providing their own data and services in a form that allows remixing by others, creating network effects through an "architecture of participation," and going beyond the page metaphor of Web 1.0 to deliver rich user experiences. MMaarrkkuuss AAnnggeerrmmeeiieerr©©ss vviieeww ooff WWeebb 22..00:: (courtesy of Markus Angermeier) WWeebb 22..00 AAppppss ✔ del.icio.us ✔ flickr ✔ Voo2do ✔ Digg ✔ Google Mail (Gmail) ✔ Writely ✔ Basecamp ✔ ... AjAjaaxx bbiigg ppiictctuurere 11//22 (courtesy of J. J. Garett) AjAjaaxx bbiigg ppiictctuurere 22//22 (courtesy of J. J. Garett) TThhee LLiistst ooff tthhiinnggss AjAjaaxx rereaallllyy bbririnnggss ✔ Increases interactivity ✔ Save bandwidth ✔ Helps avoiding some interactive
    [Show full text]
  • Ingeniería Del Software II: AJAX Vs Silverlight
    Ingeniería del Software II: AJAX vs Silverlight Diego Martín-Serrano Fernández Francisco José Oteo Fernández Jesús Martínez-Campos Martínez Índice 1. Introducción a Ajax...............................................................................................................3 2. Profundizando en Ajax.........................................................................................................4 2.1. Frameworks para desarrollo Ajax.....................................................................................5 3. Conclusión sobre Ajax.........................................................................................................6 4. Introducción a Silverlight......................................................................................................7 5. Profundizando en Silverlight................................................................................................8 6. Conclusión sobre Silverlight..............................................................................................10 7. Comparativa Ajax vs Silverlight..........................................................................................11 8. Bibliografía..........................................................................................................................14 Índice de tablas Tabla 1. Posibles valores del atributo readyState del objeto XMLHTTPRequest....................4 Tabla 2. Frameworks para el lado del servidor, según el lenguaje de programación.............6 Tabla 3. Comparativa características
    [Show full text]
  • Il Framework XAJAX
    Il framework XAJAX Vincenzo Della Mea (PWLS 6.11, 6.12, 6.13) Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 1 Sommario • XAJAX – Principi e API • Un esempio semplice: – rivisitazione del cambio di colori dello sfondo della pagina corrente. • Un esempio complesso: – generazione “interattiva” del codice fiscale Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 2 XAJAX • http://xajaxproject.org/ • Framework in PHP per lo sviluppo di applicazioni AJAX: – generazione automatica delle funzioni Javascript che ruotano attorno a XmlHttpRequest; – codice PHP per l’accesso al DOM della pagina (tradotto ovviamente in Javascript); – non è richiesta nessuna conoscenza di Javascript. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 3 XAJAX: Oggetti principali • xajax_core: – xajax – xajaxRequest – xajaxResponse – xajaxControl – xajaxPlugin • xajax_js: – DOM, events, CSS, … • xajax_controls: validatori (X)HTML, … • xajax_plugins: GoogleMaps, HTML table Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 4 Tipico pattern di utilizzo • Solitamente si creano tre file PHP: – un file di configurazione, – un file per la componente lato server, – un file per la componente lato client. • Il file di configurazione viene incluso ed utilizzato dagli altri due. Complementi di Tecnologie Web – M. Franceschet, V.Della Mea e I.Scagnetto - 5 XAJAX: cosa fare • Configurazione: – si include la libreria di classi xajax per mezzo del file xajax.inc.php; – si dichiara ed istanzia un oggetto xajax; – si registrano i nomi delle funzioni fornite dal server e chiamate asincronamente dal client. • Server: – si include la configurazione; – si definiscono le funzioni registrate in modo che ritornino valori o modifichino il DOM; – si elaborano le richieste con apposito metodo processRequest.
    [Show full text]
  • XAJAX: Una Librería De AJAX Para PHP (Parte 1)
    XAJAX: una librería de AJAX para PHP (parte 1) AJAX es el acrónimo de Asynchronous Javascript And XML o Javascript y XML asíncronos dicho en nuestro idioma. Se trata de una combinación de tecnologías que se ha popularizado muchísimo desde hace unos años con la irrupción de la Web 2.0 y lo podemos encontrar en infinidad de páginas y servicios web como Gmail, Google Maps, Hotmail, Flickr y un largo etcétera. La clave de AJAX está en que es asíncrono, es decir, permite que la página del cliente realice peticiones al servidor sin recargar la página. Sólo se actualizan las partes de la página que nos interesan pero sin tener que recargar la página entera, lo que proporciona una sensación de navegación mucho más fluida. Para introducirnos en el mundo de AJAX vamos a utilizar una librería llamada XAJAX que nos permite aprovechar las capacidades de AJAX en nuestras páginas PHP. Podéis descargar esta librería en la página del proyecto http://xajaxproject.org/ A continuación, unos de códigos de ejemplo que se presentarán en diferentes capítulos para que sean más fáciles de leer. También se puede descargar la versión PDF con todos los ejemplos aquí. Y un Zip con los códigos fuente. Ejemplo 1. Introducción a la librería. Comencemos con un simple ‘Hola, mundo’ para ir calentando. En esta ocasión lo ponemos todo en el mismo archivo PHP llamado ‘holaAjax.php’. ‘holaAjax.php’ <?php require ('xajax/xajax.inc.php'); $xajax = new xajax(); function cambia_texto($mensaje){ $respuesta = new xajaxResponse(); $respuesta->addAssign("mensaje","innerHTML",$mensaje); return $respuesta; } $xajax->registerFunction("cambia_texto"); $xajax->processRequests(); ?> <html> <head> <?php $xajax->printJavascript("xajax/"); ?> </head> <body> <input type="button" onclick="xajax_cambia_texto('Hola Ajax);" value="Pulsa" /> <div id="mensaje"></div> </body> </html> Explicación: Lo primero que debemos hacer es importar la librería de xajax y crear una instancia de xajax: require ('xajax/xajax.inc.php'); xajax = new xajax(); A continuación definimos las funciones que se van a utilizar.
    [Show full text]
  • Overall Score for Your Score Is 56% | Grade B
    SeoSiteCheckup Report Overall score for http://www.powerpumpconcrete.com/ Your Score is 56% | Grade B 28 Important Fixes 0 Semi-Important Fixes 31 Passed Checks Title The title of your page have a length of 47 characters. Most search engines will truncate titles to 70 characters. Concrete Leveling & Repair - Powerpump Concrete Description The meta-description tag is missing from your page. You should include this tag in order to provide a brief description of your page which can be used by search engines or directories. HOW TO FIX In order to pass this test you must include a meta-description tag in your page header (<head> section): <head> <meta name="description" content="type_here_your_description"> </head> Note that in HTML the <meta> tag has no end tag but in XHTML this tag must be properly closed. Meta description can have any length but a good practice is to keep this up to 160 characters (search engines generally truncate snippets longer than this value). Keywords The meta-keywords tag is missing from your page. You should include meta-keywords to help indicate what your page is about to search engines. HOW TO FIX In order to pass this test you must include a meta-keywords tag in your page header (<head> section): <head> <meta name="keywords" content="keyword1, keyword2, keyword3"> </head> Separate keywords with commas and don't use any other punctuation beyond commas. Note that in HTML the <meta> tag has no end tag but in XHTML this tag must be properly closed. Most Common Keywords Test It appears that you can further optimize the density of your keywords above.
    [Show full text]
  • Copyrighted Material
    02_102633 ftoc.qxp 2/23/07 9:42 PM Page vii Preface................................................................................................................................xiii Acknowledgments ............................................................................................................xvii Part I: Fundamental Ajax 1 Chapter 1: Essential Ajax . 3 What Does “Ajax” Mean? ......................................................................................................6 What Can You Do with Ajax? ................................................................................................8 Create Ajax live searches..............................................................................................8 Create an Ajax-enabled calculator................................................................................9 Talk with Ajax chat applications ................................................................................10 Crunch numbers with spreadsheets ..........................................................................12 Browse Amazon ........................................................................................................12 Get the answer with Ajax autocomplete ....................................................................13 Log in with Ajax ........................................................................................................15 Download images ......................................................................................................17 Drag
    [Show full text]
  • Hacking Exposed-Web
    Hacking Exposed ™ Web 2.0 Reviews “In the hectic rush to build Web 2.0 applications, developers continue to forget about security or, at best, treat it as an afterthought. Don’t risk your customer data or the integrity of your product; learn from this book and put a plan in place to secure your Web 2.0 applications.” —Michael Howard Principal Security Program Manager, Microsoft Corp. “This book concisely identifies the types of attacks which are faced daily by Web 2.0 sites. The authors give solid, practical advice on how to identify and mitigate these threats. This book provides valuable insight not only to security engineers, but to application developers and quality assurance engineers in your organization.” —Max Kelly, CISSP, CIPP, CFCE Sr. Director, Security Facebook “This book could have been titled Defense Against the Dark Arts as in the Harry Potter novels. It is an insightful and indispensable compendium of the means by which vulnerabilities are exploited in networked computers. If you care about security, it belongs on your bookshelf.” —Vint Cerf Chief Internet Evangelist, Google “Security on the Web is about building applications correctly, and to do so developers need knowledge of what they need to protect against and how. If you are a web developer, I strongly recommend that you take the time to read and understand how to apply all of the valuable topics covered in this book.” —Arturo Bejar Chief Security Officer at Yahoo! “This book gets you started on the long path toward the mastery of a remarkably complex subject and helps you organize practical and in-depth information you learn along the way.” —From the Foreword by Michal Zalewski, White Hat Hacker and Computer Security Expert This page intentionally left blank HACKING EXPOSED™ WEB 2.0: WEB 2.0 SECURITY SECRETS AND SOLUTIONS RICH CANNINGS HIMANSHU DWIVEDI ZANE LACKEY New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Copyright © 2008 by The McGraw-Hill Companies.
    [Show full text]
  • Autocompletar Con Php Y Xajax
    AUTOCOMPLETAR CON PHP Y XAJAX Crearemos un autocompletar o buscador en línea de personas desde cero con php y mysql, usaremos la librería xajax para llenar y mostrar los datos de forma dinámica desde la base de datos, javascript para controlar algunos eventos, sobre todo para permitir el desplazamiento por la lista de coincidencias del autocompletar. Primero creamos nuestra tabla Persona: CREATE TABLE `persona` ( `IdPersona` int(11) NOT NULL auto_increment, `Nombres` varchar(50) collate utf8_spanish_ci NOT NULL, `Apellidos` varchar(50) collate utf8_spanish_ci NOT NULL, `NroDoc` varchar(10) collate utf8_spanish_ci NOT NULL, PRIMARY KEY (`IdPersona`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_spanish_ci AUTO_INCREMENT=17 ; Luego insertamos algunos datos: INSERT INTO `persona` (`IdPersona`, `Nombres`, `Apellidos`, `NroDoc`) VALUES (1, 'KARLA', 'KASOS', '2047957052'), (2, 'ANGELINA', 'JOLIE', '2053134335'), (3, 'CESAR', 'PISFIL PECHE', '43825485'), (4, 'GEYNEN', 'MONTENEGRO COCHAS', '12345678'), (5, 'VARIOS', 'CLIENTE', '-'), (6, 'JUAQUIN', 'ALVARADO', '33'), (7, 'VILMA', 'PALMA', '77'), (8, 'VLADIMIR', 'ZEÑA', '66'), (9, 'PEDRO', 'PERES PEÑA', '1111111111'), (10, 'PEÑA', 'PEÑA', '1111111111'), (11, 'JUAN', 'PERES', '33'), (12, 'JUANA', 'PERES', '33'), (13, 'ANDREA', 'TORRES', '33'), (14, 'MEGAN', 'FOX', '1111111111'), Geynen Rossler Montenegro Cochas Página 1 (15, 'KAREN', 'DEJO', '1111111111'), (16, 'JUITIJUITI', 'LA', '1111111111'); Estableceremos la conexión a la base de datos usando la extensión del php conocida como PDO (Objeto de datos del php), creamos un archivo con el nombre cado.php. <?php $manejador="mysql"; $servidor="localhost"; $usuario="root"; $pass=""; $base="bdautocompletar"; $cadena="$manejador:host=$servidor;dbname=$base"; $cnx = new PDO($cadena,$usuario,$pass,array(PDO::ATTR_PERSISTENT => true)); ?> Ahora crearemos nuestro archivo autocompletar.php, en el manejaremos el xajax (asumo que manejas el xajax), las funciones que me permitirán llamar al xajax, a las funciones del autocompletar y la vista.
    [Show full text]