Dynamické Generovaní Obsahu S Java Server Pages

Total Page:16

File Type:pdf, Size:1020Kb

Dynamické Generovaní Obsahu S Java Server Pages MASARYKOVA UNIVERZITA F}w¡¢£¤¥¦§¨ AKULTA INFORMATIKY !"#$%&'()+,-./012345<yA| Dynamické generovaní obsahu s Java Server Pages BAKALÁRSKÁˇ PRÁCE Petr Lorenc Brno, podzim 2007 Prohlášení Prohlašuji, že tato bakaláˇrskápráce je mým p ˚uvodnímautorským dílem, které jsem vypra- coval samostatnˇe.Všechny zdroje, prameny a literaturu, které jsem pˇrivypracování použí- val nebo z nich ˇcerpal,v práci ˇrádnˇecituji s uvedením úplného odkazu na pˇríslušnýzdroj. Vedoucí práce: RNDr. Vlastislav Dohnal, Ph.D. ii Shrnutí Tato bakaláˇrskápráce provádí ˇctenáˇrevznikem webové aplikace. Ta je vystavˇenana plat- formˇeJava, konkrétnˇena technologiích JavaServlets a Java Server Pages. Umožˇnujedyna- mické generování obsahu uloženého v databázi MySQL. Architektura aplikace ctí návrhový vzor Model-Pohled-Rídícíˇ ˇcást.Model aplikace reprezentují JavaBean komponenty, pohled tvoˇríJSP stránky a ˇrídícíˇcástzastupují servlety. V prvních ˇctyˇrechkapitolách je probrána teorie užitá ve webové aplikaci spolu s vysvˇet- lením pojm ˚usouvisejících s danou problematikou. Pátá kapitola, spolu se zdrojovým kó- dem webové aplikace, tvoˇrínávod, demonstrující použití výše popsaných teoretických po- znatk ˚u,kvytvoˇreníwebové aplikace. Tato ukázková webová aplikace má ˇctyˇriverze. První je obdoba aplikace „Ahoj Svˇete!“, následující didakticky pˇridávajídalší funkˇcníprvky s tím, že poslední verze je již principiálnˇeplnohodnotnou webovou aplikací nabízející dynamické generování obsahu díky propojení s databází MySQL. Využívá se zde nástroj ˚utechnologie JSP nabízejících zefektivnˇenípráce pˇrivývoji webových stránek, jako napˇr.JSTL, Expression Language, JSP direktivy a akce. Vyústˇenímtohoto návodu je pak webová aplikace LogoArena.cz. Tato je, co do množ- ství zdrojového kódu, rozsáhlejší, nicménˇes pˇredešlouukázkovou aplikací naprosto rovno- cenná, bere-li se jako mˇeˇrítkonávrh architektury a použité technologie. Aplikace LogoArena.cz má již ambice reálného nasazení na web. Jedná se o internetový obchod s mobilním obsahem, jakým jsou napˇríkladobrázky ˇcianimace. Spuštˇenítˇechto stránek se plánuje na druhou polovinu roku 2008. iii Klíˇcováslova Webová aplikace, Java, JSP, JavaServlets, MySQL, Dynamické generování obsahu webových stránek iv Obsah 1 Úvod ............................................. 1 2 JavaServlets ......................................... 2 2.1 Životní cyklus servletu ................................ 2 2.2 Sdílení informací ................................... 2 2.2.1 Rozsah platnosti application . 3 2.2.2 Rozsah platnosti session . 4 2.2.3 Rozsah platnosti request . 4 2.3 Volání dalších webových prostˇredk˚u ........................ 4 2.3.1 Vkládání webových prostˇredk˚u . 4 2.3.2 Pˇredáníˇrízenídalšímu webovému prostˇredku . 5 2.4 Filtrování požadavk ˚ua odpovˇedí .......................... 5 3 Java Server Pages ...................................... 6 3.1 Struktura JSP stránky ................................. 6 3.2 Skriptovací elementy ................................. 7 3.2.1 Deklarace . 7 3.2.2 Výrazy . 7 3.2.3 Scriptlety . 7 3.3 Direktivy JSP ...................................... 7 3.3.1 Direktiva page ................................ 8 3.3.2 Direktiva include .............................. 8 3.3.3 Direktiva taglib .............................. 9 3.3.3.1 Uživatelské znaˇcky . 9 3.4 Akce .......................................... 11 3.4.1 JavaBeans . 11 3.5 Unified Expression Language ............................ 13 3.5.1 Bezprostˇrednívyhodnocování výraz ˚u. 14 3.5.2 Odložené vyhodnocování výraz ˚u . 14 3.6 JSP Standard Tag Library .............................. 14 3.6.1 knihovna znaˇcek Core ............................ 15 3.6.2 knihovna znaˇcek XML ............................ 16 3.6.3 knihovna znaˇcek Internationalization ................... 16 3.6.4 knihovna znaˇcek SQL ............................ 16 3.6.5 knihovna znaˇcek Functions ......................... 16 4 Webové aplikace ...................................... 17 4.1 Vlastnosti webové aplikace ............................. 17 4.2 Architektura aplikace ................................. 18 4.2.1 Model 1 . 18 4.2.2 Model 2 . 18 4.3 Internacionalizace ................................... 20 4.4 Webové rámce ..................................... 20 v 4.4.1 Rámce orientované na zpracování HTTP požadavku . 21 4.4.2 Rámce orientované na vizuální komponenty . 21 5 Ukázková webová aplikace ................................ 22 5.1 Návrh Model-View-Controller aplikace ...................... 22 5.1.1 Model . 22 5.1.2 Pohled (View) . 23 5.1.3 Rídícíˇ ˇcást(Controller) . 25 5.2 JSTL a filtrování požadavk ˚u ............................. 25 5.2.1 Internacionalizace v JSP . 25 5.2.2 Internacionalizace v servletech . 27 5.2.3 Dynamické generování obsahu pomocí JSTL . 27 5.2.4 Filtrování požadavk ˚u . 28 5.3 Práce s databází .................................... 29 5.3.1 Vytvoˇrenídatabáze . 30 5.3.2 Rozšíˇrenímodelu aplikace . 30 5.3.3 Rízeníˇ databázových požadavk ˚u. 31 5.4 Uživatelské znaˇcky .................................. 32 5.4.1 Rozšíˇrenímodelu aplikace . 34 6 Webová aplikace LogoArena.cz .............................. 35 6.1 Úˇcela charakteristika projektu ........................... 35 6.2 Fáze realizace projektu ................................ 35 6.3 Architektura aplikace ................................. 36 6.3.1 Model . 36 6.3.2 Pohled (View) . 37 6.3.3 Rídícíˇ ˇcást(Controller) . 37 6.4 Propojení se SMS platebním systémem ....................... 37 7 Závˇer ............................................. 39 Literatura . 41 Rejstˇrík . 42 A PˇriloženéCD - obsah a zprovoznˇeníaplikací ..................... 43 vi Kapitola 1 Úvod Cílem práce je seznámit ˇctenáˇres technologií JSP, demonstrovat nˇekterépostupy pˇritvorbˇe webové aplikace a ukázat jejich použití. Není možné v rozsahu bakaláˇrsképráce komplexnˇe popsat JSP technologii, tudíž je tato práce pojata tak, aby pˇredstavilavybrané nástroje do té míry, do jaké je tˇrebajim rozumˇet,aby byl s nimi ˇctenáˇrschopen vybudovat analogickou webovou aplikaci, jež tvoˇrípraktickou ˇcásttéto bakaláˇrsképráce. M ˚užemese setkat s ˇradousoftwarových nástroj ˚u(napˇr.JSF, Struts, Stripes a další. ), které vývoj aplikcí v Javˇeusnadˇnují.Nicménˇevývoj nových technologií jde vysokým tempem kupˇredua objevují se nové nástroje pˇrekonávajícíty minulé. Proto není cílem této práce urˇcittu pravou a „nejlepší“ cestu jak tvoˇritwebové aplikace v Javˇe,nýbrž popsat základní principy návrhu aplikace, jejichž znalost lze s úspˇechemvyužít i pro pochopení a používání nadstavbových technologií. Praktickou ˇcásttéto bakaláˇrsképráce tvoˇríwebová aplikace, která bude v praxi použí- vána jako internetový obchod se software pro mobilní telefony. Aplikace respektuje návr- hový vzor Model-Pohled-Rídícíˇ ˇcást(ˇcastose lze setkat s anglickým ekvivalentem Model- View-Controller). Skládá se z nˇekolikaˇrídícíchservlet ˚u,JSP stránek zajišt’ujících prezentaci dat a sloužících jako rozhraní mezi aplikací a uživatelem. Pro práci s daty je využita data- báze MySQL. Webová aplikace bude umístˇenana server dostupný pod URL http://logoarena.cz. Ob- sah, který má být pˇredmˇetemobchodování, podléhá autorským práv ˚umr ˚uznýchprávních subjekt ˚u.Internetový obchod m ˚užetedy být v plné míˇrespuštˇenaž po vyˇrešenítˇechtopráv- ních záležitostí. Samotné doruˇcenísoftwaru na mobilní telefon zajistí firma zabývající se touto problematikou, tedy takzvanými mikroplatbami, kdy platba je zahrnuta v cenˇetex- tové zprávy, jíž je požadovaný objekt objednáván. Poslední krok pro zkompletování celé aplikace je provázání již funkˇcníhoinformaˇcníhosystému a této mikroplatební služby. Tato fáze nespadá do rozsahu zadání bakaláˇrsképráce. Nˇekteréz mikroplatebních spoleˇcností však (za urˇcitýpˇríplatek)nabízí vlastní zajištˇenítohoto propojení. Více informací o této pro- blematice nabízí kapitola 6.4. 1 Kapitola 2 JavaServlets JavaServlets jsou platformovˇenezávislé moduly pro obsluhu protokolu HTTP na stranˇeser- veru. Z technického hlediska je servletem každá java tˇrída,která implementuje rozhraní javax.servlet.Servlet. Servlety tvoˇrízákladní stavební jednotky, na kterých jsou vy- stavˇenydalší vrstvy webových java aplikací. Jedná se o nízkoúrovˇnovýnástroj, s jehož pomocí lze obsloužit jakýkoliv HTTP požadavek a vygenerovat libovolnou odpovˇed’. Pro pˇrímégenerování HTML stránek ,tedy zajištˇeníprezentaˇcnívrstvy aplikace, se však jedná o nástroj dosti tˇežkopádný.Proto jsou k dispozici nadstavby, pˇredevšímJSP. Servlety však své uplatnˇenínachází ve webových aplikacích v roli ˇrídícíhoˇclenu. 2.1 Životní cyklus servletu Životní cyklus servletu se dá popsat následujícími tezemi. 1. Web kontejner nahraje tˇrídusevletu. Web kontejnerem je mínˇenwebový server, který podporuje vykonávání servlet ˚u(napˇr.Tomcat, JBoss, GlassFish aj.). 2. Kontejner volá metodu init() . Tato metoda inicializuje servlet a je volána dˇríve, než m ˚užebýt obsloužen jakýkoliv pˇríchozípožadavek. V životním cyklu servletu je metoda init() volána pouze jednou. 3. Po inicializaci m ˚užeservlet obsluhovat klientské požadavky. Každý požadavek je obsluhován v oddˇelenémvláknˇe.Pro každý požadavek volá kontejner metodu service() . 4. Pokud kontejner potˇrebujeodstranit servlet, zavolá metodu destroy() . Tato me- toda je stejnˇejako init() volána bˇehemživotního cyklu servletu pouze jednou. 2.2 Sdílení informací Webové komponenty, jakož i vˇetšinaobjekt ˚u,obvykle pˇriplnˇenísvých funkcí navzájem spo- lupracují. Pod výrazem „webová komponenta“ ˇci„webovýprostˇredek“je, v tomto pˇrípadˇe, myšlen bud’ servlet,
Recommended publications
  • Red Hat AMQ 6.1 Jboss A-MQ for Xpaas Release Notes
    Red Hat JBoss A-MQ 6.1 JBoss A-MQ for xPaaS Release Notes What's new in Red Hat JBoss A-MQ for xPaaS Last Updated: 2017-10-13 Red Hat JBoss A-MQ 6.1 JBoss A-MQ for xPaaS Release Notes What's new in Red Hat JBoss A-MQ for xPaaS JBoss A-MQ Docs Team Content Services [email protected] Legal Notice Copyright © 2014 Red Hat. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • Framework-Specific Modeling Languages
    Framework-Specific Modeling Languages by MichalAntkiewicz A thesis presented to the University of Waterloo in fulfillment of the thesis requirement for the degree of Doctor of Philosophy in Electrical and Computer Engineering Waterloo, Ontario, Canada, 2008 c Micha lAntkiewicz 2008 ISBN: 978-0-494-43232-7 I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. Micha lAntkiewicz ii Abstract Framework-specific modeling languages (FSMLs) help developers build applications based on object-oriented frameworks. FSMLs formalize abstractions and rules of the framework's application programming interfaces (APIs) and can express models of how applications use an API. Such models, referred to as framework-specific models, aid developers in understanding, creating, and evolving application code. We present the concept of FSMLs, propose a way of specifying their abstract syntax and semantics, and show how such language specifications can be interpreted to provide reverse, forward, and round-trip engineering of framework-specific mod- els and framework-based application code. We present a method for engineering FSMLs that was extracted post-mortem from the experience of building four such languages. The method is driven by the use cases that the FSMLs under development are to support. We present the use cases, the overall process, and its instantiation for each language. The presenta- tion focuses on providing concrete examples for engineering steps, outcomes, and challenges. It also provides strategies for making engineering decisions.
    [Show full text]
  • 2Nd USENIX Conference on Web Application Development (Webapps ’11)
    conference proceedings Proceedings of the 2nd USENIX Conference Application on Web Development 2nd USENIX Conference on Web Application Development (WebApps ’11) Portland, OR, USA Portland, OR, USA June 15–16, 2011 Sponsored by June 15–16, 2011 © 2011 by The USENIX Association All Rights Reserved This volume is published as a collective work. Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. Permission is granted to print, primarily for one person’s exclusive use, a single copy of these Proceedings. USENIX acknowledges all trademarks herein. ISBN 978-931971-86-7 USENIX Association Proceedings of the 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Conference Organizers Program Chair Armando Fox, University of California, Berkeley Program Committee Adam Barth, Google Inc. Abdur Chowdhury, Twitter Jon Howell, Microsoft Research Collin Jackson, Carnegie Mellon University Bobby Johnson, Facebook Emre Kıcıman, Microsoft Research Michael E. Maximilien, IBM Research Owen O’Malley, Yahoo! Research John Ousterhout, Stanford University Swami Sivasubramanian, Amazon Web Services Geoffrey M. Voelker, University of California, San Diego Nickolai Zeldovich, Massachusetts Institute of Technology The USENIX Association Staff WebApps ’11: 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Message from the Program Chair . v Wednesday, June 15 10:30–Noon GuardRails: A Data-Centric Web Application Security Framework . 1 Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans, University of Virginia PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks .
    [Show full text]
  • Java- EE Web Application Development with Apache Struts 1
    +91-9791 044 044 Java- EE Web Application Development with Apache Struts 1 Duration:60 HOURS | Price: INR 7000 SAVE NOW! INR 6000 until December 1, 2011 Students Will Learn • Java EE Web Application Architecture • Servlets and JSPs • NDI, RMI, & JDBC • JMS (Java Messaging Service) • Developing Struts Applications • Developing a Struts Controller • Developing a Struts View Course Description: This hands-on course provides participants with the knowledge and experience necessary to develop and deploy large, robust and complex Java web applications utilizing the Apache Struts 1 framework. The Apache Software Foundation has provided numerous open-source tools, which set the standard for web application development. These include the Apache web server and the Tomcat Servlet Container. Apache Struts 1 provides a flexible controller layer for JSP-based applications, with significant facilites for validation, internationalization and page layout. Struts is an implementation of the Model-View-Controller (MVC) pattern, a recommended architectural design pattern for interactive applications. The Struts controller is based on standardized technologies including Servlets, JSP Pages, Tag libraries, JavaBeans and XML. Students will learn how to use the Struts framework to write, assemble, configure and deploy complex web applications. This course covers architectural design issues as well as specific coding models for Java EE components, and is up to date with the latest Java EE 5, JSP 2.1 and Servlet 2.5 specifications. Security, transaction management, inter-component communication and deployment issues are discussed in detail, with hands-on labs to solidify understanding. Since coding and deployment files are standardized by the Jave EE specifications, students may readily apply the skills learned in this class to write code for any compliant server, including Apache Tomcat, JBoss, WebSphere, Oracle, WebLogic and many others.
    [Show full text]
  • Open Source Licenses Applicable to Hitachi's Products Earlier Versions
    Open Source Licenses Applicable to Hitachi’s Products EARLIER VERSIONS Several products are listed below together with certain open source licenses applicable to the particular product. The open source software licenses are included at the end of this document. If the open source package has been modified, an asterisk (*) appears next to the name of the package. Note that the source code for packages licensed under the GNU General Public License or similar type of license that requires the licensor to make the source code publicly available (“GPL Software”) may be available for download as indicated below. If the source code for GPL Software is not included in the software or available for download, please send requests for source code for GPL Software to the contact person listed for the applicable product. The materials below are provided “AS IS,” without warranty of any kind, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement. Access to this material grants you no right or license, express or implied, statutorily or otherwise, under any patent, trade secret, copyright, or any other intellectual property right of Hitachi Vantara Corporation (“Hitachi”). Hitachi reserves the right to change any material in this document, and any information and products on which this material is based, at any time, without notice. Hitachi shall have no responsibility or liability to any person or entity with respect to any damages, losses, or costs arising from the materials
    [Show full text]
  • Proceedings of the IEEE Visweek Workshop on Visual Analytics in Healthcare: Understanding the Physicians Perspective
    Proceedings of the IEEE VisWeek Workshop on Visual Analytics in Healthcare: Understanding the Physicians Perspective October 23rd, 2011 Providence, RI www.visualanalyticshealthcare.org Sponsors: ! Preface Visualization and visual analytics show great potential as methods to analyze, filter, and illustrate many of the diverse data used in clinical practice. Today, (a) physicians and clinical practitioners are faced with the challenging task of analyzing large amount of unstructured, multi-modal, and longitudinal data to effectively diagnose and monitor the progression of a particular disease; (b) patients are confronted with the difficult task of understanding the correlations between many clinical values relevant to their health; and (c) healthcare organizations are faced with the problem of improving the overall operational efficiency and performance of the institution while maintaining the quality of patient care and safety. Visualization and visual analytics can potentially provide great benefits to each of these three core areas of healthcare. However, to be successful, the resulting visualization must be able to meet the physician’s requirements and be useful for both patients and physicians. Despite the continuous use of scientific visualization and visual analytics in medical applications, the lack of communication between engineers and physicians has meant that only basic visualization and analytics techniques are currently employed in clinical practice. The goal of this workshop is to gather together leading physicians and clinical practitioners to share with the visualization community their need for specific visualization tools and discuss the areas in healthcare where additional visualization techniques are needed. Jesus J Caban, NICoE / Naval Medical Center CC / National Institutes of Health David Gotz IBM Research 3 ! 4 Invited Speakers Dr.
    [Show full text]
  • Automatic Method for Testing Struts-Based Application
    AUTOMATIC METHOD FOR TESTING STRUTS-BASED APPLICATION A Paper Submitted to the Graduate Faculty of the North Dakota State University of Agriculture and Applied Science By Shweta Tiwari In Partial Fulfillment for the Degree of MASTER OF SCIENCE Major Department: Computer Science March 2013 Fargo, North Dakota North Dakota State University Graduate School Title Automatic Method For Testing Strut Based Application By Shweta Tiwari The Supervisory Committee certifies that this disquisition complies with North Dakota State University’s regulations and meets the accepted standards for the degree of MASTER OF SCIENCE SUPERVISORY COMMITTEE: Kendall Nygard Chair Kenneth Magel Fred Riggins Approved: 4/4/2013 Brian Slator Date Department Chair ABSTRACT Model based testing is a very popular and widely used in industry and academia. There are many tools developed to support model based development and testing, however, the benefits of model based testing requires tools that can automate the testing process. The paper propose an automatic method for model-based testing to test the web application created using Strut based frameworks and an effort to further reduce the level of human intervention require to create a state based model and test the application taking into account that all the test coverage criteria are met. A methodology is implemented to test applications developed with strut based framework by creating a real-time online shopping web application and using the test coverage criteria along with automated testing tool. This implementation will demonstrate feasibility of the proposed method. iii ACKNOWLEDGEMENTS I would like to sincerely thank Dr. Kendall Nygard, Dr. Tariq M. King for the support and direction.
    [Show full text]
  • Google App Engine Paas Cloud Computing
    GOOGLE APP ENGINE PAAS CLOUD COMPUTING Google App Engine lets developers build scalable web and mobile backends in Services Ecosystem: Tap a growing ecosystem of GCP services from your app . Google cloud computing platform fees Google has set up Google App Engine to encourage its wide adoption. App Engine also features a dedicated Python runtime environment, which includes a fast Python interpreter and the Python standard library. A Web-based administration console: The console helps developers manage their applications. Core to this is the servlet 2. Ruby and C [6] are only available in the flexible environment. Each of these applications can use up to MB of storage, up to 5 million page views each month without an additional fee. No method for bulk downloading data from GAE using Java currently exists. App Engine packages those building blocks and provides access to scalable infrastructure that we hope will make it easier for developers to scale their applications automatically as they grow. Docker containerized applications can run on many types of infrastructure, such as Amazon Web Services , Microsoft Azure , and others. Restrictions[ edit ] Developers have read-only access to the filesystem on App Engine. Programming interfaces to support authenticating users and sending email by using Google Accounts Scheduled tasks for triggering events at specified times and regular intervals This is essentially the same platform that Google uses to build its own software. Apache Struts 1 is supported, and Struts 2 runs with workarounds. As with most cloud-hosting services, with App Engine, you only pay for what you use. Web2py web framework offers migration between SQL Databases and Google App Engine, however it doesn't support several App Engine-specific features such as transactions and namespaces.
    [Show full text]
  • An Analysis of CSRF Defenses in Web Frameworks
    Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks Xhelal Likaj Soheil Khodayari Giancarlo Pellegrino Saarland University CISPA Helmholtz Center for CISPA Helmholtz Center for Saarbruecken, Germany Information Security Information Security [email protected] Saarbruecken, Germany Saarbruecken, Germany [email protected] [email protected] Abstract Keywords Cross-Site Request Forgery (CSRF) is among the oldest web vul- CSRF, Defenses, Web Frameworks nerabilities that, despite its popularity and severity, it is still an ACM Reference Format: understudied security problem. In this paper, we undertake one Xhelal Likaj, Soheil Khodayari, and Giancarlo Pellegrino. 2021. Where We of the first security evaluations of CSRF defense as implemented Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks. In by popular web frameworks, with the overarching goal to identify Proceedings of ACM Conference (Conference’17). ACM, New York, NY, USA, additional explanations to the occurrences of such an old vulner- 16 pages. https://doi.org/10.1145/nnnnnnn.nnnnnnn ability. Starting from a review of existing literature, we identify 16 CSRF defenses and 18 potential threats agains them. Then, we 1 Introduction evaluate the source code of the 44 most popular web frameworks Cross-Site Request Forgery (CSRF) is among the oldest web vul- across five languages (i.e., JavaScript, Python, Java, PHP, andC#) nerabilities, consistently ranked as one of the top ten threats to covering about 5.5 million LoCs, intending to determine the imple- web applications [88]. Successful CSRF exploitations could cause re- mented defenses and their exposure to the identified threats. We mote code execution [111], user accounts take-over [85, 87, 90, 122], also quantify the quality of web frameworks’ documentation, look- or compromise of database integrity—to name only a few in- ing for incomplete, misleading, or insufficient information required stances.
    [Show full text]
  • JSOC INSIGHT Vol.8 English Edition(PDF 1.0MB)
    vol.8 October 14, 2015 JSOC Analysis Team JSOC INSIGHT Vol.8 Introduction ................................................................................................................................................. 2 Section 1 Summary of Trends from January to March 2015 ................................................................... 3 1 Summary of trends from January to March 2015 ........................................................................ 3 2 Trends of Severe Incident in JSOC ............................................................................................... 4 2.1 Trends in severe incidents ............................................................................................................................ 4 2.2 Analysis of severe incidents ......................................................................................................................... 5 2.3 Attacking traffic from the Internet that has been detected many times ........................................................... 6 3 Topics of This Volume .................................................................................................................... 8 3.1 Code execution vulnerability in the JBoss Application Server........................................................................ 8 3.1.1 Detected attacks against the JBoss Application Server .......................................................................... 8 3.1.2 Testing the attacking code that exploits the JBoss Application Server vulnerability
    [Show full text]
  • Open Source Software Packages
    Hitachi Content Platform Core Software 5.1 Open Source Software Packages Contact information: Project Manager Hitachi Content Platform Hitachi Vantara Corporation 2535 Augustine Drive Santa Clara, California 95054 Name of Web site License Package Airspeed http://dev.sanityinc.com/airspeed BSD, Two Clause Apache Commons http://commons.apache.org/beanutils Apache License Version 2.0 beanutils Apache http://commons.apache.org/collections Apache License Version 2.0 Commons collections Apache commons http://commons.apache.org/jxpath Apache License Version 2.0 jxpath Apache http://commons.apache.org/cli Apache License Version 2.0 Commons CLI Apache http://commons.apache.org/codec/ Apache License Version 2.0 Commons Codec Apache http://commons.apache.org/compress/ Apache License Version 2.0 Commons Compress Apache http://commons.apache.org/lang/ Apache License Version 2.0 Commons Lang Apache http://hc.apache.org/httpclient-3.x/ Apache License Version 2.0 Commons HttpClient Apache Directory http://directory.apache.org/ Apache License Version 2.0 Server Apache Struts 1 http://struts.apache.org/2.x/index.html Apache License Version 2.0 Apache Struts 2 http://struts.apache.org/2.x/index.html Apache License Version 2.0 Apache Velocity http://velocity.apache.org/ Apache License Version 2.0 BeautifulSoup http://www.crummy.corn/software/BeautifulSoup/ PSF Bouncy Castle http://www.bouncycastle.org Bouncycastle License Crypto APIs Cheetah http://www.cheetahtemplate.org/ MIT Cjkcodecs http://cjkpython.i18n.org/ BSD, Two Clause Code Generation http://cglib.sourceforge.net
    [Show full text]
  • Comparative Study on Python Web Frameworks: Flask and Django
    Devndra Ghimire Comparative study on Python web frameworks: Flask and Django Metropolia University of Applied Sciences Bachelor of Engineering Media Engineering Bachelor’s Thesis 5 May 2020 Abstract Devndra Ghimire Author(s) Comparative study on Python web frameworks: Flask and Title Django. Number of Pages 37 pages + 0 appendices Date 5 May 2010 Degree Bachelor of Engineering Degree Programme Media Engineering Specialisation option Software Engineering Instructor(s) Kari Salo, Senior Lecturer The purpose of the thesis was to the study the various features, advantages, and the limita- tion of two web development frameworks for Python programming language. It aims to com- pare the usage of Django and Flask frameworks from a novice point of view. The theoretical part of the thesis presents the various types of programming languages and web technolo- gies. In the practical part, however, the study is divided into two parts, each part observing the respective web application framework. In order to perform the comparison, a social network and eCommerce like application was built for Flask and Django respectively. The comparison was started by developing the social network application first with Flask and finished with the e-commerce application using Django. Python programing language, SQLite database for the backend and HTML, JavaS- cript, and Ajax were used for the frontend technology. At the end of the project, both appli- cations were deployed to the cloud platform called Heroku. After the comparison, it was found that the most significant advantages of Flask were that it provides simplicity, flexibility, fine-grained control and quick and easy to learn. On the other hand, Django was easy to work with because of its extensive features and support for librar- ies.
    [Show full text]