DOCSLIB.ORG

An Analysis of CSRF Defenses in Web Frameworks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks Xhelal Likaj Soheil Khodayari Giancarlo Pellegrino Saarland University CISPA Helmholtz Center for CISPA Helmholtz Center for Saarbruecken, Germany Information Security Information Security [email protected] Saarbruecken, Germany Saarbruecken, Germany [email protected] [email protected] Abstract Keywords Cross-Site Request Forgery (CSRF) is among the oldest web vul- CSRF, Defenses, Web Frameworks nerabilities that, despite its popularity and severity, it is still an ACM Reference Format: understudied security problem. In this paper, we undertake one Xhelal Likaj, Soheil Khodayari, and Giancarlo Pellegrino. 2021. Where We of the first security evaluations of CSRF defense as implemented Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks. In by popular web frameworks, with the overarching goal to identify Proceedings of ACM Conference (Conference’17). ACM, New York, NY, USA, additional explanations to the occurrences of such an old vulner- 16 pages. https://doi.org/10.1145/nnnnnnn.nnnnnnn ability. Starting from a review of existing literature, we identify 16 CSRF defenses and 18 potential threats agains them. Then, we 1 Introduction evaluate the source code of the 44 most popular web frameworks Cross-Site Request Forgery (CSRF) is among the oldest web vul- across five languages (i.e., JavaScript, Python, Java, PHP, andC#) nerabilities, consistently ranked as one of the top ten threats to covering about 5.5 million LoCs, intending to determine the imple- web applications [88]. Successful CSRF exploitations could cause re- mented defenses and their exposure to the identified threats. We mote code execution [111], user accounts take-over [85, 87, 90, 122], also quantify the quality of web frameworks’ documentation, look- or compromise of database integrity—to name only a few in- ing for incomplete, misleading, or insufficient information required stances. Developers can protect web applications from CSRF at- by developers to use the implemented CSRF defenses correctly. tacks by implementing one of the many client-side and server- Our study uncovers a rather complex landscape, suggesting that side defense mechanisms proposed by the research community while implementations of CSRF defenses exist, their correct and (e.g., [99, 104, 112, 114, 124, 126, 133, 134]). Alternatively, develop- secure use depends on developers’ awareness and expertise about ers can use off-the-shelf CSRF defenses as implemented byweb CSRF attacks. More than a third of the frameworks require devel- frameworks, such as the ones provided by popular frameworks opers to write code to use the defense, modify the configuration like Django for Python, Spring for Java, and ASP.NET for C#. Web to enable CSRF defenses, or look for an external library as CSRF frameworks are key components for developing web applications, defenses are not built-in. Even when using defenses, developers providing convenient and powerful abstractions to separate low- need to be aware and address a diversity of additional security risks. level functionalities, e.g., databases and web page generation, from In total, we identified 157 security risks in 37 frameworks, of which the application’s logic. However, such a convenience comes at a 17 are directly exploitable to mount a CSRF attack, leveraging imple- great cost: a vulnerability in the framework will negatively affect mentation mistakes, cryptography-related flaws, cookie integrity, the security of many web applications. and leakage of CSRF tokens—including three critical vulnerabili- CSRF vulnerabilities are a major concern for web applica- ties in CakePHP, Vert.x-Web, and Play. The developers’ feedback tions, with a steep increasing number of reported instances ev- indicate that, for a significant fraction of risks, frameworks have ery year [58]. Yet, this class of vulnerabilities have received divergent expectations about who is responsible for addressing a marginal attention by the research community, where most them. Finally, the documentation analysis reveals several inadequa- of the previous effort focused largely on defense mechanisms cies, including not mentioning the implemented defense, and not (e.g., [99, 104, 112, 114, 124, 126, 133, 134]) and vulnerability de- showing code examples for correct use. tection (e.g., [101, 122, 129]. To date, we know none-to-little about CCS Concepts the security of the CSRF defense implementations and their suscep- tibility against improper use. ! • Security and privacy Web application security; In this paper, we undertake, to the best of our knowledge, the first security evaluation of CSRF defense as implemented by popular Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed web frameworks, comprehensively and systematically covering the for profit or commercial advantage and that copies bear this notice and the full citation source code, defenses’ design, documentation, and the operational on the first page. Copyrights for components of this work owned by others than ACM aspects, with the overarching goal to identify additional explana- must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a tions to the steady increase of such an old vulnerability. Starting fee. Request permissions from [email protected]. with a thorough review of academic and non-academic literature, Conference’17, July 2017, Washington, DC, USA we enumerate existing CSRF defenses and threats against them, © 2021 Association for Computing Machinery. ACM ISBN 978-x-xxxx-xxxx-x/YY/MM...$15.00 identifying 16 distinct defenses and 18 potential threats. Then, we https://doi.org/10.1145/nnnnnnn.nnnnnnn evaluate the source code of the 44 most popular web frameworks across the top five programming languages for web applications defenses—the most widely implemented defense—such as token (i.e., JavaScript, Python, Java, PHP, and C#) covering about 5.5 mil- generation, transportation, and validation. In general, while token- lion LoCs, intending to determine the implemented defenses and based defenses use robust generation algorithms (i.e., cryptographi- their exposure to the identified threats. Finally, we also quantify the cally secure pseudorandom number generators, cryptographic algo- quality of web frameworks’ documentation, looking for incomplete, rithms, and implementations), the randomness of tokens is sub-par. misleading, or insufficient information required by developers to Furthermore, if tokens leak, virtually all implemented defenses are implement and use the implemented CSRF defenses correctly. exposed to token replay attacks as they reuse tokens across multiple Insights—Our study uncovers a complex landscape, suggesting requests. Only one framework implements a per-request unique that while implementations of CSRF defenses exist, their correct and token, rendering replay hard in practice. Also, we identified and secure implementation depends on developers’ awareness about already reported three critical vulnerabilities in CakePHP, Vert.x- CSRF attacks, threats to CSRF defenses, and specific behaviors of Web, and Play, leading to a complete CSRF defense bypass. Finally, the implementations. both our security analyses and developers’ feedback reveal that, for a considerable fraction of security risks, frameworks’ developers Insight #1: Almost all frameworks offer a CSRF defense—either have divergent expectations from applications’ developers about built-in or via external libraries, with the majority enforcing a their responsibility for addressing the risks. token-based protection mechanism, one of the most robust CSRF defenses. For example, over 53% and 41% of the frameworks use Insight #4: Lastly, the documentation of most of the frameworks double submit cookies and synchronizer tokens to mitigate CSRF with a CSRF defense is inadequate. For example, the documentation attacks, respectively. Also, all frameworks (except Li3) use robust does not explain the implemented defense name or any kind of CPRNG for token generation. Even more promising, almost half description (16 out of 39 frameworks with a defense), does not show of the frameworks (i.e., 19) enforce a defense-in-depth mechanism the correct use via code examples (seven out of 39 frameworks), nor by applying two or more layers of defenses in sequence. For exam- adequately describe the API calls and the configuration space of the ple, we observe that ten frameworks enable SameSite cookies by CSRF defense (eight out of 39 frameworks). To make it even worse, default—a promising defense-in-depth mechanism which can miti- in the vast majority of the cases (27 out of 39 frameworks), the gate a number of CSRF attacks. Similarly, we observed that seven documentation does not discuss nor address the security implication frameworks give state to the double submit cookie that is stateless of the threats considered in this study, leaving entirely up to the in nature, making it immune to cookie tossing and jar overflow developers’ judgment the implementation of robust defenses. attacks. Finally, we noticed that frameworks offer defenses that can Contributions—To summarize, this paper makes the following protect web applications from attackers with stronger capabilities contributions: than web attackers. For example,
Recommended publications
  • PHP Tech Stack Other Experience Everyday Tools Languages

    PHP Tech Stack Other Experience Everyday Tools Languages

    Igor Tverdokhleb Work permit: RU+DE the Senior PHP developer who is practicing Location: Hamburg SOLID and designing & implementing scalable systems, that are mostly using ElasticSearch, + 49 (152) 244-15-088 Redis, MySQL & Running on AWS. [email protected] I have a strong point about the application performance. github.com/arku31 arku-cv.com SKILLS PHP Tech stack Daily using - Laravel / Lumen Docker (Expert) Mac -- Eloquent ORM/Migrations Linux (Advanced) PHPStorm -- Events/Listeners apache / nginx / php-fpm CI/CD (usually gitlab) -- Middlewares/Nova mysql / pgsql NewRelic / Datadog - Swoole redis / memcached Blackfire - Phalcon ElasticSearch - Symfony Queues (SQS, Laravel) Languages - Laminas (Zend) - Various libraries Other experience - xDebug Java (Spring) / GoLang (minor) Russian English German - PHPUnit JS + jQuery + Vue.js (minor) native B2+ B1 - PSR / PHPCS WordPress + ACF (advanced) EXPERIENCE EDUCATION Feb 2018 - NOW PHP Developer in AboutYou Gmbh. Hamburg, 2010 - 2014 Orenburg State University Germany. specialty: computers, systems and Phalcon / Laravel / Laminas projects networks development. Mostly working on a cache diploma: A tool to manage layer with usage of Elasticsearch and Redis. customer sales department was written on pure PHP+MySQL and Maj 2016 - Feb 2018 PHP/JS Developer in LOFTSCHOOL LTD, Loftschool group. Saint-Petersburg, Russia. php-gd + dompdf Development and maintaining education 2006 - 2010 Orenburg Information Technologies College platform using Laravel. Implemented e.g. backoffice, flexible discounts, analyzing specialty: Automated systems center and social/payment network diploma: The self-made Linux integrations. distributive booted via PXE network to use on nonHDD Nov 2015 - Maj 2016 PHP Developer in ITLOFT LTD, Loftschool group. workstations with control panel Saint-Petersburg, Russia. using bash scripts + PHP as Have developed over 50 websites, mostly background.
  • Marketing Cloud Published: August 12, 2021

    Marketing Cloud Published: August 12, 2021

    Marketing Cloud Published: August 12, 2021 The following are notices required by licensors related to distributed components (mobile applications, desktop applications, or other offline components) applicable to the services branded as ExactTarget or Salesforce Marketing Cloud, but excluding those services currently branded as “Radian6,” “Buddy Media,” “Social.com,” “Social Studio,”“iGoDigital,” “Predictive Intelligence,” “Predictive Email,” “Predictive Web,” “Web & Mobile Analytics,” “Web Personalization,” or successor branding, (the “ET Services”), which are provided by salesforce.com, inc. or its affiliate ExactTarget, Inc. (“salesforce.com”): @formatjs/intl-pluralrules Copyright (c) 2019 FormatJS Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
  • Security Issues and Framework of Electronic Medical Record: a Review

    Security Issues and Framework of Electronic Medical Record: a Review

    Bulletin of Electrical Engineering and Informatics Vol. 9, No. 2, April 2020, pp. 565~572 ISSN: 2302-9285, DOI: 10.11591/eei.v9i2.2064 565 Security issues and framework of electronic medical record: A review Jibril Adamu, Raseeda Hamzah, Marshima Mohd Rosli Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA, Malaysia Article Info ABSTRACT Article history: The electronic medical record has been more widely accepted due to its unarguable benefits when compared to a paper-based system. As electronic Received Oct 30, 2019 medical record becomes more popular, this raises many security threats Revised Dec 28, 2019 against the systems. Common security vulnerabilities, such as weak Accepted Feb 11, 2020 authentication, cross-site scripting, SQL injection, and cross-site request forgery had been identified in the electronic medical record systems. To achieve the goals of using EMR, attaining security and privacy Keywords: is extremely important. This study aims to propose a web framework with inbuilt security features that will prevent the common security vulnerabilities CodeIgniter security in the electronic medical record. The security features of the three most CSRF popular and powerful PHP frameworks Laravel, CodeIgniter, and Symfony EMR security issues were reviewed and compared. Based on the results, Laravel is equipped with Laravel security the security features that electronic medical record currently required. SQL injection This paper provides descriptions of the proposed conceptual framework that Symfony security can be adapted to implement secure EMR systems. Top vulnerabilities This is an open access article under the CC BY-SA license. XSS Corresponding Author: Jibril Adamu, Faculty of Computer and Mathematical Sciences, Universiti Teknologi MARA, 40450 Shah Alam, Selangor, Malaysia.
  • Eesti Harrastusteatrite Liidu Etendusstatistika Andmebaasi Ja Rakenduse Arendus

    Eesti Harrastusteatrite Liidu Etendusstatistika Andmebaasi Ja Rakenduse Arendus

    TALLINNA TEHNIKAÜLIKOOL Infotehnoloogia teaduskond Aivar Romandi 175278IDDR Eesti Harrastusteatrite Liidu etendusstatistika andmebaasi ja rakenduse arendus Diplomitöö Juhendaja: Kristjan Karmo MBA Tallinn 2021 Autorideklaratsioon Kinnitan, et olen koostanud antud lõputöö iseseisvalt ning seda ei ole kellegi teise poolt varem kaitsmisele esitatud. Kõik töö koostamisel kasutatud teiste autorite tööd, olulised seisukohad, kirjandusallikatest ja mujalt pärinevad andmed on töös viidatud. Autor: Aivar Romandi 16.05.2021 2 Annotatsioon Diplomitöö eesmärk on Eesti Harrastusteatrite Liidule etendusstatistika andmebaasi ja rakenduse arendamine. Sissejuhatuse peatükis on kirjeldatud diplomitöös lahendatav probleem ja selle taust. Ülesande püstituse peatükis on kirjeldatud diplomitöö tulemusel valmiva rakenduse vajadused. Lahenduse valiku peatükis on kirjeldatud erinevad võimalikud lahendused sissejuhatuses tõstatatud põhiprobleemile ning miks valiti just selline lahendus. PHP raamistiku valiku peatükis on lühidalt kirjeldatud erinevad PHP raamistikud ning mille alusel valis autor välja rakenduse arendamiseks sobiva raamistiku. Aruandlusvajaduse peatükis on põhjendatud aruannete vajalikkust ning kirjeldatud rakenduses genereeritavate aruannete sisu. Rakenduse ja andmebaasi arendusprotsessi kirjelduse peatükis on välja toodud rakenduse arendusprotsessi tsükkel ja selle komponendid. Rakenduse kirjelduses on kirjeldatud autori tööna valminud rakenduse sisu. Andmebaasi kirjelduses on kirjeldatud autori tööna valminud andmebaasi sisu. Diplomitöö tulemusena
  • Bakalářská Práce

    Bakalářská Práce

    TECHNICKÁ UNIVERZITA V LIBERCI Fakulta mechatroniky, informatiky a mezioborových studií BAKALÁŘSKÁ PRÁCE Liberec 2013 Jaroslav Jakoubě Příloha A TECHNICKÁ UNIVERZITA V LIBERCI Fakulta mechatroniky, informatiky a mezioborových studií Studijní program: B2646 – Informační technologie Studijní obor: 1802R007 – Informační technologie Srovnání databázových knihoven v PHP Benchmark of database libraries for PHP Bakalářská práce Autor: Jaroslav Jakoubě Vedoucí práce: Mgr. Jiří Vraný, Ph.D. V Liberci 15. 5. 2013 Prohlášení Byl(a) jsem seznámen(a) s tím, že na mou bakalářskou práci se plně vztahuje zákon č. 121/2000 Sb., o právu autorském, zejména § 60 – školní dílo. Beru na vědomí, že Technická univerzita v Liberci (TUL) nezasahuje do mých autorských práv užitím mé bakalářské práce pro vnitřní potřebu TUL. Užiji-li bakalářskou práci nebo poskytnu-li licenci k jejímu využití, jsem si vědom povinnosti informovat o této skutečnosti TUL; v tomto případě má TUL právo ode mne požadovat úhradu nákladů, které vynaložila na vytvoření díla, až do jejich skutečné výše. Bakalářskou práci jsem vypracoval(a) samostatně s použitím uvedené literatury a na základě konzultací s vedoucím bakalářské práce a konzultantem. Datum Podpis 3 Abstrakt Česká verze: Tato bakalářská práce se zabývá srovnávacím testem webových aplikací psaných v programovacím skriptovacím jazyce PHP, které využívají různé knihovny pro komunikaci s databází. Hlavní důraz při hodnocení výsledků byl kladen na rychlost odezvy při zasílání jednotlivých požadavků. V rámci řešení byly zjišťovány dostupné metodiky určené na porovnávání těchto projektů. Byl také proveden průzkum zjišťující, které frameworky jsou nejvíce používané. Klíčová slova: Testování, PHP, webové aplikace, framework, knihovny English version: This bachelor’s thesis is focused on benchmarking of the PHP frameworks and their database libraries used for creating web applications.
  • Phpword Documentation Release 0.18.2

    Phpword Documentation Release 0.18.2

    PHPWord Documentation Release 0.18.2 The PHPWord Team Jun 04, 2021 Contents 1 Introduction 3 1.1 Features..................................................3 1.2 File formats................................................4 1.3 Contributing...............................................5 2 Installing/configuring 7 2.1 Requirements...............................................7 2.2 Installation................................................7 2.3 Using samples..............................................8 3 General usage 9 3.1 Basic example..............................................9 3.2 PHPWord Settings............................................ 10 3.3 Document settings............................................ 11 3.4 Document information.......................................... 13 3.5 Measurement units............................................ 13 3.6 Document protection........................................... 13 3.7 Automatically Recalculate Fields on Open............................... 14 3.8 Hyphenation............................................... 14 4 Containers 15 4.1 Sections.................................................. 15 4.2 Headers.................................................. 16 4.3 Footers.................................................. 17 4.4 Other containers............................................. 17 5 Elements 19 5.1 Texts................................................... 20 5.2 Breaks.................................................. 22 5.3 Lists..................................................
  • Modern Web Application Frameworks

    Modern Web Application Frameworks

    MASARYKOVA UNIVERZITA FAKULTA INFORMATIKY Û¡¢£¤¥¦§¨ª«¬­Æ°±²³´µ·¸¹º»¼½¾¿Ý Modern Web Application Frameworks MASTER’S THESIS Bc. Jan Pater Brno, autumn 2015 Declaration Hereby I declare, that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or ex- cerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Bc. Jan Pater Advisor: doc. RNDr. Petr Sojka, Ph.D. i Abstract The aim of this paper was the analysis of major web application frameworks and the design and implementation of applications for website content ma- nagement of Laboratory of Multimedia Electronic Applications and Film festival organized by Faculty of Informatics. The paper introduces readers into web application development problematic and focuses on characte- ristics and specifics of ten selected modern web application frameworks, which were described and compared on the basis of relevant criteria. Practi- cal part of the paper includes the selection of a suitable framework for im- plementation of both applications and describes their design, development process and deployment within the laboratory. ii Keywords Web application, Framework, PHP,Java, Ruby, Python, Laravel, Nette, Phal- con, Rails, Padrino, Django, Flask, Grails, Vaadin, Play, LEMMA, Film fes- tival iii Acknowledgement I would like to show my gratitude to my supervisor doc. RNDr. Petr So- jka, Ph.D. for his advice and comments on this thesis as well as to RNDr. Lukáš Hejtmánek, Ph.D. for his assistance with application deployment and server setup. Many thanks also go to OndˇrejTom for his valuable help and advice during application development.
  • Environmental Assessment DOI-BLM-ORWA-B050-2018-0016-EA

    Environmental Assessment DOI-BLM-ORWA-B050-2018-0016-EA

    United States Department of the Interior Bureau of Land Management Burns District Office 28910 Highway 20 West Hines, Oregon 97738 541-589-4400 Phone 541-573-4411 Fax Spay Feasibility and On-Range Behavioral Outcomes Assessment and Warm Springs HMA Population Management Plan Environmental Assessment DOI-BLM-ORWA-B050-2018-0016-EA June 29, 2018 This Page is Intentionally Left Blank Spay Feasibility and On-Range Behavioral Outcomes Assessment and Warm Springs HMA Population Management Plan Environmental Assessment DOI-BLM-ORWA-B050-2018-0016-EA Table of Contents I. INTRODUCTION .........................................................................................................1 A. Background................................................................................................................ 1 B. Purpose and Need for Proposed Action..................................................................... 4 C. Decision to be Made .................................................................................................. 5 D. Conformance with BLM Resource Management Plan(s) .......................................... 6 E. Consistency with Laws, Regulations and Policies..................................................... 7 F. Scoping and Identification of Issues ........................................................................ 12 1. Issues for Analysis .......................................................................................... 13 2. Issues Considered but Eliminated from Detailed Analysis ............................
  • Design Patterns in PHP and Laravel — Kelt Dockins Design Patterns in PHP and Laravel

    Design Patterns in PHP and Laravel — Kelt Dockins Design Patterns in PHP and Laravel

    Design Patterns in PHP and Laravel — Kelt Dockins Design Patterns in PHP and Laravel Kelt Dockins [email protected] Design Patterns in PHP and Laravel Kelt Dockins Dolph, Arkansas USA ISBN-13 (pbk): 978-1-4842-2450-2 ISBN-13 (electronic): 978-1-4842-2451-9 DOI 10.1007/978-1-4842-2451-9 Library of Congress Control Number: 2016961807 Copyright © 2017 by Kelt Dockins This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Trademarked names, logos, and images may appear in this book. Rather than use a trademark symbol with every occurrence of a trademarked name, logo, or image we use the names, logos, and images only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made.
  • Minocycline, a Microglial Inhibitor, Blocks Spinal CCL2-Induced Heat

    Minocycline, a Microglial Inhibitor, Blocks Spinal CCL2-Induced Heat

    Huang et al. Journal of Neuroinflammation 2014, 11:7 JOURNAL OF http://www.jneuroinflammation.com/content/11/1/7 NEUROINFLAMMATION RESEARCH Open Access Minocycline, a microglial inhibitor, blocks spinal CCL2-induced heat hyperalgesia and augmentation of glutamatergic transmission in substantia gelatinosa neurons Chung-Yu Huang1†, Ying-Ling Chen2†, Allen H Li3, Juu-Chin Lu1 and Hung-Li Wang1,4,5* Abstract Background: Several lines of evidence suggest that CCL2 could initiate the hyperalgesia of neuropathic pain by causing central sensitization of spinal dorsal horn neurons and facilitating nociceptive transmission in the spinal dorsal horn. The cellular and molecular mechanisms by which CCL2 enhances spinal pain transmission and causes hyperalgesia remain unknown. The substantia gelatinosa (lamina II) of the spinal dorsal horn plays a critical role in nociceptive transmission. An activated spinal microglia, which is believed to release pro-inflammatory cytokines including TNF-α, plays an important role in the development of neuropathic pain, and CCL2 is a key mediator for spinal microglia activation. In the present study, we tested the hypothesis that spinal CCL2 causes the central sensitization of substantia gelatinosa neurons and enhances spinal nociceptive transmission by activating the spinal microglia and augmenting glutamatergic transmission in lamina II neurons. Methods: CCL2 was intrathecally administered to 2-month-old male rats. An intrathecal injection of CCL2 induced heat hyperalgesia, which was assessed using the hot plate test. Whole-cell voltage-clamp recordings substantia gelatinosa neurons in spinal cord slices were performed to record glutamatergic excitatory postsynaptic currents (EPSCs) and GABAergic inhibitory postsynaptic currents (IPSCs). Results: The hot plate test showed that 1 day after the intrathecal injection of CCL2 (1 μg), the latency of hind-paw withdrawal caused by a heat stimulus was significantly reduced in rats.
  • Red Hat AMQ 6.1 Jboss A-MQ for Xpaas Release Notes

    Red Hat AMQ 6.1 Jboss A-MQ for Xpaas Release Notes

    Red Hat JBoss A-MQ 6.1 JBoss A-MQ for xPaaS Release Notes What's new in Red Hat JBoss A-MQ for xPaaS Last Updated: 2017-10-13 Red Hat JBoss A-MQ 6.1 JBoss A-MQ for xPaaS Release Notes What's new in Red Hat JBoss A-MQ for xPaaS JBoss A-MQ Docs Team Content Services [email protected] Legal Notice Copyright © 2014 Red Hat. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
  • Hippo Consolidates Its Leadership Status in the Open Source Software Community Submitted By: Prompt Communications Ltd Wednesday, 25 March 2009

    Hippo Consolidates Its Leadership Status in the Open Source Software Community Submitted By: Prompt Communications Ltd Wednesday, 25 March 2009

    Hippo consolidates its leadership status in the open source software community Submitted by: Prompt Communications Ltd Wednesday, 25 March 2009 – Global software developer comes of age with more than 150 enterprise organisations using its open source CMS & portal software, ten Hippo developers accepted as ‘committers' to Apache projects; and three 'members' of The Apache Software Foundation – San Francisco, CA and Amsterdam, The Netherlands –25 March, 2009 – Hippo (http://www.onehippo.com), a leading vendor of open source Enterprise Content Management and Portal technology, today further demonstrated its leadership in the open source community with the announcement that the tenth member of its Technology Expertise Team has joined with the prestigious status of ‘committer’ to projects of The Apache Software Foundation. Out of its team of over 50 employees, nine others have attained this status, of which three have since received recognition for their technical excellence and contribution by achieving 'member' level. Developers are accepted as committers by the ASF based on the quality and quantity of their contributions to Apache open source development projects. Led by Hippo’s CTO, Arje Cahn, the Hippo Technology Expertise Team includes ASF members and committers to a broad range of Apache projects including Cocoon, Jetspeed, Portals, Wicket, and Jackrabbit. The number of Hippo developers accepted as Apache committers is indicative both of the high levels of technical expertise within the company, and of its commitment to contributing to open source development projects and enriching the world’s store of open source software. The ASF process is meritocratic: to attain committer status, developers have to be voted on by other committers.