The Definitive Guide to HTML5 Websocket // Example Websocket Server
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
AJAX Requests CPEN400A - Building Modern Web Applications - Winter 2018-1
What is AJAX XmlHttpRequest Callbacks and Error Handling JSON Lecture 6: AJAX Requests CPEN400A - Building Modern Web Applications - Winter 2018-1 Karthik Pattabiraman The Univerity of British Columbia Department of Electrical and Computer Engineering Vancouver, Canada Thursday, October 17, 2019 What is AJAX XmlHttpRequest Callbacks and Error Handling JSON What is AJAX ? 2 1 What is AJAX 2 XmlHttpRequest 3 Callbacks and Error Handling 4 JSON What is AJAX XmlHttpRequest Callbacks and Error Handling JSON What is AJAX ? 3 Mechanism for modern web applications to communicate with the server after page load Without refreshing the current page Request can be sent asynchronously without holding up the main JavaScript thread Stands for “Asynchronous JavaScript and XML”, but does not necessarily involve XML Complement of COMET (Server Push) What is AJAX XmlHttpRequest Callbacks and Error Handling JSON A Brief History of AJAX 4 Introduced by Microsoft as part of the Outlook Web Access (OWA) in 1998 Popularized by Google in Gmail, Maps in 2004-05 Term AJAX coined around 2005 in an article Made part of the W3C standard in 2006 Supported by all major browsers today What is AJAX XmlHttpRequest Callbacks and Error Handling JSON Uses of AJAX 5 Interactivity To enable content to be brought in from the server in response to user requests Performance Load the most critical portions of a webpage first, and then load the rest asynchronously Security (this is questionable) Bring in only the code/data that is needed on demand to reduce the attack surface of the -
Yet Another Web Server
Yaws - Yet Another Web Server Claes Wikstrom [email protected] September 9, 2018 Contents 1 Introduction 4 1.1 Prerequisites . 5 1.2 A tiny example . 5 2 Compile, Install, Config and Run 7 2.0.1 Compile and Install . 7 2.0.2 Configure . 8 3 Static content 11 4 Dynamic content 12 4.1 Introduction . 12 4.2 EHTML . 12 4.3 POSTs . 17 4.3.1 Queries . 17 4.3.2 Forms . 17 4.4 POSTing files . 18 5 Mode of operation 22 5.1 On-the-fly compilation . 22 5.2 Evaluating the Yaws Code . 23 6 SSL 24 6.1 Server Name Indication . 25 7 Applications 26 7.1 Login scenarios . 26 7.1.1 The session server . 26 1 CONTENTS 2 7.1.2 Arg rewrite . 28 7.1.3 Authenticating . 29 7.1.4 Database driven applications . 31 7.2 Appmods . 31 7.3 The opaque data . 32 7.4 Customizations . 32 7.4.1 404 File not found . 33 7.4.2 Crash messages . 33 7.5 Stream content . 34 7.6 All out/1 Return Values . 35 8 Debugging and Development 39 8.1 Logs . 39 9 External scripts via CGI 40 10 FastCGI 41 10.1 The FastCGI Responder Role . 41 10.2 The FastCGI Authorizer Role . 42 10.3 The FastCGI Filter Role . 42 10.4 FastCGI Configuration . 42 11 Security 43 11.1 WWW-Authenticate . 43 12 Embedded mode 45 12.1 Creating Global and Server Configurations . 45 12.2 Starting Yaws in Embedded Mode . 46 13 The config file - yaws.conf 47 13.1 Global Part . -
Differential Fuzzing the Webassembly
Master’s Programme in Security and Cloud Computing Differential Fuzzing the WebAssembly Master’s Thesis Gilang Mentari Hamidy MASTER’S THESIS Aalto University - EURECOM MASTER’STHESIS 2020 Differential Fuzzing the WebAssembly Fuzzing Différentiel le WebAssembly Gilang Mentari Hamidy This thesis is a public document and does not contain any confidential information. Cette thèse est un document public et ne contient aucun information confidentielle. Thesis submitted in partial fulfillment of the requirements for the degree of Master of Science in Technology. Antibes, 27 July 2020 Supervisor: Prof. Davide Balzarotti, EURECOM Co-Supervisor: Prof. Jan-Erik Ekberg, Aalto University Copyright © 2020 Gilang Mentari Hamidy Aalto University - School of Science EURECOM Master’s Programme in Security and Cloud Computing Abstract Author Gilang Mentari Hamidy Title Differential Fuzzing the WebAssembly School School of Science Degree programme Master of Science Major Security and Cloud Computing (SECCLO) Code SCI3084 Supervisor Prof. Davide Balzarotti, EURECOM Prof. Jan-Erik Ekberg, Aalto University Level Master’s thesis Date 27 July 2020 Pages 133 Language English Abstract WebAssembly, colloquially known as Wasm, is a specification for an intermediate representation that is suitable for the web environment, particularly in the client-side. It provides a machine abstraction and hardware-agnostic instruction sets, where a high-level programming language can target the compilation to the Wasm instead of specific hardware architecture. The JavaScript engine implements the Wasm specification and recompiles the Wasm instruction to the target machine instruction where the program is executed. Technically, Wasm is similar to a popular virtual machine bytecode, such as Java Virtual Machine (JVM) or Microsoft Intermediate Language (MSIL). -
SDK De AWS Para Ruby Developer Guide
SDK de AWS para Ruby Developer Guide SDK de AWS para Ruby: Developer Guide Copyright © Amazon Web Services, Inc. and/or its affiliates. All rights reserved. SDK de AWS para Ruby Developer Guide Las marcas comerciales y la imagen comercial de Amazon no se pueden utilizar en relación con ningún producto o servicio que no sea de Amazon de ninguna manera que pueda causar confusión entre los clientes y que menosprecie o desacredite a Amazon. Todas las demás marcas comerciales que no son propiedad de Amazon son propiedad de sus respectivos propietarios, que pueden o no estar afiliados, conectados o patrocinados por Amazon. SDK de AWS para Ruby Developer Guide Table of Contents AWSGuía para desarrolladores de SDK for Ruby ................................................................................... 1 Mediante laAWSSDK for Ruby conAWS Cloud9 .............................................................................. 1 Acerca de esta guía ................................................................................................................... 1 Documentación y recursos adicionales .......................................................................................... 2 Implementación enAWSCloud ............................................................................................... 2 Mantenimiento y soporte para las versiones principales del SDK ........................................................ 2 Introducción ...................................................................................................................................... -
Table of Contents
TABLE OF CONTENTS I. EXECUTIVE SUMMARY ...............................................................................................3 A. Recommendations ..............................................................................................................................................3 1. Future Governance board ................................................................................................................................3 2. Integration Models ..........................................................................................................................................3 3. CCIS and JIS Review by Infinity Software Development Inc. .......................................................................4 4. Catalog of Common Data Elements................................................................................................................4 5. Data Exchange Standards and Protocol...........................................................................................................4 6. Infrastructure and Network Standards and Protocol........................................................................................4 7. Security and Access Standards and Protocol...................................................................................................5 8. Unified Statute Table ......................................................................................................................................6 9. Minimum Data Elements for Policy Oversight ...............................................................................................6 -
Resin 3.2 Reference
Contents 1 Overview 3 1.1 Features - Resin and Resin Professional . .3 2 Installation 11 2.1 Resin Installation Quick Start . 11 2.2 Resin Installation . 16 2.3 Resin Web Server . 16 2.4 Resin with Apache . 22 2.5 Resin with IIS . 34 2.6 How the Plugins Dispatch to Resin . 44 3 Command-Line 47 3.1 Command-Line Configuration . 47 4 Admin Guide 51 4.1 User Guide: Administration . 51 5 Watchdog 63 5.1 Resin Watchdog . 63 6 Virtual Hosts 73 6.1 Virtual Hosting . 73 7 Clustering 89 7.1 Resin Clustering . 89 8 Web Applications 109 8.1 An Overview of Web Applications . 109 9 Logging 137 9.1 Log . 137 10 Administration 163 10.1 Resin Administration . 163 1 CONTENTS 11 Deployment 177 11.1 Packaging/Deployment . 177 12 Proxy Caching 181 12.1 Server Caching . 181 13 Quercus 193 13.1 Quercus: PHP in Java . 193 14 Security 217 14.1 Resin Security . 217 15 Inversion of Control 271 15.1 Resin IoC . 271 15.2 Scheduled Task . 308 16 Amber 327 16.1 Amber . 327 17 Embedding Resin 355 17.1 Embedding Resin . 355 18 Filters 367 18.1 Filters . 367 19 BAM 379 19.1 BAM . 379 20 Comet 405 20.1 Comet/Server-Push Servlet . 405 21 Remoting 411 21.1 Resin Remoting . 411 21.2 Hessian . 417 22 Messaging 423 22.1 Resin Messaging . 423 23 JSF - Java Server Faces 435 23.1 JSF - Java Server Faces . 435 24 Configuration Tags 445 24.1 cluster: Cluster tag configuration . -
Dynamic Web Pages with the Embedded Web Server
Dynamic Web Pages With The Embedded Web Server The Digi-Geek’s AJAX Workbook (NET+OS, XML, & JavaScript) Version 1.0 5/4/2011 Page 1 Copyright Digi International, 2011 Table of Contents Chapter 1 - How to Use this Guide ............................................................................................................... 5 Prerequisites – If You Can Ping, You Can Use This Thing! ..................................................................... 5 Getting Help with TCP/IP and Wi-Fi Setup ............................................................................................ 5 The Study Guide or the Short Cut? ....................................................................................................... 5 C Code ................................................................................................................................................... 6 HTML Code ............................................................................................................................................ 6 XML File ................................................................................................................................................. 6 Provide us with Your Feedback ............................................................................................................. 6 Chapter 2 - The Server-Client Relationship ................................................................................................... 7 Example – An Analogy for a Normal HTML page ................................................................................. -
Applying World Wide Web Standards to Embedded Systems
NASA / TMm2002-211199 AIAA-2001-5107 Embedded Web Technology: Applying World Wide Web Standards to Embedded Systems Joseph G. Ponyik and David W. York Glenn Research Center, Cleveland, Ohio March 2002 The NASA STI Program Office... in Profile Since its founding, NASA has been dedicated to CONFERENCE PUBLICATION. Collected the advancement of aeronautics and space papers from scientific and technical science. The NASA Scientific and Technical conferences, symposia, seminars, or other Information (STI) Program Office plays a key part meetings sponsored or cosponsored by in helping NASA maintain this important role. NASA. The NASA STI Program Office is operated by SPECIAL PUBLICATION. Scientific, Langley Research Center, the Lead Center for technical, or historical information from NASA's scientific and technical information. The NASA programs, projects, and missions, NASA STI Program Office provides access to the often concerned with subjects having NASA STI Database, the largest collection of substantial public interest. aeronautical and space science STI in the world. The Program Office is also NASA's institutional TECHNICAL TRANSLATION. English- mechanism for disseminating the results of its language translations of foreign scientific research and development activities. These results and technical material pertinent to NASA's are published by NASA in the NASA STI Report mission. Series, which includes the following report types: Specialized services that complement the STI TECHNICAL PUBLICATION. Reports of Program Office's diverse offerings include completed research or a major significant creating custom thesauri, building customized phase of research that present the results of data bases, organizing and publishing research NASA programs and include extensive data results.., even providing videos. -
Lightweight Django USING REST, WEBSOCKETS & BACKBONE
Lightweight Django USING REST, WEBSOCKETS & BACKBONE Julia Elman & Mark Lavin Lightweight Django LightweightDjango How can you take advantage of the Django framework to integrate complex “A great resource for client-side interactions and real-time features into your web applications? going beyond traditional Through a series of rapid application development projects, this hands-on book shows experienced Django developers how to include REST APIs, apps and learning how WebSockets, and client-side MVC frameworks such as Backbone.js into Django can power the new or existing projects. backend of single-page Learn how to make the most of Django’s decoupled design by choosing web applications.” the components you need to build the lightweight applications you want. —Aymeric Augustin Once you finish this book, you’ll know how to build single-page applications Django core developer, CTO, oscaro.com that respond to interactions in real time. If you’re familiar with Python and JavaScript, you’re good to go. “Such a good idea—I think this will lower the barrier ■ Learn a lightweight approach for starting a new Django project of entry for developers ■ Break reusable applications into smaller services that even more… the more communicate with one another I read, the more excited ■ Create a static, rapid prototyping site as a scaffold for websites and applications I am!” —Barbara Shaurette ■ Build a REST API with django-rest-framework Python Developer, Cox Media Group ■ Learn how to use Django with the Backbone.js MVC framework ■ Create a single-page web application on top of your REST API Lightweight ■ Integrate real-time features with WebSockets and the Tornado networking library ■ Use the book’s code-driven examples in your own projects Julia Elman, a frontend developer and tech education advocate, started learning Django in 2008 while working at World Online. -
HTML5 and the Open Web Platform
HTML5 and the Open Web Platform Stuttgart 28 May 2013 Dave Raggett <[email protected]> The Open Web Platform What is the W3C? ● International community where Members, a full-time staff and the public collaborate to develop Web standards ● Led by Web inventor Tim Berners-Lee and CEO Jeff Jaffe ● Hosted by MIT, ERCIM, Keio and Beihang ● Community Groups open to all at no fee ● Business Groups get more staff support ● Technical Working Groups ● Develop specs into W3C Recommendations ● Participants from W3C Members and invited experts ● W3C Patent process for royalty free specifications 3 Who's involved ● W3C has 377 Members as of 11 May 2013 ● To name just a few ● ACCESS, Adobe, Akamai, Apple, Baidu, BBC, Blackberry (RIM), BT, Canon, Deutsche Telekom, eBay, Facebook, France Telecom, Fujitsu, Google, Hitachi, HP, Huawei, IBM, Intel, LG, Microsoft, Mozilla, NASA, NEC, NTT DoCoMo, Nuance, Opera Software, Oracle, Panasonic, Samsung, Siemens, Sony, Telefonica, Tencent, Vodafone, Yandex, … ● Full list at ● http://www.w3.org/Consortium/Member/List 4 The Open Web Platform 5 Open Web Platform ● Communicate with HTTP, Web Sockets, XML and JSON ● Markup with HTML5 ● Style sheets with CSS ● Rich graphics ● JPEG, PNG, GIF ● Canvas and SVG ● Audio and Video ● Scripting with JavaScript ● Expanding range of APIs ● Designed for the World's languages ● Accessibility with support for assistive technology 6 Hosted and Packaged Apps ● Hosted Web apps can be directly loaded from a website ● Packaged Web apps can be locally installed on a device and run without the need for access to a web server ● Zipped file containing all the necessary resources ● Manifest file with app meta-data – Old work on XML based manifests (Web Widgets) – New work on JSON based manifests ● http://w3c.github.io/manifest/ ● Pointer to app's cache manifest ● List of required features and permissions needed to run correctly ● Runtime and security model for web apps ● Privileged apps must be signed by installation origin's private key 7 HTML5 Markup ● Extensive range of features ● Structural, e.g. -
M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1 Updated March 2019 (2010)
Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) M3AAWG Best Common Practices for Mitigating Abuse of Web Messaging Systems, Version 1.1 Updated March 2019 (2010) The reference URL for this document is www.m3aawg.org/WebMessagingAbuse Table of Contents Updated in this Version ......................................................................................................................................................... 1 Introduction ........................................................................................................................................................................... 1 Typical Attacks ...................................................................................................................................................................... 2 Monitoring and Alerting ....................................................................................................................................................... 2 Proactive Defense .................................................................................................................................................................. 3 UI Access ........................................................................................................................................................................................................... 3 Web Application Security .............................................................................................................................................................................. -
Cross-Domain Communications
CSE 361: Web Security Cross-domain Communication Nick Nikiforakis 2 A World Without Separation between Sites http://kittenpics.org https://gmail.com 3 The Same-Origin Policy for JavaScript • Most basic access control policy • controls how active content can access resources • Same-Origin Policy for JavaScript for three actions • Script access to other document in same browser • frames/iframes • (popup) windows • Script access to application-specific local state • cookies, Web Storage, or IndexedDB • Explicit HTTP requests to other hosts • XMLHttpRequest 4 The Same-Origin Policy for JavaScript • Only allows access if origins match Protocol Hostname Port • Origin defined by protocol, hostname, and port http://example.org:80/path/ Originating document Accessed document Non-IE Browser Internet Explorer http://example.org/a http://example.org/b http://example.org http://www.example.org http://example.org https://example.org http://example.org http://example.org:81 5 Domain Relaxation • Two sub-domains of a common parent domain want to communicate • Notably: can overwrite different port! • Browsers allow setting document.domain property • Can only be set to valid suffix including parent domain • test.example.org -> example.org ok • example.org -> org forbidden • When first introduced, relaxation of single sub-domain was sufficient • Nowadays: both (sub-)domains must explicitly set document.domain 6 Domain Relaxation http://sub.kittenpics.org http://kittenpics.org document.domain = "kittenpics.org" document.domain = "kittenpics.org" 7 Domain Relaxation http://sub.kittenpics.org http://kittenpics.org document.domain = "kittenpics.org" Cross-Origin Communication 9 Cross-origin communication • Subdomains of the same domain can use domain relaxation when they want to talk to one another.