Introdução Ao Desenvolvimento De Games Com GWT E HTML5

Total Page:16

File Type:pdf, Size:1020Kb

Introdução Ao Desenvolvimento De Games Com GWT E HTML5 SBC - Proceedings of SBGames 2012 Tutorials Introdução ao Desenvolvimento de Games com GWT e HTML5 Ely Fernando do Prado Departamento de Computação, Universidade Federal de São Carlos (UFSCar) - São Carlos, SP - Brasil Figura 1: Logotipos do Google Web Toolkit e do HTML 5. Resumo games são adicionados ao site de pesquisa do Google em comemoração a alguma data ou evento especial, e O advento da tecnologia do HTML 5 tem aberto um são jogáveis no próprio site. novo mercado de jogos para internet, onde os usuários Graças a grande experiência alcançada pelos podem interagir com o game através de diferentes engenheiros da Google no setor de aplicações ricas equipamentos, como computadores, tablets e celulares para internet, foi criado por eles o framework Google sem a necessidade de instalação prévia da aplicação ou Web Toolkit (GWT), que tem facilitado muito criação mesmo algum plug-in. Por outro lado o framework de aplicações complexas na web, incluindo os jogos. Google Web Toolkit tem se mostrado uma boa O objetivo deste tutorial é apresentar o framework alternativa para desenvolvimento de aplicações ricas GWT como uma alternativa para o desenvolvimento de para internet, utilizando a linguagem Java para gerar jogos para internet. Para isso será apresentado como se códigos HTML, CSS e JavaScript. Assim este trabalho dá o desenvolvimento de um jogo nesta tecnologia, tem por objetivo apresentar o framework GWT como sendo um jogo com poucas funcionalidades, porém o solução para o desenvolvimento de jogos para internet suficiente para dar os primeiros passos neste em HTML5, demonstrando todos os passos necessários framework. para codificação de um game loop, animações e interação com o usuário. 2. HTML 5 Keywords: GWT, HTML5, Jogos, Canvas O padrão HTML5 complementa as capacidades das normas existentes no HTML com vários novos Authors’ contact: recursos. Embora o HTML5 seja um padrão web de [email protected] propósito geral, muitos dos novos recursos são destinados diretamente para tornar a Web um lugar 1. Introdução melhor para aplicações web com estilo desktop. Dentre os novos recursos estão a capacidade das Atualmente estamos presenciando um grande aplicações executarem em modo off-line e de crescimento na demanda por jogos para internet. Outro armazenar dados localmente no computador ou acontecimento que está em bastante evidencia hoje é o dispositivo. Um recurso importante, especialmente surgimento e amadurecimento do HTML 5, que tem quando se trata de desenvolvimento de jogos é o possibilitado a criação de jogos que rodam direto no elemento Canvas, que oferece uma tela de desenho 2D, navegador de maneira leve e prática. permitindo o desenho de formas gráficas, imagens e A principal motivação para este tutorial é o grande texto em tempo de execução. Outros recursos crescimento no mercado de jogos para internet. O disponibilizados pelo HTML5 são para permitir que surgimento do HTML 5 permitiu que passássemos a arquivos de mídia (áudio e vídeo) sejam executados no desenvolver aplicações complexas para internet, sem navegador sem necessidade de plug-in externo, ter que depender de algum plug-in específico. Além também há elementos para carregamento de dados de disso, aplicações desta natureza podem ser executadas forma assíncrona e apoio para eventos de arrastar e em qualquer dispositivo que possua internet, como soltar. Além dos recursos citados, a especificação computadores, tablets e celulares de qualquer sistema HTML5 define inúmeros outros acréscimos, mas operacional atual. muitas destas especificações, bem como a Um bom exemplo que tem alcançado bastante especificação do HTML5 em si, estão ainda em sucesso entre o público são os jogos adicionados no definição, de modo que na versão final os seus detalhes logotipo do Google, chamados doodles. Os doodles podem variar. (Taivalsaari e Mikkonen, 2011) XI SBGames – Brasiliá – DF – Brazil, November 2nd - 4th, 2012 28 SBC - Proceedings of SBGames 2012 Tutorials Para o desenvolvimento de jogos o HTML por si só Já que GWT compila código Java para JavaScript, não é suficiente. O HTML é uma linguagem de é importante questionarmos quais são as vantagens de marcação, que permite incluir elementos em uma se desenvolver a aplicação em Java com GWT, ao página, como campos de formulário, texto, imagens, invés de escrever diretamente em código JavaScript. A canvas, etc. Mas todos esses elementos são estáticos. vantagem mais óbvia está no fato de GWT criar Para superar as limitações do HTML podemos utilizar JavaScript perfeitamente compatível com os diferente o Javascript, pois a ação toda precisa ser escrita em navegadores, sendo assim não precisamos escrever uma linguagem de programação. Javascript é uma estruturas condicionais para cuidar das diferenças do linguagem de programação poderosa, com sintaxe navegadores. Mas Dwyer, 2008, ainda faz a seguinte baseada em C++, porém com suporte apenas parcial à afirmação: “há três áreas específicas em que o GWT orientação a objetos. Javascript é uma linguagem supera o JavaScript: escalabilidade, suporte à interpretada, sendo assim sua velocidade de execução e refatoração, e familiaridade.”. Isso se deve ao fato de sua compatibilidade depende da máquina GWT utilizar a linguagem Java, que apesar de seu interpretadora que o navegador possui. (Nörnberg, nome sugerir o contrário, Java tem mais diferenças 2011) com JavaScript do que igualdades. 3.1 Ambiente de Desenvolvimento 3. Google Web Toolkit Como o framework GWT executa sobre a O framework GWT (Google Web Toolkit) foi plataforma Java, você pode preparar seu ambiente de criado para facilitar o desenvolvimento de aplicações desenvolvimento nos principais sistemas operacionais ricas para web fornecendo uma camada de abstração, disponíveis (Windows, Linux ou MacOS), porém é que esconde os detalhes do Javascript e também as necessário ter instalado o Kit de Desenvolvimento Java diferenças entre os ambientes específicos dos em seu computador. Além disso, é requisito básico ter navegadores. Toda aplicação é escrita utilizando a feito download e descompressão do Google Web linguagem Java, e o framework GWT traduz este Toolkit SDK. Ambas ferramentas citadas podem ser código em JavaScript, DHTML e CSS. Ao efetuar esta encontradas nos links a seguir: compilação são geradas versões especificas da Java SE Development Kit (JDK): aplicação para cada tipo de navegador, tornando a http://java.sun.com/javase/downloads/ aplicação compatível com os mais variados ambientes, Google Web Toolkit SDK: e também com as diferentes versões desses https://developers.google.com/web-toolkit/download navegadores. (Smeets, Boness e Bankras, 2009) Apesar de não ser um pré-requisito, é bastante Seu objetivo é permitir o desenvolvimento interessante utilizar uma IDE de desenvolvimento. produtivo de aplicações Web de alto desempenho sem Dentre as principais IDEs utilizadas para que o desenvolvedor necessite ser um especialista nas desenvolvimento de aplicações Java, podemos destacar peculiaridades de cada navegador, XMLHttpRequest e o Eclipse que possui um plug-in oficial da Google para JavaScript trabalhar com GWT. Tanto a IDE como o plug-in para GWT é um framework essencialmente para o lado desenvolver em GWT podem ser encontrados no link a do cliente (cliente-side) e dá suporte à comunicação seguir: com o servidor através de RPCs (Remote Procedure IDE Eclipse: Calls). Ele não é um framework para aplicações http://www.eclipse.org/downloads/ clássicas da web, pois deixa a implementação da Google Plugin for Eclipse: aplicação web parecida com implementações em http://dl.google.com/eclipse/plugin/4.2 desktop. Para quem está habituado a desenvolver Para este tutorial foi utilizado a versão 4.2 do aplicações desktop, especialmente na linguagem Java Eclipse, apelidada de Juno. se sente familiarizado com o uso do framework GWT. Para configurar o plug-in do GWT no Eclipse, (Geary, 2008) basta clicar no menu do Eclipse “Help”, logo em O GWT é utilizado por muitos produtos do Google, seguida em “Install New Software”. Depois clique no incluindo o Google Wave e Google AdWords. Tem botão “Add” e digite no campo “Location” o endereço sido utilizado também para a construção de jogos para http://dl.google.com/eclipse/plugin/4.2 e clique em internet, como por exemplo, a versão web do jogo “Ok”. Marque os itens “Google Plugin for Eclipse”, Angry Birds. “GWT Designer for GPE” e “SDKs”.Clique no botão GWT é de código aberto, totalmente gratuito, e “Next”, aguarde o download ser terminado e clique em utilizado por milhares de desenvolvedores ao redor do “Finish”. mundo. Está disponível sob a Licença Apache v. 2.0, Com essas etapas, o Eclipse está preparado para ser concedendo-lhe uma licença perpétua, mundial, não utilizado com ferramente de desenvolvimento para o exclusiva, sem nenhum custo, isenta de royalties, framework GWT. direitos autorais irrevogáveis para reproduzir, preparar trabalhos derivados, publicamente exibir, executar publicamente, sublicenciar e distribuir o trabalho. XI SBGames – Brasiliá – DF – Brazil, November 2nd - 4th, 2012 29 SBC - Proceedings of SBGames 2012 Tutorials 3.2 Objeto Canvas 3.3.1 Principais métodos O objeto Canvas representa o elemento de mesmo nome do HTML 5, e pode ser utilizado para setFillStyle(String fillStyleColor) processamento de gráficos em tempo de execução. Argumento: Uma característica importante deste elemento é que ele fillStyleColor: cor como uma String no formato consegue redimensionar seu conteúdo para adequar à CssColor. resolução do navegador do usuário. Pode ser executado Descrição:
Recommended publications
  • Bakalářská Práce
    TECHNICKÁ UNIVERZITA V LIBERCI Fakulta mechatroniky, informatiky a mezioborových studií BAKALÁŘSKÁ PRÁCE Liberec 2013 Jaroslav Jakoubě Příloha A TECHNICKÁ UNIVERZITA V LIBERCI Fakulta mechatroniky, informatiky a mezioborových studií Studijní program: B2646 – Informační technologie Studijní obor: 1802R007 – Informační technologie Srovnání databázových knihoven v PHP Benchmark of database libraries for PHP Bakalářská práce Autor: Jaroslav Jakoubě Vedoucí práce: Mgr. Jiří Vraný, Ph.D. V Liberci 15. 5. 2013 Prohlášení Byl(a) jsem seznámen(a) s tím, že na mou bakalářskou práci se plně vztahuje zákon č. 121/2000 Sb., o právu autorském, zejména § 60 – školní dílo. Beru na vědomí, že Technická univerzita v Liberci (TUL) nezasahuje do mých autorských práv užitím mé bakalářské práce pro vnitřní potřebu TUL. Užiji-li bakalářskou práci nebo poskytnu-li licenci k jejímu využití, jsem si vědom povinnosti informovat o této skutečnosti TUL; v tomto případě má TUL právo ode mne požadovat úhradu nákladů, které vynaložila na vytvoření díla, až do jejich skutečné výše. Bakalářskou práci jsem vypracoval(a) samostatně s použitím uvedené literatury a na základě konzultací s vedoucím bakalářské práce a konzultantem. Datum Podpis 3 Abstrakt Česká verze: Tato bakalářská práce se zabývá srovnávacím testem webových aplikací psaných v programovacím skriptovacím jazyce PHP, které využívají různé knihovny pro komunikaci s databází. Hlavní důraz při hodnocení výsledků byl kladen na rychlost odezvy při zasílání jednotlivých požadavků. V rámci řešení byly zjišťovány dostupné metodiky určené na porovnávání těchto projektů. Byl také proveden průzkum zjišťující, které frameworky jsou nejvíce používané. Klíčová slova: Testování, PHP, webové aplikace, framework, knihovny English version: This bachelor’s thesis is focused on benchmarking of the PHP frameworks and their database libraries used for creating web applications.
    [Show full text]
  • Environmental Assessment DOI-BLM-ORWA-B050-2018-0016-EA
    United States Department of the Interior Bureau of Land Management Burns District Office 28910 Highway 20 West Hines, Oregon 97738 541-589-4400 Phone 541-573-4411 Fax Spay Feasibility and On-Range Behavioral Outcomes Assessment and Warm Springs HMA Population Management Plan Environmental Assessment DOI-BLM-ORWA-B050-2018-0016-EA June 29, 2018 This Page is Intentionally Left Blank Spay Feasibility and On-Range Behavioral Outcomes Assessment and Warm Springs HMA Population Management Plan Environmental Assessment DOI-BLM-ORWA-B050-2018-0016-EA Table of Contents I. INTRODUCTION .........................................................................................................1 A. Background................................................................................................................ 1 B. Purpose and Need for Proposed Action..................................................................... 4 C. Decision to be Made .................................................................................................. 5 D. Conformance with BLM Resource Management Plan(s) .......................................... 6 E. Consistency with Laws, Regulations and Policies..................................................... 7 F. Scoping and Identification of Issues ........................................................................ 12 1. Issues for Analysis .......................................................................................... 13 2. Issues Considered but Eliminated from Detailed Analysis ............................
    [Show full text]
  • 1 Introducing Symfony, Cakephp, and Zend Framework
    1 Introducing Symfony, CakePHP, and Zend Framework An invasion of armies can be resisted, but not an idea whose time has come. — Victor Hugo WHAT’S IN THIS CHAPTER? ‰ General discussion on frameworks. ‰ Introducing popular PHP frameworks. ‰ Design patterns. Everyone knows that all web applications have some things in common. They have users who can register, log in, and interact. Interaction is carried out mostly through validated and secured forms, and results are stored in various databases. The databases are then searched, data is processed, and data is presented back to the user, often according to his locale. If only you could extract these patterns as some kind of abstractions and transport them into further applications, the developmentCOPYRIGHTED process would be much MATERIAL faster. This task obviously can be done. Moreover, it can be done in many different ways and in almost any programming language. That’s why there are so many brilliant solutions that make web development faster and easier. In this book, we present three of them: Symfony, CakePHP, and Zend Framework. They do not only push the development process to the extremes in terms of rapidity but also provide massive amounts of advanced features that have become a must in the world of Web 2.0 applications. cc01.indd01.indd 1 11/24/2011/24/2011 55:45:10:45:10 PPMM 2 x CHAPTER 1 INTRODUCING SYMFONY, CAKEPHP, AND ZEND FRAMEWORK WHAT ARE WEB APPLICATION FRAMEWORKS AND HOW ARE THEY USED? A web application framework is a bunch of source code organized into a certain architecture that can be used for rapid development of web applications.
    [Show full text]
  • Abstract Window Toolkit Overview
    In this chapter: • Components • Peers 1 • Layouts • Containers • And the Rest • Summary Abstract Window Toolkit Overview For years, programmers have had to go through the hassles of porting software from BSD-based UNIX to System V Release 4–based UNIX, from OpenWindows to Motif, from PC to UNIX to Macintosh (or some combination thereof), and between various other alternatives, too numerous to mention. Getting an applica- tion to work was only part of the problem; you also had to port it to all the plat- forms you supported, which often took more time than the development effort itself. In the UNIX world, standards like POSIX and X made it easier to move appli- cations between different UNIX platforms. But they only solved part of the prob- lem and didn’t provide any help with the PC world. Portability became even more important as the Internet grew. The goal was clear: wouldn’t it be great if you could just move applications between different operating environments without worr yingabout the software breaking because of a different operating system, win- dowing environment, or internal data representation? In the spring of 1995, Sun Microsystems announced Java, which claimed to solve this dilemma. What started out as a dancing penguin (or Star Trek communicator) named Duke on remote controls for interactive television has become a new paradigm for programming on the Internet. With Java, you can create a program on one platform and deliver the compilation output (byte-codes/class files) to ever yother supported environment without recompiling or worrying about the local windowing environment, word size, or byte order.
    [Show full text]
  • Drawing in GTK+
    CSci493.70 Graphical User Interface Programming Prof. Stewart Weiss Drawing in GTK+ Drawing in GTK+ Background In order to understand how to draw in GTK, you rst have to understand something about how GTK draws widgets, because how GTK draws widgets has an important role in how you design your drawing application. An understanding of how GTK draws widgets is also required if you ever plan to build your own custom widgets. Windows and Clipping Most windowing systems are designed around the idea that an application's visual display lies within a rectangular region on the screen called its window. The windowing system, e.g. Gnome or KDE or Explorer, does not automatically save the graphical content of an application's windows; instead it asks the application itself to repaint 1 its windows whenever it is needed. For example, if a window that is stacked below other windows gets raised to the top, then a client program has to repaint the area that was previously obscured. When the windowing system asks a client program to redraw part of a window, it sends an exposure event to the program that contains that window. An exposure event is simply an event sent from the underlying windowing system to a widget to notify it that it must redraw itself. In this context, a "window" means "a rectangular region with automatic clipping", not a top-level application window. Clipping is the act of removing portions of a window that do not need to be redrawn, or looked at the other way, it is determining which are the only regions of a window that must be redrawn.
    [Show full text]
  • Canvas Pocket Reference
    Canvas Pocket Reference Canvas Pocket Reference David Flanagan Beijing • Cambridge • Farnham • Köln • Sebastopol • Tokyo Canvas Pocket Reference by David Flanagan Copyright © 2011 David Flanagan. All rights reserved. Printed in the United States of America. Published by O’Reilly Media, Inc., 1005 Gravenstein Highway North, Sebastopol, CA 95472. O’Reilly books may be purchased for educational, business, or sales promo- tional use. Online editions are also available for most titles (http://my.safari booksonline.com). For more information, contact our corporate/institutional sales department: (800) 998-9938 or [email protected]. Editors: Mike Loukides and Simon St. Laurent Production Editor: Teresa Elsey Proofreader: Sada Preisch Indexer: John Bickelhaupt Cover Designer: Karen Montgomery Interior Designer: David Futato Illustrator: Robert Romano Printing History: December 2010: First Edition. Nutshell Handbook, the Nutshell Handbook logo, and the O’Reilly logo are registered trademarks of O’Reilly Media, Inc. The Pocket Reference series designation, Canvas Pocket Reference, the image of a gold weaver bird, and related trade dress are trademarks of O’Reilly Media, Inc. wnload from Wow! eBook <www.wowebook.com> o D Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in this book, and O’Reilly Media, Inc., was aware of a trademark claim, the designations have been printed in caps or initial caps. While every precaution has been taken in the preparation
    [Show full text]
  • Quick Guide to Tkinter.Canvas
    tkinter Reference Guide Common Usage and Functions Installation on Your Local Machine.................................. 2 Canvas Initialization .......................................... 3 The Coordinate System......................................... 3 Drawing Lines.............................................. 4 Drawing Rectangles........................................... 5 Drawing Ovals.............................................. 6 Drawing Polygons ........................................... 7 Drawing Text .............................................. 8 1 Installation on Your Local Machine It is very likely that your version of Python 3 came with tkinter already installed. You can check if your local machine has a working version of tkinter by writing and executing a simple Python program consisting of the two lines of code shown below: import tkinter tkinter._test() Upon running this program, a window similar to the one pictured below should appear. If this window appears, then you have a working version of tkinter installed and available to use in your programs! If this window does not appear, then: • Make sure that the function you called is tkinter._test(), with a period followed by an underscore as well as a set of empty parenthesis. • If you are running a version of Python 2, then upgrade your version to Python 3 (this is the standard version for 15-110). • If you cannot upgrade your version of Python, then capitalize all instances of tkinter in the above program and all programs you may write to Tkinter and try again. •
    [Show full text]
  • Zašto Smo Odabrali Laravel (4)?
    Zašto smo odabrali Laravel (4)? Denis Stančer Prije framework-a • Razvijate web aplikacije od ranih početaka (kraj XX stoljeća) • Perl – CGI • PHP (3.0 - 6/1998, 4.0 - 5/2000, 5.0 - 7/2004, 5.3 - 6/2009 ) • Tijekom vremena sami razvijete elemente frameworka • Prednosti: • Brži razvoj • Neka vrsta standarda • Nedostaci: • Još uvijek velika količina spaghetti kôda • Pojedini developer ima svoj framework • Ne razvijaju se svi jednako brzo • Nama pravovremenih sigurnosnih zakrpi U Srcu • Koji PHP framework koristite ili ste koristili? Zašto framework? • Brži razvoj • Standardizirana organizacija kôda • Pojednostavljeno • Pristupu bazi/bazama • Zaštita od osnovnih sigurnosnih propusta • Modularnost • Razmjena gotovih rješenja među developerima • Copy/paste ili Composer • U MVC framework-u razdvojen HTML/JS od PHP-a • U konačnici - bolja suradnja unutar tima = efikasniji razvoj i održavanje MVC – Model-View-Controller • Programski predložak kojim se komunikacija s korisnikom dijeli na tri dijela: • data model: podaci • najčešće baza • user interface: prikaz stanja u modelu • najčešće templating engine • bussines model: šalje naredbe modelu Koji framework odabrati? • Koji su najpopularniji? • Koji imaju mogućnosti koje nama trebaju? • Popis općih kriterija • Composer • ORM • Testna okruženja • Migracije i seeding • Templating engine • Bootstrap • Git • Kvaliteta dokumentacije • Stanje zajednice: forumi, članci, konferencije,… Koji framework odabrati? (2) • Popis specifičnih kriterija • Mali (rijetko srednje veliki) projekti • simpleSAMLphp: jednostavno
    [Show full text]
  • PRADO V3.2.3 Quickstart Tutorial 1
    PRADO v3.2.3 Quickstart Tutorial 1 Qiang Xue and Wei Zhuo November 26, 2013 1Copyright 2004-2013. All Rights Reserved. Contents i ii Preface Prado quick start doc iii iv License PRADO is free software released under the terms of the following BSD license. Copyright 2004-2013, The PRADO Group (http://www.pradosoft.com) All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of con- ditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the PRADO Group nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    [Show full text]
  • Evaluating Web Development Frameworks: Django, Ruby on Rails and Cakephp
    Evaluating web development frameworks: Django, Ruby on Rails and CakePHP Julia Plekhanova Temple University © September 2009 Institute for Business and Information Technology Fox School of Business Temple University The IBIT Report © 2009 Institute for Business and Information Technology, Bruce Fadem Fox School of Business, Temple University, Philadelphia, PA Editor-in-chief 19122, USA. All rights reserved. ISSN 1938-1271. Retired VP and CIO, Wyeth The IBIT Report is a publication for the members of the Fox Munir Mandviwalla School’s Institute for Business and Information Technology. IBIT reports are written for industry and based on rigorous Editor academic research and vendor neutral analysis. For additional Associate Professor and Executive Director reports, please visit our website at http://ibit.temple.edu. Fox School of Business, Temple University No part of this publication may be reproduced, stored in a Laurel Miller retrieval system or transmitted in any form or by any means, Managing Editor electronic, mechanical, photocopying, recording, scanning Director, Fox School of Business, Temple University or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without the prior written permission of the Publisher. Requests to the Publisher Board of editors for permission should be addressed to Institute for Business and Information Technology, Fox School of Business, Temple Andrea Anania University, 1810 N. 13th Street, Philadelphia, PA 19122, Retired VP and CIO, CIGNA USA, 215.204.5642, or [email protected]. Jonathan A. Brassington Disclaimer: The conclusions and statements of this report Founding Partner and CEO are solely the work of the authors. They do not represent LiquidHub Inc.
    [Show full text]
  • Chapter 3 – Design Patterns: Model-View- Controller
    SOFTWARE ARCHITECTURES Chapter 3 – Design Patterns: Model-View- Controller Martin Mugisha Brief History Smalltalk programmers developed the concept of Model-View-Controllers, like most other software engineering concepts. These programmers were gathered at the Learning Research Group (LRG) of Xerox PARC based in Palo Alto, California. This group included Alan Kay, Dan Ingalls and Red Kaehler among others. C language which was developed at Bell Labs was already out there and thus they were a few design standards in place[ 1] . The arrival of Smalltalk would however change all these standards and set the future tone for programming. This language is where the concept of Model-View- Controller first emerged. However, Ted Kaehler is the one most credited for this design pattern. He had a paper in 1978 titled ‘A note on DynaBook requirements’. The first name however for it was not MVC but ‘Thing-Model-View-Set’. The aim of the MVC pattern was to mediate the way the user could interact with the software[ 1] . This pattern has been greatly accredited with the later development of modern Graphical User Interfaces(GUI). Without Kaehler, and his MVC, we would have still been using terminal to input our commands. Introduction Model-View-Controller is an architectural pattern that is used for implementing user interfaces. Software is divided into three inter connected parts. These are the Model, View, and Controller. These inter connection is aimed to separate internal representation of information from the way it is presented to accepted users[ 2] . fig 1 SOFTWARE ARCHITECTURES As shown in fig 1, the MVC has three components that interact to show us our unique information.
    [Show full text]
  • An Analysis of CSRF Defenses in Web Frameworks
    Where We Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks Xhelal Likaj Soheil Khodayari Giancarlo Pellegrino Saarland University CISPA Helmholtz Center for CISPA Helmholtz Center for Saarbruecken, Germany Information Security Information Security [email protected] Saarbruecken, Germany Saarbruecken, Germany [email protected] [email protected] Abstract Keywords Cross-Site Request Forgery (CSRF) is among the oldest web vul- CSRF, Defenses, Web Frameworks nerabilities that, despite its popularity and severity, it is still an ACM Reference Format: understudied security problem. In this paper, we undertake one Xhelal Likaj, Soheil Khodayari, and Giancarlo Pellegrino. 2021. Where We of the first security evaluations of CSRF defense as implemented Stand (or Fall): An Analysis of CSRF Defenses in Web Frameworks. In by popular web frameworks, with the overarching goal to identify Proceedings of ACM Conference (Conference’17). ACM, New York, NY, USA, additional explanations to the occurrences of such an old vulner- 16 pages. https://doi.org/10.1145/nnnnnnn.nnnnnnn ability. Starting from a review of existing literature, we identify 16 CSRF defenses and 18 potential threats agains them. Then, we 1 Introduction evaluate the source code of the 44 most popular web frameworks Cross-Site Request Forgery (CSRF) is among the oldest web vul- across five languages (i.e., JavaScript, Python, Java, PHP, andC#) nerabilities, consistently ranked as one of the top ten threats to covering about 5.5 million LoCs, intending to determine the imple- web applications [88]. Successful CSRF exploitations could cause re- mented defenses and their exposure to the identified threats. We mote code execution [111], user accounts take-over [85, 87, 90, 122], also quantify the quality of web frameworks’ documentation, look- or compromise of database integrity—to name only a few in- ing for incomplete, misleading, or insufficient information required stances.
    [Show full text]