DOCSLIB.ORG

Design and Analysis of Web Application Frameworks

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Design and Analysis of Web Application Frameworks Aarhus University PhD Dissertation Design and Analysis of Web Application Frameworks Mathias Schwarz Supervisor: Anders Møller Submitted: January 29, 2013 Abstract Numerous web application frameworks have been developed in recent years. These frameworks enable programmers to reuse common components and to avoid typical pitfalls in web application development. Although such frameworks help the pro- grammer to avoid many common errors, we find that there are important, common errors that remain unhandled by web application frameworks. Guided by a survey of common web application errors and of web application frameworks, we identify the need for techniques to help the programmer avoid HTML invalidity and security vulnerabilities, in particular client-state manipulation vulnerabilities. The hypothesis of this dissertation is that we can design frameworks and static analyses that aid the programmer to avoid such errors. First, we present the JWIG web application framework for writing secure and maintainable web applications. We discuss how this framework solves some of the common errors through an API that is designed to be safe by default. Second, we present a novel technique for checking HTML validity for output that is generated by web applications. Through string analysis, we approximate the out- put of web applications as context-free grammars. We model the HTML validation algorithm and the DTD language, and we generalize the validation algorithm to work for context-free grammars. Third, we present a novel technique for identifying client-state manipulation vulnerabilities. The technique uses a combination of output analysis and informa- tion flow analysis to detect flow in the web application that might be exploited by malicious clients. We implement and evaluate the techniques to study their usefulness in practice. We find that JWIG is useful for implementing large web applications. We further- more evaluate the static analyses techniques and find that they are able to detect real bugs with few false positives in open-source applications. 1 Resume Igennem de senere ˚arer et stort antal web applikations-frameworks blevet udviklet. Disse frameworks gør det muligt for programmører at genbruge løsninger og undg˚a typiske fejl i web applikationer. Selvom s˚adanneframeworks hjælper programmører med at undg˚amange typer fejl, s˚aviser det sig, at der alligevel er typer af fejl, som endnu ikke bliver h˚andterettilstrækkeligt af frameworks. Vi undersøger hvilke typer fejl, der ofte opst˚ari web applikationer, og hvilke løsninger forskellige frameworks har p˚aproblermerne. Denne undersøgelse viser, at der er brug for teknikker, som kan hjælpe programmøren med at undg˚augyldig HTML og sikkerhedsproblemer, især s˚arbarhedersom skyldes manipulation af klien- tens tilstand. Hypotesen i denne afhandling er, at vi kan designe nye frameworks og statiske analyser som kan hjælpe programmøren med at undg˚adisse typer af fejl. Først præsenterer vi JWIG frameworket der kan bruges til at skrive sikre web applikationer som er lette af vedligeholde. Vi diskuterer hvordan dette framework løser nogle af de typiske problemer med et API som er designet til at undg˚afejl. Dernæst præsenterer vi en ny teknik til at verificerere korrekthed af genereret HTML i web applikationer. Vi bruger streng-analyse til at tilnærme det mulige output med kontekst-frie grammatikker. Vi modellerer HTML valideringsalgorit- men og DTD specifikationssproget og viser, hvordan valideringsalgoritmen lader sig generalisere til at virke for kontekst-frie grammatikker. Endelig præsenterer vi en ny teknik til at finde s˚arbarheder,som skyldes ma- nipulation af klientens tilstand. Teknikken bruger en kombination af en output analyse og en information flow analyse til at finde flow af data som kan udnyttes af en ondsindet klient. Vi implementerer og evaluerer teknikkerne for at undersøge, hvor godt de virker i praksis. Vi ser, at JWIG er brugbart til at implementere store web applikationer. Vi evaluerer ogs˚aanalyseteknikkerne og ser, at de kan bruges til at finde fejl i open-source programmer, som vi har fundet p˚anettet. 3 Acknowledgments Thanks to the members of the Programming Languages group at Aarhus University for insightful discussions, inspiring friendships, and countless foosball tournaments. I am truly thankful to Anders Møller for his patient and insightful mentorship. He has been the best supervisor one can imagine. I thank Simon Holm Jensen for his valuable feedback during the writing of this dissertation. I would like to thank Henning Rohde and Anna Gringauze for an inspiring stay at Microsoft Research. Thanks to my parents and brothers for supporting and encouraging me. A very special thanks to my wife Rikke who has been a loving help and support throughout my studies. Our son Andreas has barely been with us for a year but I thank him for his happy smiles and for reminding me to never stop being curious. Mathias Schwarz, Aarhus, January 29, 2013. 5 Contents Abstract 1 Resume 3 Acknowledgments 5 Contents 7 I Overview 1 1 Introduction 3 1.1 Overview . 4 1.2 Method . 5 1.3 Contributions . 5 1.4 Software packages . 6 2 Web frameworks and web applications 7 2.1 Purpose and structure of web frameworks . 8 2.1.1 Components of a web framework . 8 2.1.2 Static analysis in the presence of web application frameworks 10 2.2 Software engineering principles in web frameworks . 10 2.2.1 Cohesion, coupling, and the MVC pattern . 10 2.2.2 Safety by default . 11 2.3 Common web application errors . 11 2.3.1 Output correctness . 11 2.3.2 Security . 13 2.4 A survey of web application frameworks . 17 2.4.1 PHP . 18 2.4.2 Java Servlets . 19 2.4.3 Java Server Pages . 21 2.4.4 JSF . 22 2.4.5 Struts 2 . 24 2.4.6 Seaside . 26 2.4.7 Hop . 28 2.5 The need for a new web framework and analysis for the existing ones 29 3 Designing a new web application framework 31 3.1 Overview of JWIG . 31 3.2 Introduction to JWIG application programming . 33 3.2.1 Xact syntax . 33 3.2.2 Web methods . 34 3.2.3 Session data . 35 7 3.2.4 Handlers . 35 3.2.5 Client/server communication . 36 3.3 Relation to existing frameworks . 36 3.3.1 Relation to the previous version of JWIG . 36 3.3.2 The JWIG approach compared to MVC . 37 3.3.3 Relation between submit handlers and Seaside callbacks . 38 3.4 Static analysis of JWIG applications . 38 3.4.1 XHTML validation of output construction . 38 3.4.2 Web application page graphs . 39 3.4.3 Link consistency . 39 3.4.4 Filter coverage . 39 3.4.5 Parameter names . 40 3.5 Evaluation of the JWIG web application framework . 40 3.5.1 Safety of JWIG applications . 41 3.5.2 Case study: CourseAdmin . 41 4 Static analysis for existing frameworks 43 4.1 Approximating web application output . 43 4.1.1 Output-stream flow graphs . 43 4.1.2 From Java Servlets and JSP to output-stream flow graphs . 44 4.1.3 From output-stream flow graphs to context-free grammars . 45 4.2 HTML validation in WARLord . 45 4.2.1 Annotating context-free grammars with contexts . 46 4.2.2 HTML validation of an annotated grammar . 46 4.2.3 On HTML5 . 48 4.2.4 Comparison to related work . 49 4.2.5 Evaluation . 50 4.3 Client-state manipulation vulnerability detection . 50 4.3.1 Related security analysis techniques for web applications . 50 4.3.2 Overview of the analysis technique in WARLord . 52 4.3.3 Evaluation . 54 5 Conclusion 55 II Publications 57 6 JWIG: Yet Another Framework for Maintainable and Secure Web Applications 59 6.1 Introduction . 60 6.2 Architecture . 62 6.3 Generating XML Output . 64 6.4 XML Producers and Page Updates . 65 6.5 Forms and Event Handlers . 66 6.6 Example: MicroChat . 66 6.7 Parameters and References to Web Methods . 67 6.8 Session State and Persistence . 68 6.9 Caching and Authentication . 69 6.10 Additional Examples . 70 6.10.1 QuickPoll . 70 6.10.2 GuessingGame . 70 6.11 Case Study: CourseAdmin . 71 6.12 Conclusion . 72 8 7 HTML Validation of Context-Free Languages 79 7.1 Introduction . 80 7.1.1 Outline of the Paper . 81 7.1.2 Example . 81 7.2 Related Work . 82 7.3 Parsing HTML Documents . 83 7.3.1 A Model of HTML Parsing . 84 7.4 Parsing Context-Free Sets of Documents . 86 7.4.1 Generating Constraints . 86 7.4.2 Solving Constraints . 87 7.4.3 Example . 89 7.5 Experimental Results . 90 7.6 Conclusion . 91 7.7 Proof of Theorem 7.1 . 93 8 Automated Detection of Client-State Manipulation Vulnerabilities 97 8.1 Introduction . 98 8.2 Client-State Manipulation Vulnerabilities . 101 8.3 Outline of the Analysis . 104 8.4 Identifying Client State . 105 8.4.1 Analyzing HTML Output . 106 8.4.2 Analyzing Input Parameters . 109 8.5 Identifying Shared Application State . 109 8.6 Information Flow from Client State to Shared Application State . 111 8.7 Automatic Configuration of a Security Filter . 112 8.8 Evaluation . 113 8.8.1 Experiments . 114 8.8.2 Summary of Results . 120 8.9 Related Work . 122 8.10 Conclusion . 123 Bibliography 125 9 Part I Overview 1 Chapter 1 Introduction The hypothesis in this dissertation is that we can design frameworks and static analyses that aid the programmer to avoid invalid HTML and to avoid programs that are vulnerable against common security vulnerabilities, in particular client- state manipulation vulnerabilities. For such frameworks and analyses to be useful to a programmer it must be possible to apply them to large scale programs.
Load more

Recommended publications
  • Transform View
    4/20/04 Doc 17 Model-View-Controller part 2 slide 1 CS 635 Advanced Object-Oriented Design & Programming Spring Semester, 2004 Doc 17 Model-View-Controller part 2 Contents Transform View ......................................................................... 2 Context Object .......................................................................... 5 Application Controller ................................................................ 7 Continuation-Based Web Servers ............................................. 9 References Patterns of Enterprise Application Architecture, Folwer, 2003, pp 330-386 Core J2EE Patterns: Best Practices and Design Strategies, 2nd, Alur, Crupi, Malks, 2003 Copyright ©, All rights reserved. 2004 SDSU & Roger Whitney, 5500 Campanile Drive, San Diego, CA 92182-7700 USA. OpenContent (http://www.opencontent.org/opl.shtml) license defines the copyright on this document. 4/20/04 Doc 17 Model-View-Controller part 2 slide 2 Transform View A view that processes domain data elements by element and transforms them into HTML Given a domain object, MusicAlbum, how to generate a web page for the object? • Use Template View • Convert object into html 4/20/04 Doc 17 Model-View-Controller part 2 slide 3 Converting object into html One could add toHtml to the object MusicAlbum ragas = new MusicAlbum.find(“Passages”); String html = ragas.toHtml(); • Domain object is coupled to view language • Provides only one way to display object Better use XML and XSLT • Convert domain object to XML • Use XSLT to convert XML into HTML Now
    [Show full text]
  • VAST Platform 2021 Design It. Build It. Deploy
    VAST Platform 2021 10.0.2 Design it. Build it. Deploy it. Create object-oriented software that’s stable, easy to maintain, and deploys smoothly — all from the same comprehensive development environment. The VAST Platform is a comprehensive integrated development environment (IDE) that works with a Smalltalk language New in 9.2.2 runtime. Because it’s Smalltalk-based, the IDE and the runtime are essentially a development ‘image’ that’s executed by a virtual machine (VM). First released as IBM® VisualAge® Smalltalk in 1993, the VAST Platform has built upon this original foundation starting in 2005 and has continued to grow in power and flexibility through ongoing research and development. VAST has evolved beyond what the original VisualAge developers could have foreseen, and allows developers to quickly iterate new ideas with proven Smalltalk-based live programming methodologies and deploy to a variety of desktop, cloud, Internet of Things (IoT), and on-premise server hardware. Version Control What’s New in VAST 2021 • Git/Tonel tooling Platform Development Tools • Brace array syntax • Migration to LLVM 10 compiler toolchain • Method type annotations • Asynchronous call-ins • SELinux Support (As of 10.0.1) Look and Feel Core Libraries • Hi-DPI fixes and enhancements • Cross-platform OsProcess framework • Product branding and other visual updates • Futures/promises asynchronous framework • High-resolution timer • Secure RNG stream • Swapper performance increase • Enhanced walkback generator Documentation • Lightweight/mobile-friendly documentation Communications • IBM MQ Series SSL/TLS support and 64-bit updates • Improved SMTP handling • Socket fixes and enhancements Top Features Type Analysis & Enhanced Multi-CPU Capable with Asynchronous Code Completion FFI & OsProcess Programming Real-time and lag free.
    [Show full text]
  • Dead Babies and Seaside Towns Ebook, Epub
    DEAD BABIES AND SEASIDE TOWNS Author: Alice Jolly Number of Pages: 432 pages Published Date: 25 Sep 2018 Publisher: Unbound Publication Country: London, United Kingdom Language: English ISBN: 9781783523610 DOWNLOAD: DEAD BABIES AND SEASIDE TOWNS Dead Babies and Seaside Towns PDF Book More than 100 fiction films and documentaries are discussed in this completely original and definitive work on how film meets neurology. Creatively imagined and beautifully written, this book: Interweaves theoretical concepts and professional practice on every pageUses cultural economy to teach the essential concepts and thinkersIntegrates case studies from fashion and gaming to journalism and musicTeaches strategies for navigating the links between skills, industries, creativity and markets. How the statutory residence test applies from April 2013. Gen. Environment focuses on inclusion, including residence life, the local community, the working and learning environment, and external factors and events such as national and international news events or town gown relationships. She has built up a professional reputation from her hands-on, direct client experience, as well as through evidence gained from many years of conducting client surveys and analysis of client data. With this book, you will learn about technical, legal, and resource sharing developments that will contribute to the future distribution of global information in libraries. All you have to do is read the book to start your new journey today. "-Gary Stoner, Ph. " Murach's ADO. She also illustrates assumptions about language and being American, as these are both debated and shared by each "side" of the language and immigration debates in California and Georgia. The report lays out clear evidence of the significant successes that can be achieved by properly structured RCM programs.
    [Show full text]
  • Car Agency in Lakewood Going to the Dogs!
    July 7th, 2016 The Ocean County Gazette - www.ocgazette.news 1 The OC Gazette P.O. Box 577 Seaside Heights NJ 08751 On The Web at: www.ocgazette.news JULY 29TH, 2016 VOL. 16 NO. 570 THIS WEEKS Car Agency in Lakewood Going ALERT SHERIFF’S ISSUE OFFICER CATCHES Pages 8-9 to the Dogs! Ocean County POSSIBLE BURGLARY Featured Events FROM COURTROOM Pages 10-11 Ocean County WINDOW; WARRANT Library Weekend Events and ISSUED Exhibits TOMS RIVER – The keen eye of Pages 12-13 an Ocean County Sheriff’s Officer Ocean County caught a suspicious male gaining Artists Guild entry into an apartment on Washington Street in the downtown Page - 16-17 area on July 21. And now, that Long Beach Island Foundation of the person has a warrant out for his Arts & Sciences arrest on charges of burglary, theft Events and criminal trespassing. According to a report provided Page 25 by Ocean County Sheriff Michael Museums, Historic, G. Mastronardy, Sheriff’s Officer Arts & Exhibits Robert Mazur was just completing Photo credits: Courtesy of Caregiver Volunteers; Picture of Alice, courtesy of Michael his security detail around noon in Page 25 Bagley Photography Alice, Lavallette, with Golden Retriever Simon Courtroom 214 on the third floor A Summary of of 213 Washington St., when he Comedy & Stage glanced out the window toward the Performances Kick off the “Dog Days of Summer” $5.00 to the nonprofit Caregiver with a celebration of Caregivers, Canines® program for every vehicle Harbor Front Condominiums at 215 Page 27-34 Canines, and Cars at the Larson Ford sold during the Caregivers, Canines, Washington Street.
    [Show full text]
  • “Develop in Pharo, Deploy in Gemstone” with Seaside Johan Brichau
    10 Years later “develop in Pharo, deploy in Gemstone” with Seaside Johan Brichau - [email protected] Yesplan ? Web Application (SaaS) to manage an event venue Yesplan ? Web Application (SaaS) to manage an event venue Yesplan ? Web Application (SaaS) to manage an event venue Yesplan ? Web Application (SaaS) to manage an event venue - jQuery - jQuery-UI - KnockoutJs - D3.js - Datatables - Jasper reports - …. Yesplan ? Web Application (SaaS) to manage an event venue - jQuery - jQuery-UI - KnockoutJs - D3.js - Datatables - Jasper reports ReactJs - …. Yesplan ? • Founded by aa. and arts centre • Over 200 customers (in BE, NL, Lux, CH, UK, NO, DK, FI) • Currently 25 employees: • 5 software engineers, 1 dev ops engineer, 1 interaction designer and 1 report engineer • sales, account management, marketing, support, • Emphasis on making an application that not only works, but also is enjoyable to use Yesplan 0.1 (2009) • Yesplan calendar built using Seaside’s “full page rendering” in-place editing info bubbles title • Standard ‘component calls component’ implementation group • A lot of jQuery for animations and ajax updates group visualization • Javascript universe was “big mess” (excluding notable exceptions) • More errors than functionality in most ‘plugins’ • Bad performance and horrible engineering • Pharo + GoodsDB in production Yesplan 1.0 (2010) • Yesplan calendar with incremental ajax updates • A lot of jQuery-based scripts • SVG animations using generated Javascript • Develop in Pharo, deploy in GemStone • Pharo for development • GemStone
    [Show full text]
  • Clackamas County Reopening Plan
    Clackamas County Phase I Reopening Application May 2020 CLACKAMAS COUN T Y 1 May 19 \ 2020 Honorable Governor Kate Brown c/o/Jennifer Andrew 254 State Capitol Salem, OR 97301-4047 Clackamas County's Application for Phase One Reopening Dear Governor Brown: On behalf of the Clackamas County Board of Commissioners, we are pleased to submit Clackamas County's Phase 1 Reopening Application for consideration by the Governor's Office and the Oregon Health Authority. Our residents have taken your directive to "Stay Home, Save Lives" seriously and local efforts have been highly effective in "flatting the curve" for COVID-19 in Clackamas County. Our community has experienced significant community impacts, and it is time to begin gradually reopening additional sectors of our local economy. Staff within our Clackamas County Emergency Operations Center have worked hard on an in-depth analysis of each of the 7 prerequisites required for entering Phase 1. We are confident that we either meet the necessary requirements or have comprehensive plans in place to address urgent needs as our businesses (identified in Phase 1) start to reopen. Additional financial and technical resources from state and federal sources will be critical to implement our plans related to testing, contact tracing and monitoring, and isolation facilities. We have been in regular communication with our partners in Health Region 1 and neighboring Local Public Health Authorities to coordinate local response efforts, prepare for reopening, and monitor the established gating criteria. We are doing all we can to prevent having to re-impose restrictions. We also recognize the need for our residents and visitors to remain vigilant in protecting themselves and others from the risks of COVID-19.
    [Show full text]
  • Aranea—Web Framework Construction and Integration Kit
    Aranea—Web Framework Construction and Integration Kit Oleg Murk¨ Jevgeni Kabanov Dept. of Computer Science and Engineering, Dept. of Computer Science, Chalmers University of Technology, University of Tartu, SE-412 96 Goteborg,¨ Sweden J. Liivi 2, EE-50409 Tartu, Estonia [email protected] [email protected] ABSTRACT proaches and ideas are tried out. Indeed, many very good Currently there exist dozens of web controller frameworks ideas have been proposed during these years, many of which that are incompatible, but at the same time have large por- we will describe later in this paper. On a longer time- tions of overlapping functionality that is implemented over scale the stronger (or better marketed) frameworks and ap- and over again. Web programmers are facing limitations on proaches will survive, the weaker will diminish. However, in code reuse, application and framework integration, extensi- our opinion, such situation also has a lot of disadvantages. bility, expressiveness of programming model and productiv- 1.1 Problem Description ity. In this paper we propose a minimalistic component model First of all let’s consider the problems of the web frame- Aranea that is aimed at constructing and integrating server- work ecosystem from the viewpoint of application develop- side web controller frameworks in Java. It allows assembling ment. Framework user population is very fragmented as a most of available web programming models out of reusable result of having many incompatible frameworks with simi- components and patterns. We also show how to integrate lar programming models. Each company or even project, is different existing frameworks using Aranea as a common using a different web framework, which requires learning a protocol.
    [Show full text]
  • Smalltalk Web Frameworks
    Smalltalk Web frameworks Comparison of Aida/Web and Seaside Janko Mivšek [email protected] Vsebina Definition of Web App server Aida's ideas and architecture Comparison to Seaside Examples Conclusion Web application server Web + application server For web applications Dynamic, on-the-fly built web pages Web pages instead of GUI apps Thin clients instead of fat clients Examples: business apps, portals, ... Swazoo vs. Aida & Seaside Swazoo Seaside AIDA SmallWiki Methods of building web pages Embedded tags into HTML jsp, asp, php Cincom Web Toolkit Programming Java Servlets Struts AIDA/Web, Seaside Embedded tags ± SSP example <html> <head><title>Toyz Employees</title></head> <body> <table border=1> <% employees := (Toyz new) getEmployees. employees do: [:each | response write: ‘<tr>’. response write: (‘<td>’, each number’, ‘</td>’). response write: (‘<td>’, each name, ‘ ‘, each surname, ‘</td>’). response write: ‘</tr>’]. %> </table> </body> </html> Enbedded commands Pros Simple for web designers Cons Functional logic get lost among presentation logic (HTML) ªspaghettiº code ± hard to maintain and extend Programming ± two examples Aida: element := WebElement new. element table width: 500; cell color: (self navigatorColor); cell colspan: 3; addText: self title header: 3; newRow; cell colspan: 3; addRulerSize: 1; newRow; cell addText: 'uptime: '; newCell align: #right; addText: (self printSeconds: self session site uptime); newRow. ^self pageFrameWith: element title: self title . Seaside: renderContentOn: html html form: [ html table:
    [Show full text]
  • Uncommon Web Technologies*
    Uncommon web technologies* Or “A look at Seaside, and a discussion about esoteric web frameworks” * The topics there are no Oreilly books about Who am I • Lars Rustemeier • System architect at Snowmen Solutions • Previously: KTH, Razorfish, GameDesign Sweden, Netbaby, ACNE, Automata (still so), Ongame • I prefer dynamic languages* • Professional programming** in C, C++, Lua, Java, Python, Smalltalk, Ruby, Perl, Scheme and Common Lisp * Languages that defer as many decisions as possible until runtime They also tend to be expressive: “Programs must be written for people to read, and only incidentally for machines to execute”. /Sussman ** In the sense that I have been paid to program in the language Cutting edge web sw Why bother with this esoteric stuff • Makes you a better developer • The future lies in some of the radical projects • Paradigm changes tend to scare developers (reluctance to change) • Good for experimentation, prototyping* (does anyone do prototyping?) • In a nutshell: It is fun Consequence of the fact that most apps are deployed as web applications • You can write web apps in any language! • Not so for desktop applications Developer courage Seaside • I want to talk about Seaside since it seem to be unknown outside the Lisp/Smalltalk world • Why is this? • Smalltalk, an extremely dynamic* language (even more so than Ruby) • Everything is an object, even the runtime stack, “reification” • The syntax (or lack there of) is scary to some • Image based development is not fashionable Features Programmatic HTML generation. Callback-based request handling. Embedded components. Modal session management. Interactive debugging support. Features • Halos in squeak • Halos in seaside • Inspector • Backtracking • Thinking about things at the component level Back tracking • What happens when we use the back button? Pages Page1 Page2 Page3 Session state state1 state2 state3 • What do we want? Continuations • Travel in time color = color_picker() set_background(color) ..
    [Show full text]
  • Tinyblog: Building a Web Interface with Seaside
    CHAPTER 1 TinyBlog: Building a Web Interface with Seaside 1.1 Previous Week Solution You can load the solution of the previous week using the following snippet: Gofer new smalltalkhubUser: 'PharoMooc' project: 'TinyBlog'; package: 'ConfigurationOfTinyBlog'; load. #ConfigurationOfTinyBlog asClass loadWeek3Correction Make sure that you Teapot server is stopped. TBTeapotWebApp stop 1.2 A Web UI for TinyBlog with Seaside The work presented in this exercise does not require the one on Voyage and MongoDB. This week, we start with a web UI dedicated to display posts to users. Next week, we will develop another web UI for the blog owner to admnistrate the posts. In both cases, we will define Seaside components http://www.seaside.st which has a freely available book online here: http://book.seaside.st. 1 Figure 1.1 Start Seaside Server. Figure 1.2 Accessing Seaside Home Page. 2 1.3 Start Seaside 1.3 Start Seaside There are two ways to start Seaside. The first one consists in executing the following code: ZnZincServerAdaptor startOn: 8080. The second one uses the graphical tool named ”Seaside Control Panel” (World Menu>Tools>Seaside Control Panel). In the contextual menu (right clic) of this tool, select ”add adaptor...” and add a server of type ZnZincServer- Adaptor, then define the port number (e.g. 8080) it should run on (cf. figure 1.1). By opening a web browser on the URL http://localhost:8080, you should see the Seaside home page as displayed on Figure 1.2. 1.4 Entry Point for TinyBlog Web UI Create a class named TBApplicationRootComponent which will be the entry point of the application.
    [Show full text]
  • MMAC Dba Seaside Service Co, LLC Reviewer
    CITY OF PASADENA Applicant Name: MMAC dba Seaside Service Co, LLC Reviewer: Tim Cromartie Date: 4/19/19 Maximum Points Percent OVERALL SCORE Points Awarded Score 1,575 1,415 89.84% GENERAL COMMENTS Applicant provided a very thorough and detailed packet that included sections prepared by a variety of qualified professional consultants. The applicant has demonstrated ample previous experience that is directly applicable to operating a cannabis retailers and has generally presented themselves in a very professional manner. Applicant appears to have anticipated many potential issues and has been proactive in addressing them. SECTION 1: QUALIFICATIONS OF OWNERS/ OPERATORS 750 684 91.20% Experience Applicant provided documentation to show that they are or have been part owner of 3 licensed retailers in Los Angeles over the past year. Temporary BCC license numbers are provided. Cannabis Industry Knowledge Application demonstrated a high degree of knowledge about the cannabis industry from both legally permitted and non-permitted businesses. Application provided great detail about how the business will address requirements of State and local laws. Ownership Team Application fails to provide clear information on who the owners are. It appears that an LLC has 100% ownership, and one member of the management team is listed as the manager. Other than providing titles, narrative does not describe what most members of the management team will do via-a-vis day-to-day operations. SEASIDE SERVICE CO, LLC'S APPLICATION FOR CANNABIS RETAILER LICENSE, CITY OF PASADENA 1 OF 108 SECTION 2: BUSINESS PLAN 525 455 86.67% Standard Operating Procedures (SOP) Applicant provided highly detailed excerpts from an employee procedures manual, currently in use at its other facilities and relevant to cannabis retail operations.
    [Show full text]
  • Seaside – a Multiple Control Flow Web Application Framework ?
    Seaside – A Multiple Control Flow Web Application Framework ? St´ephane Ducasse a Adrian Lienhard b Lukas Renggli b aSoftware Composition Group Institut f¨urInformatik und angewandte Mathematik Universit¨atBern, Switzerland bnetstyle.ch GmbH Bern, Switzerland Abstract Developing web applications is difficult since (1) the client-server relationship is asymmetric: the server cannot update clients but only responds to client requests and (2) the navigation facilities of web browsers lead to a situation where servers cannot control the state of the clients. Page-centric web application frameworks fail to offer adequate solutions to model control flow at a high-level of abstrac- tion. Developers have to work manually around the shortcomings of the HTTP protocol. Some approaches offer better abstractions by composing an application out of components, however they still fail to offer modeling control flow at a high level. Continuation-based approaches solve this problem by providing the facilities to model a control flow over several pages with one piece of code. However combining multiple flows inside the same page is difficult. This article presents Seaside. Seaside is a framework which combines an object- oriented approach with a continuation-based one. A Seaside application is built out of components (i.e., objects) and the logic of the application benefits from the continuation-based program flow infrastructure. Seaside offers a unique way to have multiple control flows on a page, one for each component. This enables the developer to write components that are highly reusable and that can be used to compose complex web applications with higher quality in less time.
    [Show full text]