CONSCRIPT: Specifying and Enforcing Fine-Grained Security Policies for Javascript in the Browser

Total Page:16

File Type:pdf, Size:1020Kb

CONSCRIPT: Specifying and Enforcing Fine-Grained Security Policies for Javascript in the Browser CONSCRIPT: Specifying and Enforcing Fine-Grained Security Policies for JavaScript in the Browser Leo A. Meyerovich Benjamin Livshits University of California, Berkeley Microsoft Research [email protected] [email protected] Abstract—Much of the power of modern Web comes from the instance, an included library might perform a prototype ability of a Web page to combine content and JavaScript code hijacking attack [1], drastically redefining the behavior of from disparate servers on the same page. While the ability the remainder of the JavaScript code on the page. to create such mash-ups is attractive for both the user and the developer because of extra functionality, code inclusion CONSCRIPT, a browser-based aspect system for security effectively opens the hosting site up for attacks and poor proposed in this paper, focuses on empowering the hosting programming practices within every JavaScript library or API page to carefully constrain the code it executes. For ex- it chooses to use. In other words, expressiveness comes at the ample, the hosting page may restrict the use of eval to price of losing control. To regain the control, it is therefore JSON only, restrict cross-frame communication or cross- valuable to provide means for the hosting page to restrict the behavior of the code that the page may include. domain requests, allow only white-listed script to be loaded, This paper presents CONSCRIPT1, a client-side advice im- limit popup window construction, limit JavaScript access to plementation for security, built on top of Internet Explorer 8. cookies, disallow dynamic IFRAME creations, etc. These CONSCRIPT allows the hosting page to express fine-grained constraints take the form of fine-grained policies expressed application-specific security policies that are enforced at run- as JavaScript aspects that the hosting page can use to change time. In addition to presenting 17 widely-ranging security and reliability policies that CONSCRIPT enables, we also show how the behavior of subsequent code. In CONSCRIPT, this kind policies can be generated automatically through static analysis of behavior augmentation is done via the script include tag of server-side code or runtime analysis of client-side code. We to provide a policy as follows: also present a type system that helps ensure correctness of CONSCRIPT policies. <SCRIPT SRC="script.js" POLICY="function () {...}"> CONSCRIPT To show the practicality of in a range of settings, With CONSCRIPT, the first general browser-based policy we compare the overhead of CONSCRIPT enforcement and conclude that it is significantly lower than that of other systems enforcement mechanism for JavaScript to our knowledge, proposed in the literature, both on micro-benchmarks as well at a relatively low cost of several hundred lines of code as large, widely-used applications such as MSN, GMail, Google added to the JavaScript engine, we gain vast expressive Maps, and Live Desktop. power. This paper presents 17 widely-ranging security and Keywords-JavaScript; Web and client-side programming; reliability policies that CONSCRIPT enables. To collect these aspects; browsers; language security; security policies policies, we studied bugs and anti-patterns in both “raw” JavaScript as well as popular JavaScript libraries such as I. INTRODUCTION jQuery. We also found bugs in and have rewritten many of the policies previously published in the literature [2, Much of the power of modern Web comes from the ability 3] in CONSCRIPT. We discovered that in many cases a of a Web page to combine HTML and JavaScript code from few lines of policy code can be used instead of a new, disparate servers on the same page. For instance, a mash- specialized HTML tag. Our experience demonstrates that up such as a Yelp! page describing a restaurant may use CONSCRIPT provides a general enforcement mechanism for APIs from Google Maps to show the restaurant’s location, a wide range of application-level security policies. We also jQuery libraries to provide visual effects, and Yelp APIs show how classes of CONSCRIPT policies can be generated to obtain the actual review and rating information. While automatically, with static analysis of server-side code or the ability to create such client-side mash-ups within the runtime analysis of client-side code, removing the burden same page is attractive for both the user and the developer on the developer for specifying the right policy by hand. because of the extra functionality this provides, because Finally, we propose a type system that makes it considerably of including untrusted JavaScript code, the hosting page easier to avoid common errors in policies. effectively opens itself up to attacks and poor programming practices from every JavaScript library or API it uses. For We built CONSCRIPT by modifying the JavaScript inter- preter in the Internet Explorer 8 Web browser. This paper 1The name CONSCRIPT has been chosen to reflect our desire to restrict describes our implementation, correctness considerations malicious script. one has to take into account when writing CONSCRIPT policies, as well as the results of our evaluation on a results. Finally, Sections VIII and IX describe related work range of benchmarks, both small programs and large-scale and conclude. applications such as MSN, GMail, and Live Desktop. II. OVERVIEW A. Contributions This section presents an overview of the use of advice to This paper makes the following contributions. enforce security and reliability properties in a browser. Security aspects in the browser. We present a case for the use of aspects for enforcement of rich application-specific A. Browser Enforcement of Application Policies policies by the browser. Unlike previous fragile wrapper Many Web security policies are being proposed for both or rewriting aspect systems for the Web and dynamic lan- browsers and Web applications [4–6]. Similarly, correspond- guages, we advocate deep aspects that are directly supported ing enforcement mechanisms at the browser and script levels by the JavaScript and browser runtimes. Modifying the are also being advocated. These proposals highlight the JavaScript engine allows us to easily enforce properties that diverse nature of Web security policies and suggest that the are difficult or impossible to fully enforce otherwise. security concerns of a Web application are often orthogonal Correctness checking for aspects. CONSCRIPT proposes from those of the browser. static and runtime validation strategies that ensure that Currently, when determining how to enforce security aspects cannot be subverted through common attack vectors policies of a Web application by using browser-level or script found in the literature. rewriting and wrapping approaches, there are large trade- Policies. We present 17 wide-ranging security and reliability offs in granularity, performance, and correctness [7–9]. We policies. We show how to concisely express these policies propose to expose browser mechanisms and to make them in CONSCRIPT, often with only several lines of JavaScript accessible through an advice system. Doing so lowers perfor- code. These policies fall intro the broad categories of con- mance and code complexity barriers for current cross-cutting trolling script introduction, imposing communication restric- security policies (and those that have been too difficult or tions, limiting dangerous DOM interactions, and restricting onerous to implement). Furthermore, enabling applications API use. To our knowledge, this is the most comprehensive to deploy their own policies decreases the reliance upon catalog of application-level security policies for JavaScript browser upgrades to mitigate security threats. available to date. B. Motivating Policy Example in CONSCRIPT Automatic policy generation. To further ease the policy specification burden on developers, we advocate automatic We start our description of CONSCRIPT advice by show- policy generation. We demonstrate two examples of di- ing a motivating example of how it may be used in practice. rectly enforcing CONSCRIPT policies automatically gener- One feature of the JavaScript language that is often consid- ated through static or runtime analysis. ered undesirable for security is the eval construct. At the same time, because this construct is often used to de-serialize We implemented the techniques described in Evaluation. JSON strings, it is still commonly used. A na¨ıve approach this paper in the context of Internet Explorer 8. We assess to prevent unrestricted use of eval involves redefining eval the performance overhead of our client-side enforcement as follows: strategy on the overall program execution of real programs such as Google Maps and Live Desktop, as well as a set window.eval = function() / ...safe version... / ; of JavaScript micro-benchmarks previously used by other { ∗ ∗ } researchers. We conclude that CONSCRIPT results in runtime However, references to the native eval functions are dif- enforcement overheads that hover around 1% for most large ficult to hide fully. This is because window.eval and benchmarks, which is considerably smaller than both time window.parent.eval, for instance, are both aliases for and space overheads incurred by implementations previously the same function in the JavaScript interpreter. Are there proposed in the literature. other access paths specified by Web standards, or, perhaps, provided by some non-standard browser feature for a par- B. Paper Organization ticular release? Another issue is that some native JavaScript The rest of the paper
Recommended publications
  • Rich Internet Applications
    Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight Master of Science Thesis in the Programme Software Engineering and Technology CARL-DAVID GRANBÄCK Department of Computer Science and Engineering CHALMERS UNIVERSITY OF TECHNOLOGY UNIVERSITY OF GOTHENBURG Göteborg, Sweden, October 2009 The Author grants to Chalmers University of Technology and University of Gothenburg the non-exclusive right to publish the Work electronically and in a non-commercial purpose make it accessible on the Internet. The Author warrants that he/she is the author to the Work, and warrants that the Work does not contain text, pictures or other material that violates copyright law. The Author shall, when transferring the rights of the Work to a third party (for example a publisher or a company), acknowledge the third party about this agreement. If the Author has signed a copyright agreement with a third party regarding the Work, the Author warrants hereby that he/she has obtained any necessary permission from this third party to let Chalmers University of Technology and University of Gothenburg store the Work electronically and make it accessible on the Internet. Rich Internet Applications (RIAs) A Comparison Between Adobe Flex, JavaFX and Microsoft Silverlight CARL-DAVID GRANBÄCK © CARL-DAVID GRANBÄCK, October 2009. Examiner: BJÖRN VON SYDOW Department of Computer Science and Engineering Chalmers University of Technology SE-412 96 Göteborg Sweden Telephone + 46 (0)31-772 1000 Department of Computer Science and Engineering Göteborg, Sweden, October 2009 Abstract This Master's thesis report describes and compares the three Rich Internet Application !RIA" frameworks Adobe Flex, JavaFX and Microsoft Silverlight.
    [Show full text]
  • What Is Dart?
    1 Dart in Action By Chris Buckett As a language on its own, Dart might be just another language, but when you take into account the whole Dart ecosystem, Dart represents an exciting prospect in the world of web development. In this green paper based on Dart in Action, author Chris Buckett explains how Dart, with its ability to either run natively or be converted to JavaScript and coupled with HTML5 is an ideal solution for building web applications that do not need external plugins to provide all the features. You may also be interested in… What is Dart? The quick answer to the question of what Dart is that it is an open-source structured programming language for creating complex browser based web applications. You can run applications created in Dart by either using a browser that directly supports Dart code, or by converting your Dart code to JavaScript (which happens seamlessly). It is class based, optionally typed, and single threaded (but supports multiple threads through a mechanism called isolates) and has a familiar syntax. In addition to running in browsers, you can also run Dart code on the server, hosted in the Dart virtual machine. The language itself is very similar to Java, C#, and JavaScript. One of the primary goals of the Dart developers is that the language seems familiar. This is a tiny dart script: main() { #A var d = “Dart”; #B String w = “World”; #C print(“Hello ${d} ${w}”); #D } #A Single entry point function main() executes when the script is fully loaded #B Optional typing (no type specified) #C Static typing (String type specified) #D Outputs “Hello Dart World” to the browser console or stdout This script can be embedded within <script type=“application/dart”> tags and run in the Dartium experimental browser, converted to JavaScript using the Frog tool and run in all modern browsers, or saved to a .dart file and run directly on the server using the dart virtual machine executable.
    [Show full text]
  • TIBCO Activematrix® BPM Web Client Developer's Guide Software Release 4.3 April 2019 2
    TIBCO ActiveMatrix® BPM Web Client Developer's Guide Software Release 4.3 April 2019 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN THE LICENSE FILE) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. ANY SOFTWARE ITEM IDENTIFIED AS THIRD PARTY LIBRARY IS AVAILABLE UNDER SEPARATE SOFTWARE LICENSE TERMS AND IS NOT PART OF A TIBCO PRODUCT. AS SUCH, THESE SOFTWARE ITEMS ARE NOT COVERED BY THE TERMS OF YOUR AGREEMENT WITH TIBCO, INCLUDING ANY TERMS CONCERNING SUPPORT, MAINTENANCE, WARRANTIES, AND INDEMNITIES. DOWNLOAD AND USE OF THESE ITEMS IS SOLELY AT YOUR OWN DISCRETION AND SUBJECT TO THE LICENSE TERMS APPLICABLE TO THEM. BY PROCEEDING TO DOWNLOAD, INSTALL OR USE ANY OF THESE ITEMS, YOU ACKNOWLEDGE THE FOREGOING DISTINCTIONS BETWEEN THESE ITEMS AND TIBCO PRODUCTS.
    [Show full text]
  • Attacking AJAX Web Applications Vulns 2.0 for Web 2.0
    Attacking AJAX Web Applications Vulns 2.0 for Web 2.0 Alex Stamos Zane Lackey [email protected] [email protected] Blackhat Japan October 5, 2006 Information Security Partners, LLC iSECPartners.com Information Security Partners, LLC www.isecpartners.com Agenda • Introduction – Who are we? – Why care about AJAX? • How does AJAX change Web Attacks? • AJAX Background and Technologies • Attacks Against AJAX – Discovery and Method Manipulation – XSS – Cross-Site Request Forgery • Security of Popular Frameworks – Microsoft ATLAS – Google GWT –Java DWR • Q&A 2 Information Security Partners, LLC www.isecpartners.com Introduction • Who are we? – Consultants for iSEC Partners – Application security consultants and researchers – Based in San Francisco • Why listen to this talk? – New technologies are making web app security much more complicated • This is obvious to anybody who reads the paper – MySpace – Yahoo – Worming of XSS – Our Goals for what you should walk away with: • Basic understanding of AJAX and different AJAX technologies • Knowledge of how AJAX changes web attacks • In-depth knowledge on XSS and XSRF in AJAX • An opinion on whether you can trust your AJAX framework to “take care of security” 3 Information Security Partners, LLC www.isecpartners.com Shameless Plug Slide • Special Thanks to: – Scott Stender, Jesse Burns, and Brad Hill of iSEC Partners – Amit Klein and Jeremiah Grossman for doing great work in this area – Rich Cannings at Google • Books by iSECer Himanshu Dwivedi – Securing Storage – Hackers’ Challenge 3 • We are
    [Show full text]
  • Cliente Twitter Con Compresión De Datos
    PROYECTO FIN DE GRADO GRADO EN INGENIERÍA INFROMÁTICA CLIENTE TWITTER CON COMPRESIÓN DE DATOS Autor: Plácido Fernández Declara Tutores: Luis Miguel Sánchez García Rafael Sotomayor Fernández Colmenarejo, Febrero de 2013 RESUMEN La popular red social Twitter es usada hoy en día en diversos lugares y momentos, gracias también a las redes móviles que nos proporcionan conexión a internet en casi cualquier lugar. Twitter permite publicar y mandar mensajes cortos de texto plano con un máximo de 140 caracteres, así como la lectura de estos mensajes cortos de otros usuarios a los que podemos seguir para tal propósito. Hacer uso de este servicio en zonas con buena cobertura, o cuando usamos Wi-fi no supone generalmente ningún problema. Es cuando nos encontramos en zonas de poca cobertura cuando vemos problemas para hacer uso de este servicio, ya que las velocidades de descarga pueden disminuir hasta el punto de necesitar decenas de segundos para disponer de los mensajes cortos, los “Tweets”. A esto hay que añadir que los planes de datos actuales están limitados de alguna forma (al alcanzar un número de Mb), por lo que la cantidad de Mb usada es hoy también un factor importante. Para ello esta aplicación ofrece la experiencia de un cliente Twitter sencillo en el que consultar los “Tweets” de a quien seguimos, así como publicar “Tweets”, haciendo uso de un Proxy que comprime estos datos considerablemente de forma que se reducen los tiempos de descarga para las zonas de poca cobertura y además se reduce el número de Mb consumidos por el dispositivo móvil. Índice de contenido RESUMEN .................................................................................................................................
    [Show full text]
  • Towards Secure and Reusable Web Applications
    Mashups and Modularity: Towards Secure and Reusable Web Applications Antero Taivalsaari Tommi Mikkonen Sun Microsystems Laboratories [email protected] http://research.sun.com/projects/lively 2 Evolution of the Web 1) Simple pages with text and static images only (e.g., http://www.google.com) 2) Animated pages with plug-ins (e.g., http://www.cadillac.com) 3) Rich Internet Applications (e.g., docs.google.com) What's Next? 3 Web Applications – Implications • Web-based software will dramatically change the way people develop, deploy and use software. • No more installations! > Applications will simply run off the Web. • No more upgrades! > Always run the latest application version. • Instant worldwide deployment! > No middlemen or distributors needed. • No CPU dependencies, OS dependencies, ... > The Web is the Platform. 4 Unfortunately... • The web browser was not designed for running real applications. > It was designed in the early 1990s for viewing documents, forms and other page-structured artifacts – not applications. > Programming capabilities on the web were an afterthought, not something inherent in the design of the browser. • Various Rich Internet Application (RIA) technologies have been introduced recently to retrofit application execution capabilities into the web browser. 5 Web Development vs. Conventional Software The Impedance Mismatch Web Development Conventional SW Development - Documents - Applications - Page / form oriented interaction - Direct manipulation - Managed graphics, static layout - Directly drawn, dynamic
    [Show full text]
  • Microsoft 2012 Citizenship Report
    Citizenship at Microsoft Our Company Serving Communities Working Responsibly About this Report Microsoft 2012 Citizenship Report Microsoft 2012 Citizenship Report 01 Contents Citizenship at Microsoft Serving Communities Working Responsibly About this Report 3 Serving communities 14 Creating opportunities for youth 46 Our people 85 Reporting year 4 Working responsibly 15 Empowering youth through 47 Compensation and benefits 85 Scope 4 Citizenship governance education and technology 48 Diversity and inclusion 85 Additional reporting 5 Setting priorities and 16 Inspiring young imaginations 50 Training and development 85 Feedback stakeholder engagement 18 Realizing potential with new skills 51 Health and safety 86 United Nations Global Compact 5 External frameworks 20 Supporting youth-focused 53 Environment 6 FY12 highlights and achievements nonprofits 54 Impact of our operations 23 Empowering nonprofits 58 Technology for the environment 24 Donating software to nonprofits Our Company worldwide 61 Human rights 26 Providing hardware to more people 62 Affirming our commitment 28 Sharing knowledge to build capacity 64 Privacy and data security 8 Our business 28 Solutions in action 65 Online safety 8 Where we are 67 Freedom of expression 8 Engaging our customers 31 Employee giving and partners 32 Helping employees make 69 Responsible sourcing 10 Our products a difference 71 Hardware production 11 Investing in innovation 73 Conflict minerals 36 Humanitarian response 74 Expanding our efforts 37 Providing assistance in times of need 76 Governance 40 Accessibility 77 Corporate governance 41 Empowering people with disabilities 79 Maintaining strong practices and performance 42 Engaging students with special needs 80 Public policy engagement 44 Improving seniors’ well-being 83 Compliance Cover: Participants at the 2012 Imagine Cup, Sydney, Australia.
    [Show full text]
  • Klaus-Peter Zauner, Microsoft Research European Fellow; Ece Kamar, Microsoft Research Ph.D
    INNOVATION: PRIMING THE GLOBAL TALENT PIPELINE External Research Division “We want to do everything we can to equip a new generation of technology leaders with the knowledge and tools they need to harness the magic of software to improve lives, solve problems and catalyze economic growth.” —Bill Gates Chairman, Microsoft Corporation Cover photos: Alban Rrustemi, Microsoft Research Ph.D. Scholar; Radhika Nagpal, Microsoft Research New Faculty Fellow; Rodrigo de Oliveira, Microsoft Research Ph.D. Fellow; Klaus-Peter Zauner, Microsoft Research European Fellow; Ece Kamar, Microsoft Research Ph.D. Fellow; Parul Shah, Microsoft Research Ph.D. Fellow 2 Innovation: Priming the Global Talent Pipeline INNOVATION: PRIMING THE GLOBAL TALENT PIPELINE “Our goal at Microsoft Research is to advance the state of the art in technology and through that advancement contribute to the future for society and for our planet. One important way we’re doing that is identifying talented students and early-career university faculty and providing them with tools and opportunities to pursue important discoveries across a range of research and scientific fields.” —Rick Rashid Senior Vice President, Microsoft Research { Contents Microsoft Research Builds Community . 2. Empowering Young Innovators . 4. Profiles Klaus-Peter Zauner, Microsoft Research European Fellow . 7. Parul Shah, Microsoft Research Ph .D . Fellow . 9. Xiao Zhang, Microsoft Research Ph .D . Fellow . 11 Radhika Nagpal, Microsoft Research New Faculty Fellow . 13 Alban Rrustemi, Microsoft Research Ph .D . Scholar . 15 Ece Kamar, Microsoft Research Ph .D . Fellow . 17 Rodrigo de Oliveira, Microsoft Research Ph .D . Fellow . 19 Bijendra Jain, Microsoft Research Community Partner . 21 Ignacio Casas, Microsoft Research Community Partner .
    [Show full text]
  • Diseño De Un Sistema De Monitorización De Dispositivos Móviles
    Departamento de Informática PROYECTO FIN DE GRADO DISEÑO DE UN SISTEMA DE MONITORIZACIÓN DE DISPOSITIVOS MÓVILES Autor: Antonio Becerra López Tutor: Luis Miguel Sánchez García Colmenarejo, Septiembre de 2012 1 Diseño de un sistema de monitorización de dispositivos móviles Título: Diseño de un sistema de monitorización de dispositivos móviles Autor: Antonio Becerra López Director: EL TRIBUNAL Presidente: Vocal: Secretario: Realizado el acto de defensa y lectura del Proyecto Fin de Carrera el día __ de _______ de 20__ en Leganés, en la Escuela Politécnica Superior de la Universidad Carlos III de Madrid, acuerda otorgarle la CALIFICACIÓN de VOCAL SECRETARIO PRESIDENTE 1 2 Diseño de un sistema de monitorización de dispositivos móviles Resumen AndroidMonitor es un sistema cuya finalidad consiste en monitorizar distribuidamente dispositivos móviles con el sistema operativo Android. Los teléfonos móviles en la actualidad son un elemento indispensable más de las personas junto con las llaves de casa y la cartera con los documentos personales. En el año 2011, la población total de la Tierra superaba la asombrosa cantidad de siete mil millones de personas. En ese mismo año, se calculaba que el número de teléfonos móviles en el mundo era superior a los 5.600 millones. Los dispositivos móviles cuentan con gran variedad de sensores: acelerómetro, sensor de luz, sensor de temperatura, barómetro, sensor de gravedad, sensor de presión; Sensores que recopilan información de su entorno que puede ser utilizada para comprar la situación del terminal. El objetivo de este proyecto es el análisis, el diseño y el desarrollo de un sistema para monitorizar remotamente los valores de los sensores de dispositivos móviles.
    [Show full text]
  • Download the Index
    Dewsbury.book Page 555 Wednesday, October 31, 2007 11:03 AM Index Symbols addHistoryListener method, Hyperlink wid- get, 46 $wnd object, JSNI, 216 addItem method, MenuBar widget, 68–69 & (ampersand), in GET and POST parameters, addLoadListener method, Image widget, 44 112–113 addMessage method, ChatWindowView class, { } (curly braces), JSON, 123 444–445 ? (question mark), GET requests, 112 addSearchResult method JUnit test case, 175 SearchResultsView class, 329 A addSearchView method, MultiSearchView class, 327 Abstract Factory pattern, 258–259 addStyleName method, connecting GWT widgets Abstract methods, 332 to CSS, 201 Abstract Window Toolkit (AWT), Java, 31 addToken method, handling back button, 199 AbstractImagePrototype object, 245 addTreeListener method, Tree widget, 67 Abstraction, DAOs and, 486 Adobe Flash and Flex, 6–7 AbstractMessengerService Aggregator pattern Comet, 474 defined, 34 Jetty Continuations, 477 Multi-Search application and, 319–321 action attribute, HTML form tag, 507 sample application, 35 Action-based web applications Aggregators, 320 overview of, 116 Ajax (Asynchronous JavaScript and XML) PHP scripts for building, 523 alternatives to, 6–8 ActionObjectDAO class, 527–530 application development and, 14–16 Actions, server integration with, 507–508 building web applications and, 479 ActionScript, 6 emergence of, 3–5 ActiveX, 7 Google Gears for storage, 306–309 Add Import command Same Origin policy and, 335 creating classes in Eclipse, 152 success and limitations of, 5–6 writing Java code using Eclipse Java editor,
    [Show full text]
  • Q1 What Do You See As the Biggest Opportunity for Kent County?
    2018 Comprehensive Plan Survey Q1 What do you see as the biggest opportunity for Kent County? Answered: 496 Skipped: 40 Growth management Retention of a viable... Quality education... Tourism Natural resource... 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% ANSWER CHOICES RESPONSES Growth management 37.10% 184 Retention of a viable agricultural industry 24.19% 120 Quality education facilities - public, private & higher education 16.53% 82 Tourism 11.29% 56 Natural resource management 10.89% 54 TOTAL 496 1 / 60 2018 Comprehensive Plan Survey Q2 What do you consider to be the County's biggest challenge? Answered: 485 Skipped: 51 42.68% 34.43% 8.04% 8.04%6.80% 42.68% 34.43% 8.04% 8.04%6.80% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Lack of high paying/high-tech jobs Infrastructure improvements not keeping pace with development Lack of affordable housing Imbalance of residential to commercial/industrial uses Overcrowding of schools ANSWER CHOICES RESPONSES Lack of high paying/high-tech jobs 42.68% 207 Infrastructure improvements not keeping pace with development 34.43% 167 Lack of affordable housing 8.04% 39 Imbalance of residential to commercial/industrial uses 8.04% 39 Overcrowding of schools 6.80% 33 TOTAL 485 2 / 60 2018 Comprehensive Plan Survey Q3 What do you consider the biggest threat to Kent County? Answered: 501 Skipped: 35 Loss of community identityidentity Loss of community identity8.38% (42) Lack of strength Loss of 8.38% (42) Loss of inin County'sCounty's farmland/openfarmland/open spacespace Lackeconomic of strength base Loss
    [Show full text]
  • Documentation of the Body Transformations During the Decomposition Process: from the Crime Scene to the Laboratory
    University of Huddersfield Repository Zurgani, Emad. K. A. Documentation of the Body Transformations during the Decomposition Process: From the Crime Scene to the Laboratory Original Citation Zurgani, Emad. K. A. (2018) Documentation of the Body Transformations during the Decomposition Process: From the Crime Scene to the Laboratory. Doctoral thesis, University of Huddersfield. This version is available at http://eprints.hud.ac.uk/id/eprint/34690/ The University Repository is a digital collection of the research output of the University, available on Open Access. Copyright and Moral Rights for the items on this site are retained by the individual author and/or other copyright owners. Users may access full items free of charge; copies of full text items generally can be reproduced, displayed or performed and given to third parties in any format or medium for personal research or study, educational or not-for-profit purposes without prior permission or charge, provided: • The authors, title and full bibliographic details is credited in any copy; • A hyperlink and/or URL is included for the original metadata page; and • The content is not changed in any way. For more information, including our policy and submission procedure, please contact the Repository Team at: [email protected]. http://eprints.hud.ac.uk/ Documentation of the Body Transformations during the Decomposition Process: From the Crime Scene to the Laboratory A Thesis submitted to the University of Huddersfield in partial fulfilment of the requirements for the degree of Doctor of Philosophy Emad. K. A. Zurgani School of Applied Sciences Dec 2017 Copyright statement I. The author of this thesis (including any appendices and/or schedules to this thesis) owns any copyright in it (the “Copyright”) and s/he has given The University of Huddersfield the right to use such copyright for any administrative, promotional, educational and/or teaching purposes.
    [Show full text]