DOCSLIB.ORG

Handling TLS Negotiation for Name Based Virtual Hosting Using SNI

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Handling TLS Negotiation for Name Based Virtual Hosting Using SNI Handling TLS negotiation for name based virtual hosting using SNI Kalpana dwivedi,Assistant professor,ABESEC Abstract Virtualization or virtual hosting is an approach to host multiple domains on single server or pool of servers. This helps to share the resources among services hosted by different domain. This also allows to use same IP address by all domains hosted on same server and therefore avoiding the need of having separate IP for all domains. multiple web applications are hosted on single server using virtual hosting concept. It becomes less expensive as compare to having dedicated server to host individual web applications. Virtual hosting can either be achieved by IP based hosting or name-based hosting. name based hosting saves the IP addresses. in name-based hosting the client is require presenting the hostname. name based hosting saves cost but brings a challenge when hosted domain are to be accessed using HTTPS protocol. HTTPS is an extension to HTTP and used for secure communication over network. when a web resources is accessed over HTTPS, handshaking takes places between server and client using SSL (also called as TLS) protocol, it means communication protocol HTTP is encrypted with TLS (Transport Layer Security) previously known as SSL (Secure Socket Layer) and therefore also been referred as HTTP over SSL or HTTP over TLS. Objective behind evolution of HTTPS was to ascertain the authenticity of the server client is connecting to, ensure the privacy and integrity of the data transmitted over network. encryption of communication could be either unidirectional or bidirectional. When making TLS/SSL connection client request the server the certificate. server send the digital certificate to client. client examines and compares the name(s) available in the certificate with the name it is trying to connect to. If match is not found, then user may be warned of discrepancy in connection which could have occurred probably due to man in the middle attack. However, some applications allow user to ignore the warning and proceed with the connection but JVM in server to server communication does not allow to proceed with connection until TLS handshaking is successful. As we saw that match of the name in certificate with the name client is trying to connect to is required for successful TLS connection. server domain name is registered in the certificate and certificate used to be installed on server. when requested, server presents the certificate installed. likewise, other servers would have their own certificates installed in their setup. Assigning a separate IP address for each site increases the cost of hosting, since requests for IP addresses must be justified to the regional internet registry and IPv4 addresses are now exhausted and therefore situation gets complicated when, through virtual hosting, more than one server are hosted on same IP or group of IPs sharing the infrastructure. In this situation when certificate is requested server could not identify which certificate to be returned to client. This issue does not arise when communication happens over HTTP because from HTTP header, server can extract the hostname client is trying to access. The TLS handshake happens before the server sees any HTTP headers. Therefore, it is not possible for the server to use the information in the HTTP host header to decide which certificate to present and as such only names covered by the same certificate can be served from the same IP address. Server Name Indication or SNI fixes this issue. SNI addresses this issue by having client to send the virtual hostname during TLS negotiation. This enables the server to choose appropriate certificate and return to client. Security implications with SNI Though SNI addresses the issue by resolving hostname during TLS handshaking yet there are some security implications associated with it. Desired hostname supplied to server during handshaking is not encrypted and therefore an eavesdropper can see the server been requested. To address the concern of hostname been exposed to eavesdropper an upgrade to SNI called ESNI (Encrypted SNI) was rolled out in mid of 2018. However, ESNI will be out scope from current work. SNI issue with Netty a high-performance NIO framework Netty is an NIO framework IO operation over computer network or file system. There are some key components in Netty which work in conjugation with each other to carry the IO activities. There components are • Bootstrap • EventLoopGroup • EventLoop • SocketChannel • ChannelInitializer • ChannelPipeline • ChannelHandler Following figure illustrate how these components internally work to achieve their intended task. In order to produce the SNI issue while making TLS negotiation following code snippet using Netty libraries was used. This resulted in SSL handshaking failure. Investigation approach to fix the issue We can see in the log trace that TLS handshaking between client and server failed. After detailed analysis and deep troubleshooting, it was discovered that handshaking failed due to SNI issue. We took following steps to fix the issue. • Downloaded CERT chain from server and imported into client’s certificate key store. • Removed VM option Djsse.enableSNIExtension=false from JVM run time arguments so that it ignore the handshaking failure occurred due to SNI. • Compared the CIPHER supported by server and client and found that intersection of both the list have several ciphers. • Further investigation and analysis suggested that higher TLS version such as TLS1.2 comes with stringent security measures and some time it doesn’t work well with servers where SNI is enabled. To make it work, TLS1.2 downgraded to TLS1.1 and then to TLS1.0 . But this too didn’t fix the issue. Most of the TLS handshaking issue are usually gets resolved by either of above step but this issue continued to persist. We had then broadened the investigation scope to libraries been used in communication. Netty libraries uses NIO (Non-blocking IO) framework. How Netty and NIO works has already been briefed in previous section and detailed discussion is out of the scope of this work. Further analysis revealed that while preparing SSL context, host and port are not been supplied. We discussed with Netty technology forum and explained them the API interface. After discussion, Netty forum realized the shortcoming in API which was resulting in TLS communication failure and after due consultation they introduced an overloaded version which accepts the host and port. New API appeared like below. In highlighted section, host and port are been supplied while preparing SSL handler which was missing in previous code version of Netty. This helped to resolve the issue. Conclusion SNI helped to resolve the problem of server identification for HTTPS request when multiple web applications are hosted on same IP or pool of IPs but accessible their own domain name. This also helped the server to resolve the ambiguity of which certificate to be returned to client during TLS handshaking. Higher version of TLS like TLS1.2 comes with wide range of cipher support and stringent security measures which sometimes doesn’t work well if SNI is enabled on server. Removing SNIEnabled JVM argument during JVM start up, SNI issue can be solved but Netty/NIO continued to pose the error even after disabling the SNI feature in JVM. SNI issue finally got fixed only after induction of an overloaded version of API responsible to prepare SSL handler which started accepting host and port to be supplied during SSL handshaking. Though host name used to be supplied in HTTP header during HTTP/HTTPS communication but since TLS handshaking happens well before any TCP/IP packets are exchanged between client and server, therefore absence of host during handshaking puts the server in dilemma and created ambiguity of which CERT to be returned to client. Future work Though SNI resolved the issue of identification of host for which CERT is to be supplied but it created a security breach in communication. Host is supplied as unencrypted plain text to server and therefore any intruders through man in the middle attach can trap the communication and change the host without letting server know server that original host sent by legitimate client is changed. And if this happens, SSL handshaking failure will continue to happen even if everything is in place in accordance with what is expected. Future work will address this concern referring ESNI (Extended SNI) .
Load more

Recommended publications
  • Resin 3.2 Reference
    Contents 1 Overview 3 1.1 Features - Resin and Resin Professional . .3 2 Installation 11 2.1 Resin Installation Quick Start . 11 2.2 Resin Installation . 16 2.3 Resin Web Server . 16 2.4 Resin with Apache . 22 2.5 Resin with IIS . 34 2.6 How the Plugins Dispatch to Resin . 44 3 Command-Line 47 3.1 Command-Line Configuration . 47 4 Admin Guide 51 4.1 User Guide: Administration . 51 5 Watchdog 63 5.1 Resin Watchdog . 63 6 Virtual Hosts 73 6.1 Virtual Hosting . 73 7 Clustering 89 7.1 Resin Clustering . 89 8 Web Applications 109 8.1 An Overview of Web Applications . 109 9 Logging 137 9.1 Log . 137 10 Administration 163 10.1 Resin Administration . 163 1 CONTENTS 11 Deployment 177 11.1 Packaging/Deployment . 177 12 Proxy Caching 181 12.1 Server Caching . 181 13 Quercus 193 13.1 Quercus: PHP in Java . 193 14 Security 217 14.1 Resin Security . 217 15 Inversion of Control 271 15.1 Resin IoC . 271 15.2 Scheduled Task . 308 16 Amber 327 16.1 Amber . 327 17 Embedding Resin 355 17.1 Embedding Resin . 355 18 Filters 367 18.1 Filters . 367 19 BAM 379 19.1 BAM . 379 20 Comet 405 20.1 Comet/Server-Push Servlet . 405 21 Remoting 411 21.1 Resin Remoting . 411 21.2 Hessian . 417 22 Messaging 423 22.1 Resin Messaging . 423 23 JSF - Java Server Faces 435 23.1 JSF - Java Server Faces . 435 24 Configuration Tags 445 24.1 cluster: Cluster tag configuration .
    [Show full text]
  • TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula
    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula October 2015 Abstract 1 Introduction The security of Electronic commerce is completely in the hands of Cryptogra- phy. Most of the transactions through e-commerce sites, auction sites, on-line banking, stock trading and many more are exchanged over the network. SSL or TLS are the additional layers that are required in order to obtain authen- tication, privacy and integrity for all kinds of communication going through network. This paper focuses on the additional layer (TLS) which is responsi- ble for the whole communication. Transport Layer Security is a protocol that is responsible for offering privacy between the communicating applications and their users on Internet. TLS is inserted between the application layer and the network layer-where the session layer is in the OSI model TLS, however, requires a reliable transport channel-typically TCP. 2 History Instead of the end-to-end argument and the S-HTTP proposal the developers at Netscape Communications introduced an interesting secured connection concept of low-layer and high-layer security. For achieving this type of security there em- ployed a new intermediate layer between the transport layer and the application layer which is called as Secure Sockets Layer (SSL). SSL is the starting stage for the evolution of different transport layer security protocols. Technically SSL protocol is assigned to the transport layer because of its functionality is deeply inter-winded with the one of a transport layer protocol like TCP. Coming to history of Transport layer protocols as soon as the National Center for Super- computing Application (NCSA) released the first popular Web browser called Mosaic 1.0 in 1993, Netscape Communications started working on SSL protocol.
    [Show full text]
  • Enhanced Virtual Hosting Avi Networks — Technical Reference (20.1)
    Page 1 of 9 Enhanced Virtual Hosting Avi Networks — Technical Reference (20.1) Enhanced Virtual Hosting view online Overview This guide explains the usage of enhanced virtual hosting (EVH). This will help in enabling the virtual hosting on virtual service irrespective of SNI. Virtual service can be of two main types, namely, * Non-virtual hosting enabled virtual service * Virtual hosting enabled virtual service Non-Virtual Hosting enabled Virtual Service If you uncheck Virtual Hosting VS checkbox, in Virtual Service window, then that particular virtual service would be non- virtual hosting enabled virtual service. Virtual Hosting enabled Virtual Service SNI Virtual Hosting Virtual service have a configuration option to enable virtual hosting support. Enabling this option within a virtual service indicates the virtual service is a parent or child of another service, in a server name indication (SNI) deployment. Server Name Indication, or SNI, is a method of virtual hosting multiple domain names for an SSL enabled virtual IP. For more details on virtual hosting enabled virtual service, refer to Server Name Indication, Wildcard SNI Matching for Virtual Hosting user guides. Enhanced Virtual Hosting Virtual service have a configuration option to enable virtual hosting support. Enabling this option within a virtual service indicates the virtual service is a parent or child of another service. If the type of a virtual service is either parent or child, it is considered a virtual hosting enabled virtual service. Copyright © 2021 Avi Networks, Inc. Page 2 of 9 Enhanced Virtual Hosting Avi Networks — Technical Reference (20.1) The virtual service placement for EVH service follow the same conditions as SNI parent child.
    [Show full text]
  • SSL EVERYWHERE Application and Web Security, Many Websites Still Have Weak Best Practices for Improving Enterprise Security Implementations of SSL/TLS
    SOLUTION BRIEF CHALLENGES • Even with recent focus on SSL EVERYWHERE application and web security, many websites still have weak Best Practices for improving enterprise security implementations of SSL/TLS. without impacting performance • Main reasons for weak SSL Although increased attention has been focused on application and web security implementations include lack recently, many websites still have weak implementations of Secure Socket Layer of infrastructure and browser (SSL) / Transport Layer Security (TLS). Lack of infrastructure and browser support, support, performance penalty, and performance penalty, and implementation complexity have been the primary implementation complexity. reasons for the dearth of stronger SSL implementations. However, with recent • Legacy hardware load balancers advances in the SSL protocol, as well as significant performance improvements of cannot scale elastically, and are SSL on commodity x86 platforms, stronger SSL can be – and should be – everywhere. capped at speeds that are punitively Avi Networks Application Delivery Controller (ADC) natively supports these new tied to acquisition costs. capabilities to maximize application security without sacrificing performance. SOLUTION • The Avi Vantage Platform natively NEW ACRONYMS IN THE WORLD OF SSL implements server name indication Server Name Indication (SNI) (SNI) infrastructure, HTTP Strict Virtual hosting with SSL is a chicken-and-egg problem. The client sends an SSL Transport Security (HSTS), RSA and Hello, and the server must send back the SSL public key. If there are multiple Elliptic Curve Cryptography (ECC) domain names attached to the same IP address, a client that supports Server Name certificates, and Perfect Forward Indication (SNI) sends the hello along with the requested domain name. The server Secrecy (PFS) with point-and-click can now send back the proper SSL response.
    [Show full text]
  • Hypertext Transfer Protocol Is Used Between the Browser and a Web Server
    HHTTTTPP BByy BBaarrddiiaa ,, PPaattiitt,, aanndd RRoozzhheehh HTTP - Introduction - Hyper Text Transfer Protocol -uses the TCP/IP technology -has had the most impact on the World Wide Web (WWW) - specs in RFC 2616 (RFC2616) HTTP - Importance of The Web • - before HTTP , FTP data transfers accounted for approximately 1/3 of the Internet traffic • - HTTP inception in 1990s and by 2000 Web traffic completely overshadowed other applications HTTP - Importance of The Web (continued) • - companies have web sites, online catalogs • - Internet and Web are indistinguishable for most users • - Uses of the Web include Graphical Design of Information, Dissemination of Research http://info. cern.ch/ (world’s first-ever web server) European organization for Nuclear Research, browsing and ordering of products, client and customer support, display of create arts HTTP - Architectural Components • - Web consists of large set of documents called Web Pages • - web pages considered hypermedia document • - media suffix used to indicate that document contains items other then text , such as graphics • - hyper prefix used to indicate document can contain selectable links • - Hyper Text Markup Language (HTML) used to present mixture of text and images HTTP - Sample HTML Page • <HTML> • <HEAD> • <TITLE>MyPage.html - My Home Page</TITLE> • <SCRIPT></SCRIPT> • </HEAD> • <BODY> • Welcome to My Home Page • </BODY> </HTML> HTTP - Sample HTML Page HTTP - Uniform Resource Locator (URL) • - each page assigned a unique URL name that is used to identify it http://hostname[:port]/path[;parameters][[?query]
    [Show full text]
  • Apache Virtual Hosts Same Document Root
    Apache Virtual Hosts Same Document Root Bryce is satisfyingly exsert after catalectic Bartholomeo sworn his treaty unproperly. Cucumiform Shannan foreknow his wapinschaws hares ontogenetically. Thriving Alonzo dramatizes his kestrels emotionalizes accommodatingly. Create a HTML file called indexhtml in the sand of the scheme we. For more info about the coronavirus, we need to change for a basic virtual host file is the location of the document root for this domain. Conf file configure the server name server alias DocumentRoot and others unique to examplecom domain Repeat the pity for other. If the document root is incorrect or absent you will not be able to set up the virtual host. When the file opens, this configuration would work without changes whenever your IP address changes. The only your left shoulder do grace to go hit a web browser and bend your websites. Virtual hosts created in this manner will not be accessible from other systems, we will need to disable the default file. For this how to, Ubuntu, a virtual host configuration file may refer to more than one URL or DNS result as a single file tree. Above are we have. According to the Apache Virtual Hosts Documentation Virtual Host refers to the. DNS server to map each hostname to carve same IP address and then configure the Apache HTTP Server to tool the different hostnames. Dns name and dictate how many domain! This feature is especially useful in development scenarios, and stuff defined here. We hope this tutorial is useful. In this tutorial we will disclose you on setting up Apache Virtual Hosts on.
    [Show full text]
  • Web Hosting Comprehensive, Scalable Solutions for Hosting Dynamic Websites, Secure Web Services, and Enterprise Applications
    Web Hosting Comprehensive, scalable solutions for hosting dynamic websites, secure web services, and enterprise applications. Features Mac OS X Server combines the latest open source and standards-based Internet services in a complete, easy-to-use web hosting solution. At the core is Apache, the world’s High-performance Apache web server most popular web server. Performance optimized for Mac OS X Server, Apache provides • Apache 1.3 and 2.01 with HTTP 1.1 support fast, reliable web hosting and an extensible architecture for deploying enterprise Java • Support for virtual hosting, including multiple IP addresses and virtual domains applications and delivering dynamic content and sophisticated web services. Apple’s • Encrypted data transport with support for innovative administrative tools make it possible for organizations of any size to host SSL and TLS protocols websites and deploy powerful web applications quickly, easily, and affordably. • WebDAV support for collaborative content publishing Mac OS X Server takes the complexity out of configuring, hosting, and managing websites. An intuitive administrative interface makes it easy to get started with a static Dynamic content deployment website, while providing advanced capabilities for professional webmasters responsible • Extensible Apache module architecture for deploying sophisticated services. Tools for serving dynamic content, CGI scripting, • In-line HTML scripting using server-side enterprise applications, database integration, and blog publishing and syndication are includes (SSIs) and PHP already built in, as is OpenSSL for encrypted data transport. Mac OS X Server combines • Support for the UNIX CGI 1.1 standard and all of these web technologies with innovative management tools for superior ease of scripting using Perl, Ruby, and Python use.
    [Show full text]
  • Deploying and Monitoring Ruby on Rails a Practical Guide
    Mit hotfixes von Carsten Bormann 2011-03-05 + 2013-02-28 Deploying and Monitoring Ruby on Rails A practical guide Mathias Meyer and Jonathan Weiss, 25.05.2009 Danke! Peritor GmbH Mashed up with... 2011-03-05 Deployment/Scaling/ Caching/Debugging jan krutisch mindmatters gmbh&co. kg [email protected] http://mindmatters.de Deployment Real artists ship! Komponenten client (Browser) rails database client Heute: (Browser) ➔ railsthin mongrel (∨database unicorn) mongrel ist schnell apache ist schneller client webserver rails Dateisystem public/ database rails ist nicht threadsafe client rails webserver rails database Dateisystem rails public/ webserver rails webserver rails oldschool: CGI / SCGI / FastCGI newschool: http mongrel versus... mod_proxy_balancer (in Apache/nginx/lighttpd) oder ein richtiger proxy oder ein richtiger balancer Varnish HAProxy, Squid, etc. true school: passenger Apache-Modul client rails webserver rails database rails Dateisystem public/ mod_passenger automagisch. it just works. http://modrails.com Infrastructure Infrastructure 5 Simple Rails Setup One Rails instance handles all requests Rails is single-threaded: There is only one concurrent request 6 Rails Setup 7 Rails Setup 8 Typical Rails Setup •! A load-balancer distributes the incoming requests •! Some load-balancers will deliver static requests themselves •! Several Rails instances handle all requests •! Number of concurrent requests equals number of Rails instances 9 Rails Setup Options 10 Deployment Questions Apache? Pound? mod_proxy_balancer? FastCGI? Mongrel? Proxy? Load-balancer? Nginx? mod_rails? Ebb? HA-Proxy? Reverse Proxy? Swiftiply? Phusion Passenger? Thin? Pen? Rails Application Server? Lighttpd? 11 What we are going to cover today Rails Application Server Proxy/Web Server •! FastCGI •! Apache2 •! Mongrel •! Nginx •! mod_rails / Phussion Passenger •! Lighttpd •! JRuby + Glassfish & Co.
    [Show full text]
  • Virtual Hosting Q Apache Applications
    Outline q Introduction to Apache httpd web server q Basic Compilation, Installation and Configuration q Apache File system q Apache Logging & Status q Security & Performance Features q Virtual Hosting q Apache Applications 2 About Apache A PAtCHy server: developed by the Apache group formed 2/95 around by a number of people who provided patch files for NCSA httpd 1.3 by Rob McCool. Apache HTTP server project http://httpd.apache.org History-http://httpd.apache.org/ABOUT_APACHE.html Apache foundation started to support the web server project, but now extends to a multitude of other projects First official public release (0.6.2) in April 1995 Added adaptive pre-fork child processes (very important!). Modular structure and API for extensibility (Bob Thau) Port to multiple platforms. Apache 1.0 was released on 1/12/95. Pass NCSA httpd to be #1 server in Internet. Reference: http://httpd.apache.org/docs/current/ Taxonomy of Internet Services 4 Stats of Web Server types Web Server Installation Statistics • See survey statistics in à W3Techs.com & 6 Apache Installation • The current stable release is Apache 2.4.25 • Can be installed via package manager • Or custom installation from source if one requires a more recent version • In our training machines we will install Apache 2.4.7 • Linux Package Manager: • Ubuntu/Debian : apt-get install apache2 • CentOS/Redhat/Fedora : yum install httpd • For win32 version, you can download from any of mirror servers. Win32 Binary including OpenSSL 0.x.x (MSI Installer). http://httpd.apache.org/download.cgi
    [Show full text]
  • Web Server Configuration
    SAN DIEGO COMMUNITY COLLEGE DISTRICT CONTINUING EDUCATION COURSE OUTLINE SECTION I SUBJECT AREA AND COURSE NUMBER COMP 633 COURSE TITLE WEB SERVER CONFIGURATION TYPE COURSE NON-FEE VOCATIONAL CATALOG COURSE DESCRIPTION In this course students will learn about installing Web server software, building upon the basic configuration, and virtual hosting. They will also learn how to determine clients’ needs and improve the Web servers performance. Students will learn about logs, statistics and server information to monitor the Web server. (FT) LECTURE/LABORATORY HOURS 300 ADVISORY NONE RECOMMENDED SKILL LEVEL Possess a 10th grade reading level; ability to communicate effectively in the English language; knowledge of math concepts at the 8th grade level; ability to use a mouse, menus, open and close windows and save files within the Macintosh or Windows operating system; and ability to use an internet browser. INSTITUTIONAL STUDENT LEARNING OUTCOMES 1. Social Responsibility SDCE students demonstrate interpersonal skills by learning and working cooperatively in a diverse environment. 2. Effective Communication SDCE students demonstrate effective communication skills. CEISO 02/07; Revised 12/18/13 WEB SERVER CONFIGURATION PAGE 2 INSTITUTIONAL STUDENT LEARNING OUTCOMES (CONTINUED) 3. Critical Thinking SDCE students critically process information, make decisions, and solve problems independently or cooperatively. 4. Personal and Professional Development SDCE students pursue short term and life-long learning goals, mastering necessary skills and using resource management and self advocacy skills to cope with changing situations in their lives. COURSE GOALS To provide instruction in the compilation and basic configurations of Web servers. Students will learn the technical aspects of Web servers including security and maintenance.
    [Show full text]
  • HTTP – Hypertext Transfer Protocol the Web: the Http Protocol Http: Hypertext Transfer
    HTTP – HyperText Transfer Protocol The Web: the http protocol http: hypertext transfer protocol htt p r equ PC running es Web’s application layer htt t p r protocol Explorer esp onse client/server model client: browser that st ue eq requests, receives, r se Server ttp on displays Web objects h sp running “ ” re tp NCSA Web ht server: Web server sends server objects in response to requests Mac running http1.0: RFC 1945 Navigator http1.1: RFC 2068 Universal Resource Locator protocol://host:port/path#anchor?parametersprotocolprotocol://protocol://host:port/protocol://host:port/pathprotocol://host:port/path#anchor?://host:port/path#anchor?parametershost:port/path#anchor?parameterspath#anchor?parameters#anchor?parametersparameters http://www.google.com/search?hl=en&g=blabla There are other types of URL’s mailto:<account@site> news:<newsgroup-name> The http protocol: more http: TCP transport service: http is “stateless” server maintains no client initiates TCP connection (creates socket) information about to server, port 80 past client requests server accepts TCP aside connection from client Protocols that maintain “state” are complex! http messages (application- layer protocol messages) past history (state) must be maintained exchanged between browser (http client) and if server/client crashes, their views of “state” may be Web server (http server) inconsistent, must be TCP connection closed reconciled Persistent vs. Non-Persistent Connection A page that we see on the browser can include more than one resource The resources are sent from the server to the client one after the other Sending the resources to the browser can be by using a persistent connection or by using a non-persistent connection Non-Persistent Connection 1.
    [Show full text]
  • Simply Rails 2 Is a Comprehensive, Step-By-Step Guide to Building Powerful Web Applications Using Ruby on Rails
    'REYSCALE #-9+ 0ANTONE ALL SOURCE CODE AVAILABLE FOR DOWNLOAD Black 50% CMYK O, 53, 100, 0 PANTONE Orange 021 0ANTONE C THE SIMPLE AND EASY WAY TO BUILDBlack 100% CMYK 100, 45, 0, 37 PANTONE 2955 C #-9+ BULLETPROOF WEB APPLICATIONS 'REYSCALE RAILS Updated to take advantage of all the new Rails 2 features, Simply Rails 2 is a comprehensive, step-by-step guide to building powerful web applications using Ruby On Rails. Perfect for the programming novice or someone looking to move into SIMPLY the agile Rails framework, this book will teach you how to build bulletproof Web 2.0 PANTONE Orange 021 C PANTONE 2955 C CMYK O, 53, 100, 0 CMYK 100, 45, 0, 37 applications from scratch, with more features using less code. Black 50% Black 100% Build and deploy your own Rails web application. “If you’re looking for RAILS your first Rails book, 2 Reap the benefits of using best-practice MVC architecture. this is a good choice” BY PATRICK LENZ Use Rails’s Ajax features to create slick interfaces. www.ibm.com Interact with databases easily using ActiveRecord. GARY POLLICE Add the magic of REST to your apps with Rails Resources. “The way this book is Use plugins to enhance your applications easily. laid out is first class” www.rubyinside.com SIMPLY RAILS SIMPLY PETER COOPER ABOUT PATRICK LENZ Patrick Lenz has been developing web applications for “Definitely a good more than ten years. Founder and lead developer of the introduction, especially freshmeat.net software portal, he and his Rails consultancy if you are new to Ruby.” and web application development company, limited weblog.jamisbuck.org overload, are responsible for numerous community driven JAMIS BUCK Patrick web applications developed using Ruby on Rails.
    [Show full text]