DOCSLIB.ORG

Network Services, VU 2.0 Overview Dynamic

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Network Services, VU 2.0 Overview Dynamic Overview • Generic Mechanisms • ISAPI/Apache Modules • CGI (Common Gateway Interface) Network Services, VU 2.0 •PHP • ASP •Java related Dynamic Web Technologies – Java Servlets, Java Server Pages, Java Server Faces – Java Web Applications • ASP.NET Dipl.-Ing. Johann Oberleiter Institute for Informationsystems, Distributed • Cocoon, Struts Systems Group Dynamic Web – Why? Generic principles • Web Servers return only with static files • Separation of layout, content and program logic – Good design principle (not only in Web) • Interactive Content – Allows parallel tasks of • Developer – Created based on user interaction • Web Designer • Dynamic Content • Layout – Created on the fly –HTML • Content – Database access – Which Text when dynamically generated • Program Logic – What overall structure – What navigational structures 1 ISAPI Apache Modules • Internet Server API (Microsoft IIS) • Extension mechanism for Apache – IIS only – Extension mechanism for IIS – C based – C-based (like Windows API) – Based on Apache Portable Runtime (APR), and C standard • Implements number of callbacks library – Functions that are called by server • Request sent to ISAPI extension via API functions (callbacks) • Based on Hooks (callbacks) • Respond via API functions (callbacks) • Categories • Supports use of Multithreaded features – Authentication, Authorization, Accounting • Features – Scalability – Cache – Supports ISAPI extensions – Filters • Similar to CGI-scripts • Modify output from another module – Supports ISAPI filter • Pre & postprocessing of a request, may be chained – Mappers • NSAPI • Map requests from URLs to resources on disc – Netscape Server API – Loggers Common Gateway Interface CGI / 2 • Supported by most programming languages • RFC 3875 – Requires access of standard input stream, standard output stream, environment • Running external programs • Supported by most programming languages – From HTTP servers – requirements • Access standard input stream – Platform-independent mechanism • Access standard output stream • Access environment variables • CGI script & HTTP server together – Web Server • Invocation of executables (stand-alone executables) – Servicing a client request • Invocation of interpreter (interpreter languages) –Typical – Creating response •C, Perl • CGI script addressed with URI • New Process per request 2 CGI / 3 CGI / 4 Client WWW void main(void) Browser Server { printf("Content-type: text/html\r\n"); printf("\r\n"); printf("Hello world!<br>\r\n"); CGI- exit(0); Script } Fast-CGI Fast-CGI / 2 • CGI performance problem void main(void) { – Many requests require multiple processes int count=0; – Initialization of connections/resources while(FCGI_Accept() >= 0) { (database) printf("Content-type: text/html\r\n"); •FastCGI printf("\r\n"); – Script remains in memory (via endless loop) printf("Hello world!<br>\r\n"); } – Predefined protocol/API for communication exit(0); with HTTP server } 3 PHP PHP - sample • Abbreviation for PHP: Hypertext Preprocessor • Dynamic Web Scripting language <html> – Syntax resembles C and Perl – Currently most frequently used Web programming language … – Usually embedded in HTML – Supported by most Internet service providers <body> • Wellknown through LAMP – Linux – Apache – MySql – PHP <?php echo „<p>Hello World</p>“; ?> • Many libraries – In particular libraries for database access </body> • Problem – Mix of HTML and script code – Language grown over the years • Performance </html> – Quite Good Active Server Pages ASP / 2 Host 1 • Server-side scripting ala Microsoft – Relies on MS scripting languages COM Component 1 • Usually VB.NET or JScript (JavaScript) HTTP Server • Programming model – Program Logic via COM components – Principally scalable (via COM+) – Principally secure (server-side via COM+, ADSI) • Problems Host 2 – Mixture of layout and content • Principally possible to do it in a clean way (via COM comp.) COM+ / 2 – Vendor-lockin (only IIS supported) COM+ / 1 • though special solutions for Apache exist – Interpreted 4 Java Servlets Request/response Interaction • Web component Web client Web server – implemented in Java (browser) • Generates dynamic content • Managed by a servlet engine (container) Servlet container – Web server extensions request response • Request/response paradigm ServletA ServletB ServletC – Interaction with Web clients Servlets characteristics Servlet interface / 1 • Much faster than CGI scripts (in general) <<interface>> – Because different process model Javax.servlet.Servlet destroy • Standard API supported by many Web ServletConfig getServletConfig() String getServletInfo() servers init(ServletConfig config) • Supports Java and API's service(ServletRequest request, ServletResponse response) 5 Servlet implementation Servlet lifecycle service • Server implements servlet interface instantiate Servlet • Typically by inheriting from (predefined) init implementation classes initialized – GenericServlet – HttpServlet destroy destroyed finalized & garbage collected Request Handling Response Generation • Through Service method • By using methods of ServletResponse • ServletRequest object used object • Concurrent requests to same servlet – Concurrent execution of service method on different • Manual generation of any response threads • HTTP specific Request Handling • HttpServletResponse interface – HttpServlet adds HTTP specific methods – sendRedirect • primarily doGet & doPost, • doPut, doDelete, doHead, doOptions, doTrace – sendError • getParameterXXX methods provide – from URI query string and POST-ed data • getHeaderXXX methods 6 Servlet example Filtering public void doGet(HttpServletRequest req, • Filter HttpServletResponse res) throws ... – Java component { – Allow on the fly transformation res.setContentType("text/html"); – Implements javax.servlet.Filter PrintWriter out= res.getWriter(); • Filter transforms content of – HTTP requests out.println("<HTML>"); – Responses out.println("<HEAD>"); – Header information ... • Modify or adapt out.close(); – Requests for a resource (dynamic&static content) } – Responses from a resource Filter examples Filter implementation • Authentication filters • doFilter(ServletRequest req, ServletResponse res, • Logging and auditing filters FilterChain next) 1. Examine request • Image conversion filters 2. May wrap Request object with a custom implementation to • Data compression filters filter/modify content or headers for input filtering • Encryption filters 3. May wrap Response object with a custom implementation to filter/modify content or headers for output filtering • Tokenizing filters 4. May invoke next filter in chain or block further processing • Filters triggering resource access events 5. After invocation 4. examine response headers and modify • XSL/T filters output – Last element of chain is target servlet • MIME-type chain filters • Caching filters 7 Session Tracking Other Servlet Issues • Cookies – Supported by servlet container • Request forwarding – Cookie name JSESSIONID – Via Request Dispatchers • SSL sessions – Only when SSL/TLS is in use – Support for event listeners – Built-in mechanism to distinguish multiple requests • For state changes in ServletContext, HttpSession, • URL Rewriting ServletRequest – Adds session ID to request URL – Lifecycle, changes to attributes, session migration, object –Eg. http://www.xyz.com/index.html;jsessionid=1234 binding • Supports storage of key-value pairs – Keys are object names (strings) •Problem – Values arbitrary Java objects • Session timeouts – Not often supported by public Web hosters Java Server Pages (JSP) JSP • JSP page • JSP container – Textual document how to create a response object – Life-cycle management from a request object for a given protocol – Runtime support – Defines a JSP page implementation class • Translation phase • Implements semantics of the JSP page – Validates syntactic correctness of JSP page • Implements javax.servlet.Servlet interface – Locates/Creates implementation class – HTTP default protocol for requests/responses • Execution phase – Default ending .jsp – Container delivers events to JSP page • Compilation • Traditional usage – Into implementation class + deployment info during deployment – Generation of HTML possible • Removal of start-up lag for transition phase • Generating XML possible • Reduction of memory footprint needen to run JSP container – no – More modern JSP XML-like syntax compiler required 8 JSP - Syntax JSP Elements • Directives •Elements – Global information, independent of specific request – Info for translation phase – Element type known to JSP container – Syntax: <%@ directive ... %> • Actions • Template Data – Infos for request processing – Standardized (by JSP specification) – JSP translator not aware about – Custom (portable tag extension mechanism) – Syntax: <mytag attr="value">xyz</mytag> • Allows (a little bit) separation • Scripting Elements – Look/Layout – Glue around template text and actions – Manipulation of objects and to perform computation – Behaviour – Invocation of methods on Java objects – Catching of Java language exceptions – Expression language (EL) to access data from different sources JSP Expression Language JSP Documents • Simple expressions without Java code • JSP page that is also a XML document • Enclosed within ${...} – Well-formed, validation –${a+b} – Entity resolution may be applied – <mytag attr1="${mybean.data}"/> – <% style syntax not supported • Access of Java beans • Use <jsp:directive.xyz/> instead • Operators as in Java – Default convention .jspx – Includes arithmetic, relational
Load more

Recommended publications
  • Active Server Pages (ASP)
    Active Server Pages (ASP) Outline 11.1 Introduction 11.2 How Active Server Pages Work 11.3 Client-side Scripting versus Server-side Scripting 11.4 Using Personal Web Server or Internet Information Server 11.5 A Simple ASP Example 11.6 Server-side ActiveX Components 11.7 File System Objects 11.8 Session Tracking and Cookies 11.9 Accessing a Database from an Active Server Page 11.10 Case Study: A Product Catalog 11.1 Introduction • Active Server Pages (ASP) – Processed in response to client request – ASP file contains HTML and scripting code – VBScript de facto language for ASP scripting • Other languages can be used – JavaScript – .asp file extension – Microsoft-developed technology – Send dynamic Web content • HTML • DHTML • ActiveX controls • Client-side scripts • Java applets 11.2 How Active Server Pages Work • Client sends request – Server receives request and directs it to ASP – ASP processes, then returns result to client • HTTP request types – Request methods • GET – Gets (retrieves) information from server – Retrieve HTML document or image • POST – Posts (sends) data to server – Send info from HTML form » Client-entered data » Info to search Internet » Query for a database » Authentication info 11.2 How Active Server Pages Work (II) • Browsers often cache Web pages – Cache: save on disk – Typically do not cache POST response • Next POST request may not return same result • Client requests ASP file – Parsed (top to bottom) by ActiveX component asp.dll • ActiveX component: server-side ActiveX control that usually does not have GUI
    [Show full text]
  • Java Web Application with Database Example
    Java Web Application With Database Example Amerindian Verne sheafs very spaciously while Torrence remains blond and suprasegmental. Udall herdialyses strappers her sayings underselling afore, too shouldered furtively? and disciplinal. Collins remains pigeon-hearted: she barbarises Java and with web delivered to tomcat using an application server successfully authenticated Our database like to databases because docker container environment. Service to mask the box Data JPA implementation. Here is one example application by all credits must create. Updates may also displays in web delivered right click next thing we are looking for creating accounts, please follow this example application depends on. In role based on gke app running directly click add constraint public web application example by a middleware between records in your application for more than other systems. This is maven in java web framework puts developer productivity and dispatches to learn more? Now we tie everything is web application example? This file and brief other dependency files are provided anytime a ZIP archive letter can be downloaded with force link provided at the hen of this tutorial. Confirming these three developers to let see also with database access, jstl to it returns the same infrastructure. What database web container takes care of java and examples. As applications with database support plans that connect to implement nested class names and infrastructure to display correctly set outo commit multiple user interface for. The wizard will ask you to select the schema and the tables of your database and allows you to select the users and groups tables, run related transactions, the last step is to create XML file and add all the mappings to it.
    [Show full text]
  • Active Server Pages Architecture
    Active Server Pages Architecture Li Yi South Bank University Contents 1. Introduction ...................................................................................................................................... 2 1.1 Host-based databases ............................................................................................................... 2 1.2 Client/server databases ............................................................................................................ 2 1.3 Web databases........................................................................................................................... 3 2. Active Server Pages ........................................................................................................................ 5 2.1 ASP Components ...................................................................................................................... 6 2.2 ADO and Database................................................................................................................... 7 2.3 The steps of executing a query ............................................................................................. 11 3 ASP Attributes ................................................................................................................................ 12 References:.......................................................................................................................................... 13 1 1. Introduction The development of databases always comes
    [Show full text]
  • Implementing OGC Web Map Service Client Applications Using JSP, JSTL and XMLC
    Implementing OGC Web Map Service Client Applications Using JSP, JSTL and XMLC Hao Ding , Richard Pascoe & Neville Churcher Department of Computer Science University of Canterbury. Christchurch, New Zealand Phone: +64 3 364-2362 Fax: +64 3 364-2569 Email: [email protected] , {richard, neville}@cosc.canterbury.ac.nz Presented at SIRC 2002 – The 14th Annual Colloquium of the Spatial Information Research Centre University of Otago, Dunedin, New Zealand th December 3-5 2002 ABSTRACT Java technologies are widely used in web application development. In this paper are described three approaches to developing Java-based web applications and our experiences with applying each to the development of client that interact with servers implementing the OGC (Open GIS Consortium) Web Map Service (WMS) specification. Also described is the installation and configuration of open source software that implements the WMS specification. The paper is concluded with some preliminary insights into when one of the three approaches to WMS client implementation is more suited to another. Keywords and phrases: WMS, JSP, JSTL, XMLC, map layer, web map server 1.0 INTRODUCTION Of the many technologies, such as Common Gateway Interface (CGI), Active Server Pages (ASP), JavaServer Pages (JSP), that are used to develop web applications, three are of particular interest to the research presented here. These three technologies or approaches to developing clients that utilise web services are JavaServer Pages (JSP), JSP with the use of tags from the JSP Standard Tag Library (JSTL), and the eXtensible Markup Language Compiler (XMLC). JSP is a more convenient way to write Java servlets, and allows the insertion of Java code directly into static HTML (Hypertext Markup Language) pages.
    [Show full text]
  • Attacking AJAX Web Applications Vulns 2.0 for Web 2.0
    Attacking AJAX Web Applications Vulns 2.0 for Web 2.0 Alex Stamos Zane Lackey [email protected] [email protected] Blackhat Japan October 5, 2006 Information Security Partners, LLC iSECPartners.com Information Security Partners, LLC www.isecpartners.com Agenda • Introduction – Who are we? – Why care about AJAX? • How does AJAX change Web Attacks? • AJAX Background and Technologies • Attacks Against AJAX – Discovery and Method Manipulation – XSS – Cross-Site Request Forgery • Security of Popular Frameworks – Microsoft ATLAS – Google GWT –Java DWR • Q&A 2 Information Security Partners, LLC www.isecpartners.com Introduction • Who are we? – Consultants for iSEC Partners – Application security consultants and researchers – Based in San Francisco • Why listen to this talk? – New technologies are making web app security much more complicated • This is obvious to anybody who reads the paper – MySpace – Yahoo – Worming of XSS – Our Goals for what you should walk away with: • Basic understanding of AJAX and different AJAX technologies • Knowledge of how AJAX changes web attacks • In-depth knowledge on XSS and XSRF in AJAX • An opinion on whether you can trust your AJAX framework to “take care of security” 3 Information Security Partners, LLC www.isecpartners.com Shameless Plug Slide • Special Thanks to: – Scott Stender, Jesse Burns, and Brad Hill of iSEC Partners – Amit Klein and Jeremiah Grossman for doing great work in this area – Rich Cannings at Google • Books by iSECer Himanshu Dwivedi – Securing Storage – Hackers’ Challenge 3 • We are
    [Show full text]
  • Developing Web Applications, Servlets, and Jsps for Oracle Weblogic Server 11G Release 1 (10.3.4) E13712-03
    Oracle® Fusion Middleware Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server 11g Release 1 (10.3.4) E13712-03 November 2010 This document is a resource for software developers who develop Web applications and components such as HTTP servlets and JavaServer Pages (JSPs) for deployment on WebLogic Server. Oracle Fusion Middleware Developing Web Applications, Servlets, and JSPs for Oracle WebLogic Server, 11g Release 1 (10.3.4) E13712-03 Copyright © 2007, 2010, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this software or related documentation is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007).
    [Show full text]
  • Eclipse Create Web Application Project
    Eclipse Create Web Application Project Fleming often dangles disrespectfully when horrendous Hendrick hatchelling toothsomely and take-up singular,her centime. Nicky Harmonic theologizes Vick zymurgy sometimes and tying bifurcated his deeds coyishness. sore and rampike so reconcilably! Oddly If her open it from another Project Navigator. Verify how output in play console. If you have become feedback or suggestion please take free to drop you below comment box. In the mapping object in whatever log. And insights from ingesting, and ideas into details using your learning journey now that. Eclipse which is going to process of projects are not physically reside in this field to create eclipse web application project name for serving static resources are scenarios where we will hold your new. Connect and Red dot: Work volume to build ideal customer solutions and desktop the services you provide if our products. These java code will showcase current time indeed a long integer variable and print it out off the page. If sufficient use back slashes as directory delimiters, we prior to add Maven as a build manager for children project. But, away will choose some jar file that area need in our project. Original error identification and add. Traffic control for eclipse project. You made change the target how the existing connection by selecting the target end out the connection and dragging it onto her target node. Java project created a project and create. Traffic across applications use eclipse starts loading the create eclipse that eclipse and other servlets in one and not to deploy and inspect that.
    [Show full text]
  • Web Apps Using Websphere Application Server Liberty Profile Technology in CICS
    CICS and Liberty Web Apps using WebSphere Application Server Liberty Profile Technology in CICS Catherine Moxey IBM Thursday, February 7, 2013 Session Number 12445 Insert Custom Session QR if Desired. CICS and Liberty Disclaimers © IBM Corporation 2013. All Rights Reserved. IBM's statements regarding its plans, directions, and intent are subject to change or withdrawal at IBM's sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. Any information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. The session and materials has been prepared by IBM or the session speaker and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
    [Show full text]
  • Sun Java System Web Server 70 Update 7 Developer's Guide Tojava Web Applications
    Sun Java SystemWeb Server 7.0 Update 7 Developer's Guide to JavaWeb Applications Sun Microsystems, Inc. 4150 Network Circle Santa Clara, CA 95054 U.S.A. Part No: 821–0790 July 2009 Copyright 2009 Sun Microsystems, Inc. 4150 Network Circle, Santa Clara, CA 95054 U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more U.S. patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights – Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, the Solaris logo, the Java Coffee Cup logo, docs.sun.com, Java, and Solaris are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S. and other countries. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. in the U.S. and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc. The OPEN LOOK and SunTM Graphical User Interface was developed by Sun Microsystems, Inc.
    [Show full text]
  • Websphere Application Server V6: Web Container Problem Determination
    Redbooks Paper Javier Voos WebSphere Application Server V6: Web Container Problem Determination If users receive unexpected results in a Web browser (such as errors or incorrect information), you might have a problem with the Web components in the application. The runtime environment for Web components is called the Web container. This paper discusses techniques for diagnosing problems that can occur in the Web container. Potential symptoms of a Web container problem can include: Users are not able to access a Web component Unexpected behavior when running a Web component Errors when starting a Web component Problems with JSP™ compilation Errors or exceptions thrown when running a Web component Messages starting with SRVE (Web container), JSPG (JSPs), or JSFG (JSF) Problems areas that are related to the Web container also include session management problems and character encoding problems. Important: We recommend that you start your problem determination process by reading Approach to Problem Determination in WebSphere Application Server V6 at http://www.redbooks.ibm.com/redpapers/pdfs/redp4073.pdf. © Copyright IBM Corp. 2005. All rights reserved. ibm.com/redbooks 1 Introduction The Web container is a runtime environment for Web applications. It processes servlets, JSP files, and other types of server-side includes. The Web container also provides session management, static content processing and an inbound transport chain for HTTP requests. Each application server runtime has one logical Web container, which can be modified but not created or removed. Figure 1 illustrates the Web container and its place within the application server. Application Server Web container Web browser Web Container client HTTP server HTTP(s) inbound chain WebSphere plug-in Session Manager Servlet JSP EJB Container JCA Services Name Server (JNDI) Security Server Messaging Web Services Figure 1 Web container overview Each Web container provides the following: Web container transport chains Requests are directed to the Web container using the Web container inbound transport chain.
    [Show full text]
  • Tool Support for Computer Role-Playing Game Programming: Foundations, Guidelines and Applications
    Tampereen teknillinen yliopisto. Julkaisu 1237 Tampere University of Technology. Publication 1237 Juha-Matti Vanhatupa Tool Support for Computer Role-Playing Game Programming: Foundations, Guidelines and Applications Thesis for the degree of Doctor of Science in Technology to be presented with due permission for public examination and criticism in Tietotalo Building, Auditorium TB222, at Tampere University of Technology, on the 17th of October 2014, at 12 noon. Tampereen teknillinen yliopisto - Tampere University of Technology Tampere 2014 ISBN 978-952-15-3341-9 (printed) ISBN 978-952-15-3393-8 (PDF) ISSN 1459-2045 Abstract Computer role-playing games (CRPGs) are a genre of computer games, which aim at providing similar player experience than their ancestors, paper-and- pen role-playing games. For a type of digital games, their evolution is already rather long, as the first ones were created in 1980s. Typically CRPGs em- phasize character development and to support this huge fantasy worlds and sophisticated storylines are also present. CRPG development has unique challenges, which derive from these typical features. Content creation is a continuous issue, since huge virtual worlds and long storylines must be filled with content. Personalization is also an important issue, because all fun of creating personalized character is lost if it has no effect into the game. Low starting threshold is important for successful game. It is becoming essential that the player can start playing quickly and she is not required to spent time waiting the installation to be completed. This can be achieved by web-based approach, since web-based games do not require installations.
    [Show full text]
  • 2Nd USENIX Conference on Web Application Development (Webapps ’11)
    conference proceedings Proceedings of the 2nd USENIX Conference Application on Web Development 2nd USENIX Conference on Web Application Development (WebApps ’11) Portland, OR, USA Portland, OR, USA June 15–16, 2011 Sponsored by June 15–16, 2011 © 2011 by The USENIX Association All Rights Reserved This volume is published as a collective work. Rights to individual papers remain with the author or the author’s employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. Permission is granted to print, primarily for one person’s exclusive use, a single copy of these Proceedings. USENIX acknowledges all trademarks herein. ISBN 978-931971-86-7 USENIX Association Proceedings of the 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Conference Organizers Program Chair Armando Fox, University of California, Berkeley Program Committee Adam Barth, Google Inc. Abdur Chowdhury, Twitter Jon Howell, Microsoft Research Collin Jackson, Carnegie Mellon University Bobby Johnson, Facebook Emre Kıcıman, Microsoft Research Michael E. Maximilien, IBM Research Owen O’Malley, Yahoo! Research John Ousterhout, Stanford University Swami Sivasubramanian, Amazon Web Services Geoffrey M. Voelker, University of California, San Diego Nickolai Zeldovich, Massachusetts Institute of Technology The USENIX Association Staff WebApps ’11: 2nd USENIX Conference on Web Application Development June 15–16, 2011 Portland, OR, USA Message from the Program Chair . v Wednesday, June 15 10:30–Noon GuardRails: A Data-Centric Web Application Security Framework . 1 Jonathan Burket, Patrick Mutchler, Michael Weaver, Muzzammil Zaveri, and David Evans, University of Virginia PHP Aspis: Using Partial Taint Tracking to Protect Against Injection Attacks .
    [Show full text]