Monday, January 08, 2007

Password Management Concerns with IE and Firefox, part one

Password Management Concerns with IE and Firefox, part one: "Password Management Concerns with IE and Firefox, part one
Mikhael Felker 2006-12-08

1. Introduction

This two-part paper presents an analysis of the security mechanisms, risks, attacks, and defenses of the two most commonly used password management systems for web browsers, found in Internet Explorer and Firefox. The article specifically addresses IE 6 and 7 and Firefox 1.5 and 2.0."

Vulnerability Scanning Web 2.0 Client-Side Components

Vulnerability Scanning Web 2.0 Client-Side Components: "Vulnerability Scanning Web 2.0 Client-Side Components
Shreeraj Shah 2006-11-27

Introduction

Web 2.0 applications are a combination of several technologies such as Asynchronous JavaScript and XML (AJAX), Flash, JavaScript Object Notation (JSON), Simple Object Access Protocol (SOAP), Representational State Transfer (REST). All these technologies, along with cross-domain information access, contribute to the complexity of the application. We are seeing a shift towards empowerment of an end-user's browser by loading libraries."

Java SE 6's New Scripting and Compiling Goodies

Java SE 6's New Scripting and Compiling Goodies: "Java SE 6's New Scripting and Compiling Goodies
Among the most intriguing features of the first Java SE 6 release candidate are the capabilities the new scripting and compiling APIs deliver.

by Eric Bruno
November 28, 2006

Since I wrote a DevX article on the first beta release of Java Standard Edition (SE) version 6 in February of this year, two new early-access versions have been released. This article discusses the first Java SE 6 release candidate, a feature-complete, almost fully tested implementation of the newest version of desktop Java. While the article in February focused on many GUI features (and declared Java SE 6 a desktop winner), this one focuses on some other new features and improvements, namely scripting and the compiler API."

An Open Source AJAX Comparison Matrix

An Open Source AJAX Comparison Matrix: "An Open Source AJAX Comparison Matrix
Get an at-a-glance comparison of the most popular open source AJAX frameworks and toolkits. The evaluation categories include installation, development, and support.

by Edmon Begoli
December 5, 2006

Open source AJAX frameworks and toolkits have matured to the point where they can handle just about any rich Internet application development task. To provide a reference guide for how well they handle particular tasks, I developed a side-by-side comparison matrix of the most popular ones. I selected the open source frameworks that the Ajaxian.com 2006 Survey recently identified as the most popular. Ajaxian.com is a leading online resource for the AJAX community, operated by early adopters of the technology."

Gain a Reputation for Building Trustworthy Applications

Gain a Reputation for Building Trustworthy Applications: "Gain a Reputation for Building Trustworthy Applications
Today's applications must address security appropriately or risk putting users and data at risk. Security tools, such as Watchfire's AppScan, allow you to effectively identify and correct your application's vulnerabilities before they can become a problem.

by Ty Anderson
December 22, 2006

Social Media has moved into the mainstream thanks to applications like YouTube, MySpace, Flickr, Blogger, and many, many more I can't even recall right now. Not only do these sites have great looking logos and catchy names, they also have what each of us building Web applications desire—an expanding user base along with great product 'buzz' (not to mention a healthy revenue stream). People everywhere are using these applications to share hilarious videos, to reveal way too much about their personal lives, and to express an opinion or two. Holding all of this together is the trust each user places into their Web application of choice. Trust is a great and beautiful concept but as the adage says: 'It takes 20 years to build a reputation and five minutes to ruin it.'"

IBM Steps Up Development of Cool Tools for Ajax

IBM Steps Up Development of Cool Tools for Ajax: "IBM Steps Up Development of Cool Tools for Ajax
IBM is working in conjunction with other industry leaders and organizations, including Dojo, to advance Ajax technology and promote Ajax use and adoption throughout the enterprise. Learn why this work is crucial to your success and your company's ability to stay competitive.

by Rikki Kirzner

Asynchronous JavaScript and XML (Ajax) has emerged as one of the key technologies to help organizations meet their objectives for maintaining competitive and performance advantages in light of constantly changing market conditions. The reason is simple—Ajax enables them to quickly create rich, dynamic Web applications capable of providing better user experiences with faster overall performance."

Call a Java Method from XQuery

Call a Java Method from XQuery: "Language: Java
December 4, 2006
Call a Java Method from XQuery
This tip shows you how to develop XQuery queries that may call any other method. The method called in this tip is java.lang.Math.random"

Read the Entries from a JAR/ZIP Archives with the URL Class

Read the Entries from a JAR/ZIP Archives with the URL Class: "Language: Java
December 27, 2006
Read the Entries from a JAR/ZIP Archives with the URL Class
This tip shows you how to display the entries from a JAR/ZIP archive using the java.net.URL class. The key in this example is the URL construction."

Mustang Must-Haves: What's Cool in Java SE 6

Mustang Must-Haves: What's Cool in Java SE 6: "Mustang Must-Haves: What's Cool in Java SE 6
The just-released Java SE 6 boasts many neat new features, such as integrated scripting, enhanced JDBC features, better Web service support, and much more. Here are few personal favorites from a seasoned Java developer and architect.

by John Ferguson Smart
December 18, 2006

The long-awaited Java SE 6 is upon us. This latest version of the Java SE environment brings a number of new features and enhancements, such as integrated support for scripting languages and Web services, improved JDBC features, and an integrated Derby database (in the SDK release), as well as some nice management features and enhanced performance."

Go Inside the Java Real-Time System

Go Inside the Java Real-Time System: "Go Inside the Java Real-Time System
Real-time Java is about more than applications that need to be fast. Find out what real-time requirements actually are and get an in-depth look at what Sun Microsystem's real-time Java can do for you.

by Eric Bruno
January 3, 2007

The Sun Java Real-Time System (Java RTS) is the first conformant commercial implementation of Java Specification Request (JSR) -001, the Real-Time Specification for Java (RTSJ). Although initially released in 2002, the RTSJ was updated in July 2006 to include some new features which are covered in this article."

Hyperscale Messaging in .NET with Amazon's Simple Queuing Service (SQS)

Hyperscale Messaging in .NET with Amazon's Simple Queuing Service (SQS): "Hyperscale Messaging in .NET with Amazon's Simple Queuing Service (SQS)
Amazon SQS makes queuing messages across organizations over HTTP a snap with its Web service interface and Amazon-backed infrastructure. This article walks you through the process to get started using Amazon SQS to create and control queues and messages.

by Gautam Shah
December 14, 2006

Message Queuing (MQ) has long been a foundation for applications that require asynchronous and disconnected communications. Implementations of Message Queuing such as Microsoft's MSMQ, IBM's WebSphere MQ, TIBCO's Rendezvous, and Progress Sonic's SonicMQ are all mature, highly reliable, and highly scalable. Now, Amazon, in a new bid to sell its capabilities as services, has entered the fray with its Amazon Simple Queue Service (SQS)."

Create XMLSchema DataTypes Direct from Java

Create XMLSchema DataTypes Direct from Java: "
Language: Java
December 18, 2006
Create XMLSchema DataTypes Direct from Java
This tip shows you how to create XMLSchema datatypes direct from Java, using the javax.xml.datatype.* package. In this example you'll create a Duration object (xs:duration in XMLSchema) and a XMLGregorianCalendar object (any date/time XMLSchema type)."

Putting AJAX Frameworks to the Test

Putting AJAX Frameworks to the Test: "Putting AJAX Frameworks to the Test
Get a developer's assessment of how well the most popular non-commercial AJAX frameworks performed during the development of a dynamic application.

by Edmon Begoli
December 5, 2006

Not so long ago, developers had to work directly with the XMLHTTPRequest object or use some very rudimentary libraries to get any AJAX work done. When I wrote my first article about AJAX on DevX in June of 2005, the technology was still in its infancy. Today, at least a dozen freely available AJAX frameworks offer features that can help developers accomplish even the most complicated tasks."