CSC/ECE 517 Fall 2009/wiki2 17 va: Difference between revisions
No edit summary |
|||
Line 15: | Line 15: | ||
[http://en.wikipedia.org/wiki/Service-oriented_architecture ''Service Oriented Architecture''] (or SOA) is a concept in computing that defines the interaction of different software in terms of protocols and functionality. SOA is designed so that each functional unit of software in a system is isolated from each other and provides a service without directly making [http://en.wikipedia.org/wiki/Subroutine calls] to each other. | [http://en.wikipedia.org/wiki/Service-oriented_architecture ''Service Oriented Architecture''] (or SOA) is a concept in computing that defines the interaction of different software in terms of protocols and functionality. SOA is designed so that each functional unit of software in a system is isolated from each other and provides a service without directly making [http://en.wikipedia.org/wiki/Subroutine calls] to each other. | ||
The information being used to communicate between services must contain sufficient detail about the characteristic of | The information being used to communicate between services must contain sufficient detail about the characteristic of the data and the data itself and must remain independent of the underlying platform and programming language. SOA does not specify the format to transfer the data, and programmers have generally used XML, it does, however, describe that it must meet the following criterias: | ||
!!!! The two bullets below have been retrieved from wikipedia, need to paraphrase | !!!! The two bullets below have been retrieved from wikipedia, need to paraphrase and/or change | ||
*The metadata should come in a form that software systems can use to configure dynamically by discovery and incorporation of defined services, and also to maintain coherence and integrity. | *The metadata should come in a form that software systems can use to configure dynamically by discovery and incorporation of defined services, and also to maintain coherence and integrity. | ||
*The metadata should come in a form that system designers can understand and manage with a reasonable expenditure of cost and effort. | *The metadata should come in a form that system designers can understand and manage with a reasonable expenditure of cost and effort. | ||
SOA also does not limit the protocol used to transfer the data and a wide variety of technologies can be used including [http://en.wikipedia.org/wiki/SOAP_(protocol) SOAP], [http://en.wikipedia.org/wiki/Representational_State_Transfer REST] and [http://en.wikipedia.org/wiki/Remote_procedure_call RPC]. This is generally left for the programmer of the system. | |||
=='''Body'''== | =='''Body'''== | ||
Service-oriented Architecture becomes greatly effective when the underlying programs are able to dynamically adapt to the data received. Two very important concepts support this principles that SOA is build upon: | |||
#[http://en.wikipedia.org/wiki/Reflection_(computer_science) Reflection] - Programs that modify their own behavior | |||
#[http://en.wikipedia.org/wiki/Metaprogramming Metaprogramming] - Programs that write and manipulate other programs | |||
!!!! How to format | !!!! How to format |
Revision as of 01:27, 8 October 2009
I have copied things that help with formatting the page from my prior wiki. Feel free to add in anything that you think may help with formatting from your project.
Main topic (to keep us on track):
Note: Delete all the !!!! parts when done. These are notes while developing the wiki.
!!!! SOA provides another view of providing functionality based upon services offered in terms of protocols and a specific API. To provide services, platforms rely upon principles and the power that can be expressed through reflection and meta programming. Research and report how these critical concepts relate to and support SOA.
Service Oriented Architecture (SOA), Reflection, and Metaprogramming
Introduction
Service Oriented Architecture (or SOA) is a concept in computing that defines the interaction of different software in terms of protocols and functionality. SOA is designed so that each functional unit of software in a system is isolated from each other and provides a service without directly making calls to each other.
The information being used to communicate between services must contain sufficient detail about the characteristic of the data and the data itself and must remain independent of the underlying platform and programming language. SOA does not specify the format to transfer the data, and programmers have generally used XML, it does, however, describe that it must meet the following criterias: !!!! The two bullets below have been retrieved from wikipedia, need to paraphrase and/or change
- The metadata should come in a form that software systems can use to configure dynamically by discovery and incorporation of defined services, and also to maintain coherence and integrity.
- The metadata should come in a form that system designers can understand and manage with a reasonable expenditure of cost and effort.
SOA also does not limit the protocol used to transfer the data and a wide variety of technologies can be used including SOAP, REST and RPC. This is generally left for the programmer of the system.
Body
Service-oriented Architecture becomes greatly effective when the underlying programs are able to dynamically adapt to the data received. Two very important concepts support this principles that SOA is build upon:
- Reflection - Programs that modify their own behavior
- Metaprogramming - Programs that write and manipulate other programs
!!!! How to format
List:
- A
- B
- C
Link:
- Parametric Polymorphism (Ruby) - This language feature can handle a wide variety of inputs without crashing, but unexpected inputs may be processed in unexpected ways, causing the need for greater input testing. Tools have been developed to perform this testing.
class Employee < ActiveRecord::Base validates_confirmation_of :password, :email_address, :on => :create validates_presence_of :name, :sex, :age, :salary, :address validates_inclusion_of :sex, :in => %w(M F), :message => 'must be M or F' validates_inclusion_of :age, :within => 1..60 validates_length_of :salary :allow_nil => false, :within => 50000..120000 validates_length_of :address, :allow_blank => false, :allow_nil => false, :maximum => 500 end
Ruby and Rails also provides Test Unit which should be used to test for this. Polymorphism in Rails makes it very important to perform these checks. Rails has a plugin tarantula, a fuzzy spider. It crawls the rails application, fuzzing inputs and analyzing what comes back. 7
CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
Appendix
Vulnerability: Susceptibility to attack. A detailed description can be found here
References
!!!! Note: change these, they are here for example only 1. http://www.sans.org/top25errors/#s4 - Lists top 25 errors by category
2. http://guides.rubyonrails.org/security.html - Security features of Ruby
3. Thomas, Dave (2006). Programming Ruby, The Pragmatic Programmers' Guide. 4. Ruby, Sam et al. (2009). Agile Web Development with Rails, Third Edition.
Useful External Links
- http://guides.rubyonrails.org/security.html - Ruby on Rails security
- http://www.owasp.org/ - Open Web Security Application Project