CSC/ECE 517 Fall 2009/wiki2 17 va
I have copied things that help with formatting the page from my prior wiki. Feel free to add in anything that you think may help with formatting from your project.
Main topic (to keep us on track):
Note: Delete all the !!!! parts when done. These are notes while developing the wiki.
!!!! SOA provides another view of providing functionality based upon services offered in terms of protocols and a specific API. To provide services, platforms rely upon principles and the power that can be expressed through reflection and meta programming. Research and report how these critical concepts relate to and support SOA.
Service Oriented Architecture (SOA), Reflection, and Metaprogramming
Introduction
Service Oriented Architecture (or SOA) is a concept in computing that defines the interaction of different software in terms of protocols and functionality. SOA is designed so that each functional unit of software in a system is isolated from each other and provides a service without directly making calls to each other.
The information being used to communicate between services must contain sufficient detail about the characteristic of it and the data itself. SOA does not describe the way the data needs to be described, packaged and transfered, these are left for the programmers of the system. It does, however, describe that it must meet the following criterias: !!!! The two bullets below have been retrieved from wikipedia, need to paraphrase
- The metadata should come in a form that software systems can use to configure dynamically by discovery and incorporation of defined services, and also to maintain coherence and integrity.
- The metadata should come in a form that system designers can understand and manage with a reasonable expenditure of cost and effort.
Body
!!!! How to format List:
- A
- B
- C
Link:
- Parametric Polymorphism (Ruby) - This language feature can handle a wide variety of inputs without crashing, but unexpected inputs may be processed in unexpected ways, causing the need for greater input testing. Tools have been developed to perform this testing.
class Employee < ActiveRecord::Base validates_confirmation_of :password, :email_address, :on => :create validates_presence_of :name, :sex, :age, :salary, :address validates_inclusion_of :sex, :in => %w(M F), :message => 'must be M or F' validates_inclusion_of :age, :within => 1..60 validates_length_of :salary :allow_nil => false, :within => 50000..120000 validates_length_of :address, :allow_blank => false, :allow_nil => false, :maximum => 500 end
Ruby and Rails also provides Test Unit which should be used to test for this. Polymorphism in Rails makes it very important to perform these checks. Rails has a plugin tarantula, a fuzzy spider. It crawls the rails application, fuzzing inputs and analyzing what comes back. 7
CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
Appendix
Vulnerability: Susceptibility to attack. A detailed description can be found here
References
!!!! Note: change these, they are here for example only 1. http://www.sans.org/top25errors/#s4 - Lists top 25 errors by category
2. http://guides.rubyonrails.org/security.html - Security features of Ruby
3. Thomas, Dave (2006). Programming Ruby, The Pragmatic Programmers' Guide. 4. Ruby, Sam et al. (2009). Agile Web Development with Rails, Third Edition.
Useful External Links
- http://guides.rubyonrails.org/security.html - Ruby on Rails security
- http://www.owasp.org/ - Open Web Security Application Project