CSC/ECE 517 Fall 2009/wiki2 17 va

From Expertiza_Wiki
Revision as of 02:10, 8 October 2009 by Ncsueng (talk | contribs)
Jump to navigation Jump to search

I have copied things that help with formatting the page from my prior wiki. Feel free to add in anything that you think may help with formatting from your project.

Main topic (to keep us on track):

Note: Delete all the !!!! parts when done. These are notes while developing the wiki.

!!!! SOA provides another view of providing functionality based upon services offered in terms of protocols and a specific API. To provide services, platforms rely upon principles and the power that can be expressed through reflection and meta programming. Research and report how these critical concepts relate to and support SOA.

Service Oriented Architecture (SOA), Reflection, and Metaprogramming

Introduction

Service Oriented Architecture (or SOA) is a concept in computing that defines the interaction of different software in terms of protocols and functionality. SOA is designed so that each functional unit of software in a system is isolated from each other and provides a service without directly making calls to each other.

The information being used to communicate between services must contain sufficient detail about the characteristic of the data and the data itself and must remain independent of the underlying platform and programming language. SOA does not specify the format to transfer the data, and programmers have generally used XML, it does, however, describe that it must meet the following criterias: !!!! The two bullets below have been retrieved from wikipedia, need to paraphrase and/or change

  • The metadata should come in a form that software systems can use to configure dynamically by discovery and incorporation of defined services, and also to maintain coherence and integrity.
  • The metadata should come in a form that system designers can understand and manage with a reasonable expenditure of cost and effort.

SOA also does not limit the protocol used to transfer the data and a wide variety of technologies can be used including SOAP, REST and RPC. This is generally left for the programmer of the system.

Body

Service-oriented Architecture becomes greatly effective when the underlying programs are able to dynamically adapt to the data received. Two very important concepts support this principles that SOA is build upon:

  1. Reflection - Programs that modify their own behavior
  2. Metaprogramming - Programs that write and manipulate other programs

Reflection

Reflection is a specific type of meta-programming and emphasizes dynamic program modification.

  • Example: Reflection Ruby example for dynamically adding an instance method
 # Define an instance method len of String to return string length
 String.class_eval("def len; size; end")

Has the same outcome as

  • Example: Open class and define new method
 class String
   def len
     size
   end
 end


Metaprogramming

!!!! How to format List:

  • A
  • B
  • C

Link:

  • Parametric Polymorphism (Ruby) - This language feature can handle a wide variety of inputs without crashing, but unexpected inputs may be processed in unexpected ways, causing the need for greater input testing. Tools have been developed to perform this testing.


  • Example: 15 A detailed examples can be found at 34
 class Employee < ActiveRecord::Base
   validates_confirmation_of :password, :email_address, :on => :create
   validates_presence_of :name, :sex, :age, :salary, :address
   validates_inclusion_of :sex, :in => %w(M F), :message => 'must be M or F'
   validates_inclusion_of :age, :within => 1..60
   validates_length_of :salary :allow_nil => false, :within => 50000..120000
   validates_length_of :address, :allow_blank => false, :allow_nil => false, :maximum => 500
 end

Ruby and Rails also provides Test Unit which should be used to test for this. Polymorphism in Rails makes it very important to perform these checks. Rails has a plugin tarantula, a fuzzy spider. It crawls the rails application, fuzzing inputs and analyzing what comes back. 7


CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')

Appendix

Vulnerability: Susceptibility to attack. A detailed description can be found here


References

 !!!! Note: change these, they are here for example only 1. http://www.sans.org/top25errors/#s4 - Lists top 25 errors by category

2. http://guides.rubyonrails.org/security.html - Security features of Ruby

3. Thomas, Dave (2006). Programming Ruby, The Pragmatic Programmers' Guide. 4. Ruby, Sam et al. (2009). Agile Web Development with Rails, Third Edition.

Useful External Links

Retrieved from "https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Fall_2009/wiki2_17_va&oldid=22821"