TIAN Yu-hong,WANG Ze-bing,FENG Yan

DOI: https://doi.org/10.3969/j.issn.1000-7024.2006.24.029

2006-01-01

Abstract:The Java virtual machine(JVM)is used more frequently as the basic engine behind dynamic web services.With the proliferation of network attacks on these network resources,much work are done to provide security for the network environment.Little effort has been placed on securing a Java web server where the attacker has a valid login to the host machine.After describing the vulnerabilities in Java's security mechanisms,an extended security system based on Java 2 security architecture is introduced.It also explains the runtime status of system.The increased assurance of correct system operation and the integrity of Java application server are provided.

Zhou Ze-kui

2007-01-01

Abstract:A novel process control and monitoring system frame using Ajax for improving the real-time performance of web-based systems was presented.The system was based on Browser/Server structure and OPC specification,and the Ajax was used to update the real-time data of client(the browser)without refreshing entire Web page.

吴吉义,平玲娣

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.08.020

2008-01-01

Abstract:As a turnabout on the traditional web application,AJAX has been becoming the magistral application technology in Web 2.0,and opened a prelude to the times of page updating without refurbishment.It is a trend that AJAX replaces updating web pages by form submission in traditional web development.After the introduction to the key technologies in AJAX,implementing processes between the traditional web application and AJAX application are compared.At the end,the advantages and shortages in AJAX are put forward based on technical practice.

Di Wu,Yabo Dong,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11563952_52

2005-01-01

Abstract:The fast development of E-Commerce and information technology brings much higher requirements for enterprise informationization. Because of the differences in platforms, development languages and standards etc, enterprise application integration (EAI) has become the important form of enterprise informationization to support complex business processes. Web services have emerged as the next generation of integration technology which provides the power to support interoperability. However EAI doesn’t just present new interoperability challenges; it also presents serious privacy and security challenges. This paper presents security architecture of Web Services based EAI which uses distributed Single Sign On authentication and distributed Role-based Access Control authorization. The basic concept and prototype system of the security architecture are described in detail.

Yifu Gan,HuiRong Yang

DOI: https://doi.org/10.1109/ISITAE.2007.4409291

2007-01-01

Abstract:Recently Ajax and Web Services are hot technologies in computer field. We can integrate them to build the web application that will be operated fluently, on-demand and easy for reuse. This paper at first introduces Ajax and Web Services shortly, then analyzes the popular integrated framework, in which Web Browsers access Web Services directly, and points out the defects of the framework. After that, this paper proposes a new integrated framework based on duplicate proxy pattern, in which Web Servers access Web Services, takes the project named "AHP Tool" as an example of the application of it, and summarizes the advantages and disadvantages of it at the end.

WU Yinfei,HE Qinming,WU Darui

2006-01-01

Abstract:This paper discusses the advantages of Java Web development,XML and XSLT;analyses the framework of Struts,and its advantages and disadvantages;and then presents how to use HttpServlet,which can convert XML into HTML by XSLT.Finally,this paper presents how to use the framework of Struts + XML + XSLT to replace JSP,and analyses the advantages of the framework.

Yuan Shuhong,Zhu Miaoliang,Yun Xia,Wu Di

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.01.048

2008-01-01

Abstract:Traditional Enterprise Application Integration(EAI) solutions lacking the support of the united standard have difficulties in resolving the main security problems such as authentication and authorization.To solve these problems,a brand new application integration security architecture based on Web Services WSSA-EAI is proposed.Web Services are applied to create general access interface,and SSO(Single Sign On) authentication and RBAC(Role-based Access Control)authorization are combined.A united EAI security architecture which is easy for maintenance is presented..

Huiyao An,Yang Song,Tao Yu,Hui Li,Peng Zhang,Jun Zha

DOI: https://doi.org/10.1109/CyberC.2014.27

2014-01-01

Abstract:As Ajax webpage can be built by Javascript function, Ajax makes it possible to send asynchronous requests to the server and handle the response in the background. It is not definite that the current URL reflects the current state of the webpage. The traditional approach of security crawler can not walk through the Ajax web application to collect all the interface information for web security testing. In this page, we will introduce several benefits of Ajax web application and some technical differences about the crawler and propose a new model based on finite-state machine with double filter strategy to make it possible for Ajax web application security test automatically. Additionally, the crawler will be highly compatible with the metaspolit framework. © 2014 IEEE.

Xiaohong Hu,Jingli Xue,Hui Zheng,Yimin Li,Hongjie Liu

DOI: https://doi.org/10.1109/MEC.2011.6025701

2011-01-01

Abstract:In the Brower/Server-based enterprise application system, a new web design approach based on Ajax technology is brought forth. Ajax and N-layer architecture are integrated in the development of college educational administration system, which results in better efficiency and maintainability. And particular realization method employing Ajax technology is presented for the generation tree module of the system infrastructure.

黄浩,赵辽英,苏程,俞伟斌

DOI: https://doi.org/10.3969/j.issn.1001-9146.2011.06.023

2011-01-01

Abstract:According to the disadvantages of the current WebGIS system,this paper proposed a system framework based on AJAX and Web Service,discussed the design of server and client,and through the development of geologic hazard information online publishing system of Wen Cheng county to test and verify.System operation results show that the system framework can reduce the server and client communication overhead significantly,overcome the heterogeneity of spatial information,and have a good application effect and practical value.

Phakpoom Chinprutthiwong,Raj Vardhan,Guangliang Yang,Guofei Gu

DOI: https://doi.org/10.1145/3427228.3427290

2020-01-01

Abstract:Nowadays, modern websites are utilizing service workers to provide users with app-like functionalities such as offline mode and push notifications. To handle such features, the service worker is equipped with special privileges including HTTP traffic manipulation. Thus, it is designed with security as a priority. However, we find that many websites introduce a questionable practice that can jeopardize the security of a service worker. In this work, we demonstrate how this practice can result in a cross-site scripting (XSS) attack inside a service worker, allowing an attacker to obtain and leverage service worker privileges. Due to the uniqueness of these privileges, such attacks can lead to more severe consequences compared to a typical XSS attack. We term this type of vulnerability as Service Worker based Cross-Site Scripting (SW-XSS). To assess the real-world security impact, we develop a tool called SW-Scanner and use it to analyze top websites in the wild. Our findings reveal a worrisome trend. In total, we find 40 websites vulnerable to this attack including several popular and high ranking websites. Finally, we discuss potential defense solutions to mitigate the SW-XSS vulnerability.

Cheng Zhan,Xie Li

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.10.007

2008-01-01

Abstract:Web Service security problem is one of the highlighted topics in information security area recently.This article presents two security mechanisms for Web Services,transport-level security and message-level security.Then the security technology used to implement message-level security is introduces in detail.Finally,it gives a conclusion to Web Service security and proposes a new Web Service layered security model.

韩海晓

DOI: https://doi.org/10.3969/j.issn.1004-373x.2009.04.030

2009-01-01

Abstract:The on-line examination system is designed and implemented adopting Web in AJAX.The AJAX technique is used to achieve asynchronous communication with server in system in order to create abundant friendly user windows which give no-refurbishing feeling to users.There is a favorable users interface in this system.Users can carry out examination-organized randomly by setting different examination-organized strategy,and append multimedia test questions,which is one of the features of on-line examination system

TANG Zhong-shi,ZHU Xian-ze,RAO Shun-bin

DOI: https://doi.org/10.3771/j.issn.1009-2307.2007.03.062

2007-01-01

Abstract:Internet Mapping Service has been an important part of the lives of most countries, governments, companies and people, thus it is also an important area in science researches. Being proposed in 2005, the technology of AJAX has become more and more mature, and quickly comes to the practical application. After one year's development, various internet mapping service based on AJAX has been widely used, such as Google Maps, Baidu Maps, Sogou Maps, Yahoo Maps and MSN Virtual Earth. This paper firstly analyzes the current situation of internet map services: there are conflicts between the immediate commands for map services of people and the slow and unfriendly map services. Then it simply introduces the advantages of AJAX. Further more, it explores some principles of the Internet Mapping Service based on AJAX, provides the framework of new mapping services, and discusses the objects of AJAX Engine. In the end, it analyzes the predomination and prospect and thinks about the direction of Geographical Information Service.

GAN Zhi-hua,JI Chao

DOI: https://doi.org/10.15991/j.cnki.411100.2005.04.023

2005-01-01

Abstract:Aboutthe security based on B/S structure,this paper puts forward a Resolvment at filtration of sensitive information.Actual test indicates that the scheme is effective and feasible.

XU Feng,LIN Guo-Yuan,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.02.001

2005-01-01

Computer Science

Abstract:Security is currently one of the biggest concerns about future development of Web services. This paper brief reviews the state of the research for access control in the Web service environment. In this paper,we first discuss the way to study the access control technology from the protocol stack of the Web services. Then we discusscd the access control technology of XML documents and the SOAP protocol,as well as correlation standard. Finally,the conclusion is given and the problems are pointed out,which should be resolved in further reserach.

Di-wen ZHENG,Li-wei SHEN,Xin PENG,Wen-yun ZHAO

DOI: https://doi.org/10.11896/j.issn.1002-137X.2014.11.030

2014-01-01

Computer Science

Abstract:For Web applications,component-based software development is also a way to improve the efficiency of development,whose solution involves the combination of the front-end and the back-end or third-party services.We proposed a component composition technology based on AJAX for Web application,based on the analysis on the component types and its composition pattern of the Web application.In this technology,we proposed two different solutions for combination of different component types.One uses jQuery to invoke Servlet while the other uses DWR technology to enable interaction between front-end page component and back-end business component or Web Service component.In addition,based on the proposed method,this paper implemented two online Web application component composition tools through two implementation styles,which allow users to define the composition details through graphical user interface and automatically complete the component composition process to generate Web applications.This paper used an experimental course selection website as an application development example,to verify the usefulness of the technology and the tool.

Feng Wang,Baoshan Ge,Li Zhang,Yong Chen,Yang Xin,Xiayuan Li

DOI: https://doi.org/10.1002/sres.2184

2013-04-04

Systems Research and Behavioral Science

Abstract:After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL‐VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real‐time mapping via agent or proxy technologies. Copyright © 2013 John Wiley & Sons, Ltd.

management,social sciences, interdisciplinary

Haixin Duan,Jianping Wu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2000.05.008

2000-01-01

Abstract:The definitions of some concepts related to security architecture for computer networks are presented firstly in this paper, and then, a framework is proposed from the aspect of security requirements. Based on the analysis of dependence among security services, a method is presented for classifying and rating network security according to se curity services and mechanisms. After the analysis of security mechanisms in TCP/IP protocol including IPSec and SSL, a protocol layered entity model is presented for implementation of security services and security management. From the aspect of entity unit, all kinds of security technologies are organized into to four layers. The place of security management in the architecture and content of management activities for large networks are described. At the end of this paper, further research directions are pointed about the security architecture.

LUO Sen,XU Bin,SUN Ke-wu

DOI: https://doi.org/10.3969/j.issn.1000-1220.2013.01.003

2013-01-01

Abstract:The paper proposes a service-oriented web application framework named iWeb,which enables web application adaptive to both context and QoS.In iWeb,a context model is established and context information is collected systematically according to the context model.A service selection approach based on context and QoS is proposed in the framework as the leverage of implementation of application adaption.This approach can select the best service(s) respect to QoS and context.For the usability of iWeb,thousands of available web services are collected and grouped by functionality in order to make service selection practicable.By providing development tools,service-oriented web application can be developed easily,and can fulfill its functionality using the selected service(s).The framework makes service-oriented web application more adaptive and more flexible.In the end,through analysis of practical relevance and experiments,this paper validate that iWeb is a practical and efficient web application framework.