InfoQ Homepage Security Content on InfoQ
-
Presentation: Patterns for securing architectures
Security is about trade-offs you make with your limited resources, often a problem when designing a system or an after-thought. Few have the expertise to design good security and most development teams have no security expert. In this talk, Peter Sommerlad focuses on Security Patterns for designing security in architectures, such as Role-based Access Control, Single Access Point, and Front Door.
-
Spring (Acegi) Security 2.0 Adds OpenID Support, REST Capabilities, and Performance Improvements
Spring Security 2.0 has been released after almost two years of development. This new release replaces Acegi Security as the official security module for Spring applications and includes significant enhancements and new features.
-
Security for Services and Mashups
Security has become a rising concern in most applications and systems today. Whether you are building small mashups, enterprise applications, or a platform for SOA, there are several issues and approaches that are being discussed. Erica Naone talked about dealing with security in the world of mashups recently while Bob Rhubart and David Garrison from BEA discussed securing the services you deploy.
-
OASIS Symposium: Composability within SOA
OASIS is going to hold a 3 day symposium on the topic of "Composability within SOA" in Santa Clara, CA from April 28th to April 30th. Engineers and Scientists from vendors and end-user companies will discuss topics including mashups, Service-Oriented Ajax, SCA, BPEL, SDO, BPM, Web Service Transactions, Data Security in SOA, SOA Reference Architecture...
-
Article: Securing a Grails Application with Acegi Security
In this article, Fadi Shami gives a walkthrough of integrating the grails-acegi plugin with a sample Grails application. As part of this integration, there are three major components which are used – Groovy, Grails and Acegi Security.
-
Can Architects Stop Financial Ruin and Market Meltdowns?
The purported fraud by Jerome Kerviel at Société Générale may bring down a major financial institution and may have caused markets to tumble worldwide. Attention has turned to systems intended to prevent fraud and other illegal activities. What role can software architects play in detecting and avoiding fraud and other suspicious behavior?
-
AntiSamy 1.0 Released - Protecting web applications from malicious HTML and CSS
AntiSamy aims to provide an API for protecting HTML and CSS code from malicious content such as XSS attacks. Version 1.0 was recently released, providing a Java implementation, with .Net and PHP to follow.
-
CrossFrame - Safe, Cross Domain Widget Coordination for Mashups
Julien Lecomte has announced the availability of CrossFrame - a JavaScript library for cross domain communication between widgets hosted on different hosts. The technique, while inherently dangerous, solves an outstanding problem facing Mashup developers.
-
Single Sign-On beyond the firewall
Taking a look at the challenges that lay ahead in the quest for Federated Identity Management.
-
HDIV 2.0: Security framework now integrates with Spring MVC and JSTL
HDIV, an open-source web application security framework, recently released version 2.0. InfoQ spoke with HDIV project lead Roberto Velasco Sarasola to learn more about this release.
-
Gone in 160 seconds - cracking passwords with Rainbow Hash Cracking
The Microsoft password strength checker rates "Fgpyyih804423" as a strong password, but the multi-platform password cracking tool ophcrack was able to crack it in 160 seconds using a Rainbow Hash Table attack. Jeff Atwood takes a look at this attack technique, and offers suggestions for safe password storage.
-
Don't Run as Administrator: WCF Edition
In an attempt to correct years of bad practices, Microsoft employees have been chanting "Don't Run as Administrator". This time around, Nicholas Allen covers assigning HTTP addresses to non-administrator user accounts, primarily for use by WCF.
-
Internet Explorer increases cookie limit to 50
Internet Explorer will now support 50 cookies per domain, but the performance implications of large HTTP request sizes require caution on the part of web developers.
-
XACML finally ready for prime time?
XACML, the eXtensible Access Control Markup Language, an Oasis standard approved more than 2 years ago, has been demonstrated to work cross vendor platforms on Burton's Catalyst Conference last week.
-
Article: Service Firewall Pattern
InfoQ publishes a sample pattern from Arnon Rotem-Gal-Oz' in-progress book SOA Patterns. Arnon explains how to use a Service Firewall to intercept messages to provide better security.