Archive for the ‘web’ Category.
May 29, 2001, 7:50 am
Gartner (John Pescatore):
Another Windows 2000 flaw exposes Microsoft security weaknesses
The security flaw recently identified by Microsoft is only the latest in a long series of embarrassing exposures of software vulnerabilities in Windows 2000, primarily in its IIS Web-server component. This latest IIS vulnerability reveals the weaknesses inherent in Microsoft’s overreliance on issuing checklists designed to enable security-deficient software to be configured to make vulnerabilities less accessible. Gartner recognizes that Microsoft has begun to invest in improving its software-development and product-management processes to improve the security of the server operating systems (OSs) it will release in 2003 and beyond. Unfortunately, IIS predates any such focus on security at Microsoft—and it shows.
Enterprises using Windows 2000 in Internet-exposed applications must take serious precautions to ensure that IIS does not offer an open door to attacks by hackers and cybercriminals. Applying the Microsoft checklists (available at http://www.microsoft.com/security) are only the beginning. Gartner recommends that enterprises also use OS-hardening, policy-enforcement, host-based intrusion-detection or application-specific firewall software as part of all uses of IIS.
Enterprises that have not yet committed to IIS as their Web-server software should heavily weight security as a criterion in evaluating which Web-server software to use. Although IIS may come for free as part of Windows 2000, the operational costs of continually installing patches to address new IIS vulnerabilities—not to mention the cost of security incidents against IIS before it is patched—causes IIS to carry a very high total cost of ownership.
[via TechRepublic]
May 24, 2001, 8:14 am
OnLamp: Structured grep and Python “When text files are structured, like HTML, XML, or even news or mail files, you can take advantage of that structure in your search. You can search for words that appear within certain tags, like in the title element of an HTML document, or within the From field of a mail file. All you need is a tool that understands the structure of your text…
Jani Jaakkola and Pekka Kilpeläinen’s structured text search and index tool, sgrep, handles all structured text in a generic way. Sgrep’s expression language allows you to provide details about the structure to sgrep so it can find exactly what you want.” [Zope Newbie News]
May 21, 2001, 7:37 am
Stapler is a tool for Radio UserLand that creates RSS feeds from sources you select, scraped hourly (or every N hours, variable for each source) from HTML web sites.
May 14, 2001, 3:39 pm
Update: Evolution of RSS. Completely rewitten, we’ve expanded our RSS treatise. Now with more background info, a 0.92 DTD with examples, an interview with Dan Libby, plus extensive reference links. By Andy King. 0514 [WebReference News]
May 7, 2001, 8:29 am
Webreference: The Evolution of RSS “We look at how RSS has evolved from its humble beginnings through present day and beyond. We survey all versions of RSS, including a feature comparison, a new RSS survey, plus format and validation information. Learn how the newest versions of RSS will move us towards a more Semantic Web.” [Zope Newbie News]
April 13, 2001, 7:14 am
Security for Web Database Applications. You know you want to protect yourself, and your database. Here’s how. [WebReview.com]
April 6, 2001, 3:58 pm
Webmonkey: IE 6 Switches to Standards. Jeffrey Veen. The new version is essentially two browsers: one that faithfully does things the old way, bugs and all, and one that follows Netscape’s lead and gets the standards right. As a result, you get to decide which way your page should be displayed. [Tomalak’s Realm]
April 4, 2001, 8:14 am
XSLies is a simple XSLT application for making Web-based presentations. It uses a simple XML input file to generate an HTML slideset. The resulting layout is completely customizable using XSL and CSS.
