• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 2
  • 2
  • Tagged with
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

具會談概念的網路應用程式記錄工具 / Session-aware logging utility for web applications

周彥江, Chou, Yann Jiang Unknown Date (has links)
目前許多網路應用程式(web application),遵循三層式開發架構,並藉由「會談」(session)營造出具有狀態機制的環境。雖然會談能將流程串起,其重要性無庸置疑,卻因分層的關係,造成想要在任一記錄點上,取得會談資訊的困難。 本研究的目的,即在嘗試以「剖面導向程式設計」(Aspect-Oriented Programming)為基礎,希望能打造一個簡單易用的工具,將「記錄」(log)這種非功能性,屬於橫切面考量的需求,暫時排除在開發階段外,到事後再以挑選的方式,更輕鬆地加入或修改。更重要的是,將會談資訊中的使用者帳號,或可資識別的序號,內嵌在每行記錄裏,因此稱為「具會談概念的記錄」。讓記錄內容的設計者,不需再為了如何封裝、傳遞、拆解而浪費時間。因為記錄與系統開發是獨立的,即使上線後,臨時性的記錄修改需求,也不至於對既有的穩定與效能,造成重大影響,或不可復原的災難性結果。 / Logging is an important part to application development for purposes such as debugging and auditing. While there are many good frameworks and utilities for assisting logging in application development, it is still not an easy task for the logging action to provide enough information for those purposes. Specifically, the user account information in particular or the session information in general is not easy to obtain when we perform logging for a designated backend operation such as database query. The reasons are twofold. Firstly, applications do not use user accounts, but have their own accounts to access database. Secondly, the three-tiered structure of an application makes it difficult to thread the user accounts to the backend for logging. This thesis presents an aspect-based utility for Java-based Web applications that enables developer to generate customizable logs with session information, including user accounts. Our tool employs two aspects: one predefined aspect for collecting session information and the other is generic one for producing user-defined logs at designated application points. Specifically, the tool takes a wizard-based approach that guides the user to customize the second aspect for its own target points in a user-friendly manner.
2

應用剖面導向技術研製網路應用程式之可設定式細緻化存取控管

林經緯, Lin,Ching Wei Unknown Date (has links)
存取控管(Access Control)是網路應用程式(Web Applications)安全防護中的核心課題。貫徹存取控管的程式碼往往必須嵌入到應用系統的各個模組中,具有橫跨(cross-cutting)的特性,卻也因此常常造成系統中反覆出現類似的程式碼以及不同需求的程式碼夾雜不清的現象。所以學界業界紛紛提出了許多可設定式(configurable)的存取控管機制來解決此一問題。但這些機制都著重在一般功能性(function-level)的存取控管,對於較細緻化(fine-grained)的資料存取(data-level)控管,並未提供設定式的控管方式,還是得透過程式化(programmatic)的方式處理,所以仍然有程式橫跨性的問題。 最近興起的剖面導向程式設計(Aspect-Oriented Programming)基於關注分離的原則(Separation of Concerns),針對像安全橫跨性的需求,倡議在原有的物件或函式模組外,另以剖面作為這些橫跨性需求的模組單位,既可集中開發又可依規則將安全程式碼整合至系統的各個模組。因此本研究將以AOP技術來設計與製作一套可設定式的細緻化存取控管服務與工具。 / Security is attracting more and more concerns in the development of Web applications. However, it is not easy to derive a robust security implementation for Web applications. The principle difficulty in designing security such as access control into an application system is that it is a concern that permeates through all the different modules of a system. As a result, security concerns in an application are often implemented with scattered and tangled code, which is not only error-prone but also makes it difficult to verify its correctness and perform the needed maintenance. Aspect-Oriented Programming (AOP) is a relative new design method that allows a programmer to isolate some of the code that crosscuts his program modules into a separate module, and thus realizes the concept of Separation of Concerns. AOP offers significant advantages to programming over traditional OO techniques in implementing crosscutting concerns such as access control. In this thesis, we define an XML schema for specifying fine-grained access control rules for Web applications in a configuration file and devise an aspect-oriented implementation scheme. Specifically, we develop an aspect synthesis tool that generates concrete access control aspects automatically from access control rules. These aspects, after woven into the base application, will enforce proper access control in a highly modular manner. As a result, we get a configurable implementation of access control that is not only adaptive but also effective.

Page generated in 0.0189 seconds