ebook img

Hack Proofing XML PDF

402 Pages·2001·5.706 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Hack Proofing XML

224_HPXML_FM.qxd 7/1/02 9:02 AM Page i s o l u t i o n s @ s y n g r e s s . c o m With more than 1,500,000 copies of our MCSE, MCSD, CompTIA, and Cisco study guides in print, we continue to look for ways we can better serve the information needs of our readers. One way we do that is by listening. Readers like yourself have been telling us they want an Internet-based ser- vice that would extend and enhance the value of our books. Based on reader feedback and our own strategic plan, we have created a Web site that we hope will exceed your expectations. [email protected] is an interactive treasure trove of useful infor- mation focusing on our book topics and related technologies. The site offers the following features: ■ One-year warranty against content obsolescence due to vendor product upgrades. You can access online updates for any affected chapters. ■ “Ask the Author” customer query forms that enable you to post questions to our authors and editors. ■ Exclusive monthly mailings in which our experts provide answers to reader queries and clear explanations of complex material. ■ Regularly updated links to sites specially selected by our editors for readers desiring additional reliable information on key topics. Best of all, the book you’re now holding is your key to this amazing site. Just go to www.syngress.com/solutions, and keep this book handy when you register to verify your purchase. Thank you for giving us the opportunity to serve your needs. And be sure to let us know if there’s anything else we can do to help you get the maximum value from your investment. We’re listening. www.syngress.com/solutions 224_HPXML_FM.qxd 7/1/02 9:02 AM Page ii 224_HPXML_FM.qxd 7/1/02 9:02 AM Page iii 1YEAR UPGRADE BUYER PROTECTION PLAN ® ‘ken’@ftu Dr. Everett F. Carter, Jr. Jeremy Faircloth Curtis Franklin, Jr. Larry Loeb Technical Editor 224_HPXML_FM.qxd 7/1/02 9:02 AM Page iv Syngress Publishing,Inc.,the author(s),and any person or firm involved in the writing,editing,or production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind,expressed or implied,regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights,which vary from state to state. In no event will Makers be liable to you for damages,including any loss of profits,lost savings,or other incidental or consequential damages arising out from the Work or its contents.Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages,the above limitation may not apply to you. You should always use reasonable care,including backup and other appropriate precautions,when working with computers,networks,data,and files. Syngress Media®,Syngress®,“Career Advancement Through Skill Enhancement®,”and “Ask the Author UPDATE®,”are registered trademarks of Syngress Publishing,Inc.“Mission Critical™,”“Hack Proofing®,”and “The Only Way to Stop a Hacker is to Think Like One™”are trademarks of Syngress Publishing,Inc.Brands and product names mentioned in this book are trademarks or service marks of their respective companies. KEY SERIAL NUMBER 001 H7GYPK9V43 002 CVFN7T6Q2U 003 HF8J953ATX 004 6N7H8Z2B9Y 005 T5MPR3U83S 006 NC47ES6B6X 007 EP4Q2G8DAK 008 UJ6MRD9BK7 009 V6SP7FW4KH 010 9Z5BVM3F7U PUBLISHED BY Syngress Publishing,Inc. 800 Hingham Street Rockland,MA 02370 Hack Proofing XML Copyright © 2002 by Syngress Publishing,Inc.All rights reserved.Printed in the United States of America.Except as permitted under the Copyright Act of 1976,no part of this publication may be reproduced or distributed in any form or by any means,or stored in a database or retrieval system, without the prior written permission of the publisher,with the exception that the program listings may be entered,stored,and executed in a computer system,but they may not be reproduced for publication. Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 ISBN: 1-931836-50-7 Technical Editor:Larry Loeb Cover Designer:Michael Kavish Technical Reviewer:Adam Sills and Vitaly Osipov Page Layout and Art by:Shannon Tozier Acquisitions Editor:Catherine B.Nolan Copy Editor:Adrienne Rebello Developmental Editor:Jonothan Babcock Indexer:Nara Wood Distributed by Publishers Group West in the United States and Jaguar Book Group in Canada. 224_HPXML_FM.qxd 7/1/02 9:02 AM Page v Acknowledgments We would like to acknowledge the following people for their kindness and support in making this book possible. Ralph Troupe,Rhonda St.John,Emlyn Rhodes,and the team at Callisma for their invaluable insight into the challenges of designing,deploying and supporting world- class enterprise networks. Karen Cross,Lance Tilford,Meaghan Cunningham,Kim Wylie,Harry Kirchner, Kevin Votel,Kent Anderson,Frida Yara,Jon Mayes,John Mesjak,Peg O’Donnell, Sandra Patterson,Betty Redmond,Roy Remer,Ron Shapiro,Patricia Kelly,Andrea Tetrick,Jennifer Pascal,Doug Reil,David Dahl,Janis Carpenter,and Susan Fryer of Publishers Group West for sharing their incredible marketing experience and expertise. Jacquie Shanahan,AnnHelen Lindeholm,David Burton,Febea Marinetti,Rosie Moss,and Judy Chappell of Elsevier Science for making certain that our vision remains worldwide in scope. David Buckland,Wendi Wong,Daniel Loh,Marie Chieng,Lucy Chong,Leslie Lim, Audrey Gan,and Joseph Chan of Transquest Publishers for the enthusiasm with which they receive our books. Kwon Sung June at Acorn Publishing for his support. Jackie Gross,Gayle Voycey,Alexia Penny,Anik Robitaille,Craig Siddall,Darlene Morrow,Iolanda Miller,Jane Mackay,and Marie Skelly at Jackie Gross & Associates for all their help and enthusiasm representing our product in Canada. Lois Fraser,Connie McMenemy,Shannon Russell,and the rest of the great folks at Jaguar Book Group for their help with distribution of Syngress books in Canada. A special welcome to the folks at Woodslane in Australia! Thank you to David Scott and everyone there as we start selling Syngress titles through Woodslane in Australia, New Zealand,Papua New Guinea,Fiji Tonga,Solomon Islands,and the Cook Islands. vv 224_HPXML_FM.qxd 7/1/02 9:02 AM Page vi Contributors Hal Flynn is a Threat Analyst at SecurityFocus,the leading provider of Security Intelligence Services for Business.Hal functions as a Senior Analyst,performing research and analysis of vulnerabilities,malicious code,and network attacks.He provides the SecurityFocus team with UNIX and Network expertise.He is also the manager of the UNIX Focus Area and moderator of the Focus-Sun,Focus-Linux,Focus-BSD, and Focus-GeneralUnix mailing lists. Hal has worked the field in jobs as varied as the Senior Systems and Network Administrator of an Internet Service Provider,to contracting the United States Defense Information Systems Agency,to Enterprise-level consulting for Sprint.He is also a veteran of the United States Navy Hospital Corps,having served a tour with the 2nd Marine Division at Camp Lejeune,NC as a Fleet Marine Force Corpsman.Hal is mobile, living between sunny Phoenix,AZ and wintry Calgary,Alberta,Canada. Rooted in the South,he still calls Montgomery,AL home. Curtis Franklin, Jr. is President and Editorial Director of CF2 Group. CF2 Group is a technology assessment and communications firm head- quartered in Gainesville,FL.CF2 Group provides technology assessment, product review,competitive product comparison and editorial creative services to manufacturers,end-user organizations and publications across the high-tech spectrum.Curtis provides leadership and principal creative input to project technologies ranging from embedded systems to Web- based enterprise infrastructure. Curtis is the Founder of two major industry testing labs,the BYTE Testing Lab and Client/Server Labs.He has published over 1,400 articles in his career,and has led performance and technology assessment projects for clients including IBM,Intel,Microsoft,and HP.Curtis hold’s a bach- elor’s degree from Birmingham-Southern College.He lives in Gainesville, FL with his family,Carol and Daniel. Curtis is grateful for the unending support and encouragement of his wife,Carol,who has been a source of love and inspiration for so very long. vi 224_HPXML_FM.qxd 7/1/02 9:02 AM Page vii Dr. Everett F. (Skip) Carter, Jr. is President of Taygeta Network Security Services (a division of Taygeta Scientific Inc.).He is also CEO/CTO of CaphNet,Inc.Skip has expert level knowledge of multiple programming/scripting languages (Ada,C,C++,C+ FORTRAN,Forth, Perl,HTML,WML,and XML) as well as multiple operating systems (DOS,NT,PalmOS,Unix:SYSV,BSD and Linux).Skip,through Taygeta Network Security Services,is the “tip of the sword”for Internet intrusion investigation and network security assessments.Taygeta Scientific Inc.pro- vides contract and consulting services in the areas of scientific computing, smart instrumentation,and specialized data analysis.CaphNet,Inc.is a start-up providing WML,cHTML and xHTML Browser Software Platforms for mobile devices. Skip holds both a Ph.D.and master’s in Applied Physics from Harvard University.In addition,he holds two bachelor’s degrees from the Massachusetts Institute of Technology—one in Physics and the other in Earth and Planetary Sciences (Geophysics).Skip is a member of the American Society for Industrial Security (ASIS).He has authored several articles for Dr.Dobb’s Journal,and Computer Language magazines as well a numerous scientific articles and is a past columnist for Forth Dimensions magazine.Skip resides in Monterey,CA with his wife of 17 years,Trace and their 12-year-old son,Rhett. ‘ken’@FTU has helped suppliers to conduct B2B XML transactions with large e-commerce portals including Ariba.He is also credited with discov- ering security vulnerabilities in software products by major vendors such as Microsoft and IBM.Currently he works at a bank doing technical auditing and penetrating testing of their networks,systems and applications. Jeremy Faircloth (CCNA,MCSE,MCP+I,A+) is a Systems Analyst for Gateway,Inc.where he develops and maintains enterprise-wide client/ server and Web-based technologies.He also acts as a technical resource for other IT professionals,using his expertise to help others expand their knowledge.As a Systems Analyst with over 10 years of real-world IT experience,he has become an expert in many areas of IT including Web development,database administration,programming,enterprise security,network design,and project management.He is a co-author of vii 224_HPXML_FM.qxd 7/1/02 9:02 AM Page viii ASP .NET Developer’s Guide (Syngress Publishing,ISBN:1-928994-51-2) and C# for Java Programmers (Syngress,ISBN:1-931836-54-X).Jeremy currently resides in Dakota City,NE and wishes to thank Christina Williams for her support in his various technical endeavors. Joe Dulay (MCSD) is the Vice-President of Technology for the IT Age Corporation.IT Age Corporation is a project management and software development firm specializing in customer-oriented business enterprise and e-commerce solutions located in Atlanta,GA.His current responsibil- ities include managing the IT department,heading the technology steering committee,software architecture,e-commerce product manage- ment,and refining development processes and methodologies.Though most of his responsibilities lay in the role of manager and architect,he is still an active participant of the research and development team.Joe holds a bachelor’s degree from the University of Wisconsin in Computer Science.His background includes positions as a Senior Developer at Siemens Energy and Automation,and as an independent contractor spe- cializing in e-commerce development.Joe is also co-author of Syngress Publishing’s Hack Proofing Your Web Applications (ISBN: 1-928994-31-8).Joe would like to thank his family for always being there to help him. F.William Lynch (SCSA,CCNA,LPI-I,MCSE,MCP,Linux+,A+) is co-author for Syngress Publishing’s Hack Proofing Sun Solaris 8 (ISBN: 1-928994-44-X) and Hack Proofing Your Network,Second Edition (1-928994-70-9).He is an independent security and systems administra- tion consultant and specializes in firewalls,virtual private networks,secu- rity auditing,documentation,and systems performance analysis.William has served as a consultant to multinational corporations and the Federal government including the Centers for Disease Control and Prevention headquarters in Atlanta,GA as well as various airbases of the USAF.He is also the Founder and Director of the MRTG-PME project,which uses the MRTG engine to track systems performance of various UNIX-like operating systems.William holds a bachelor’s degree in Chemical Engineering from the University of Dayton in Dayton,OH and a master’s of Business Administration from Regis University in Denver,CO. viii 224_HPXML_FM.qxd 7/1/02 9:02 AM Page ix Technical Editor Larry Loeb is the Principal of pbc enterprises in Wallingford,CT,a con- sulting firm specializing in IT matters.He has been a Consulting Editor for BYTE magazine,Contributing Editor for Circuit Cellar Ink,Senior Editor for WebWeek,Editor of the Macintosh Exchange on BIX,and a columnist for ITworld.He currently writes a monthly column for IBM’s online developer Works. Larry has also contributed to the Internet Business Analyst (U.K.), MacUser, Internet World,BYTEWeek,Macworld,VARBusiness,Home/Office Computing,Solutions Integrator,and other publications.He is the author of the book Secure Electronic Transactions:Introduction and Technical Reference. Technical Reviewers Adam Sills is a Software Architect at GreatLand Insurance,a small insur- ance company parented by Kemper Insurance.He works in a small IT department that focuses on creating applications to expedite business pro- cesses and manage data from a multitude of locations.Previously,he had a small stint in consulting and also worked at a leading B2B e-commerce company designing and building user interfaces to interact with a large- scale enterprise eCommerce application.Adam’s current duties include building and maintaining Web applications,as well as helping to architect, build,and deploy new Microsoft .NET technologies into production use. Adam has contributed to the writing of a number of books for Syngress including ASP .NET Developer’s Guide (ISBN:1-928994-51-2),C# .NET Web Developers Guide (ISBN:1-9289984-50-4) and the XML.NET Developer’s Guide (ISBN:1-928994-47-4).Additionally,Adam is an active member of a handful of ASP and ASP.NET mailing lists,providing sup- port and insight whenever he can. ix

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.