Program Sessions and Tracks
Technical: Propeller Hats Required
TPR1: Web Applications Security - From Incident to Implementation
Scott Bassett, The University of Chicago
Cornelia Bailey, The University of Chicago
Web applications security is no longer an option, it is a necessity. In fact, it should be a critical part of every application development and deployment cycle. If code bases are not protected against various security vulnerabilities, it is not a question of *if* a security breach will occur, but *when* that security breach will occur. In early June of 2005, a Web application developed and hosted by the University of Chicago's Web Services department was exploited via a common SQL injection vulnerability. Up until this point the department's code had never been regarded as insecure or vulnerable to such an attack. After all, the department had a fairly rigorous development process in place that involved multiple stages of planning, peer review and code analysis. However, not enough attention had been paid to application security within the context of this process and, unfortunately, a lesson was learned the hard way (as they often are with security-related incidents.)
On the positive side, the attack was contained early on and the resultant fallout was minimal. Moreover, the attack served as a wake-up call that the university was in dire need of an effective and aggressive security policy for its Web applications. Any future breaches of security against the university's web applications would be unacceptable. We would like to share our story and the journey of the University of Chicago's Web Services department from this initial security incident to our current Web application security protocols and procedures.
This session is scheduled for Mon, Oct 23, from 9:45 AM to 10:45 AM.
TPR2: Getting on Board Ruby on Rails
Lillian Hillis, University of Wisconsin-Eau Claire
Brian Hogan, University of Wisconsin-Eau Claire
Are you frustrated with Java? Hit the wall with ASP and PHP? Is Web programming not fun anymore? Maybe you should consider Ruby on Rails, the latest Web application development framework. Find out when it makes sense to use, how it has been implemented at University of Wisconsin-Eau Claire, and where the best resources are. We'll even demo how fast and easy it is to develop with this exciting development tool.
This session is scheduled for Mon, Oct 23, from 11:00 AM to 12:00 PM.
TPR3: Put That Red Pen Down, and Step Away from the Copier! Going All the Way to a Digital Catalog Production Process (With a Lot of Help from XML & Dorothy)
Carol Burritt, Monroe Community College
Sean Baker, Monroe Community College
Bob Reynolds, Monroe Community College
Janet Ekis, Monroe Community College
Dorothy Hoskins, Textenergy LLC
Back before we were partying like it was 1999, the MCC computing folks developed a Lotus Notes-based system to gather, review and distribute content from information owners, for both the College Catalog/Student Handbook, and parts of the MCC Web site. Approximately 50 percent of the print catalog content has been handled by this system each year since, while the rest of the content was handled using the time-honored method of distributing round after round of printed copies to the contributors for editing and proofing. That was until some members of the MCC Web team, along with the catalog editor from the Public Affairs office, decided to send the stock price of red pens tumbling, and initiated the "MCC Catalog Database & InDesign Bidirectional Publishing Project," aka "Pubflow."
Pubflow takes the styled but unstructured content from the Adobe InDesign publication file, along with the structured Notes database content to XML, and maps the Notes output to the InDesign output, allowing the information to flow back and forth between the programs. When the project is done, instead of deciphering handwritten corrections, the publication designer will manipulate structured digital content that moves through an ordered approval process in Notes. The Web development team can distribute all the catalog content in more accessible formats, wherever and whenever needed. This will ensure a consistency of text and message. Finally, the content will be available for use in a wide variety of college business processes, while happy users applaud our collective genius. This presentation will cover the project from its inception and initial planning, through the first catalog publication cycle and beyond.
This session is scheduled for Mon, Oct 23, from 1:30 PM to 2:30 PM.
TPR4: Fine-tuning Your Forms
Michael Adams, University of Northern Colorado
Structure your forms for better usability and display by using XHTML and CSS fieldset tags. Fieldsets can be very helpful and are easy to use. Bonus: learn some general guidelines on how to organize your form information to make it easier for users to understand. Second bonus: script automatic email(s) from a form that are much more useful for the recipient than name/value pairs.
This session is scheduled for Mon, Oct 23, from 3:00 PM to 4:00 PM.
TPR5: Custom Configurations: Unlock the Power of Apache
Steven B. Lewis, SUNY Brockport
Apache has been the most popular Web server since 1996. One reason is its incredible flexibility in solving problems. This session will explore different ways in which SUNY Brockport has used its Apache setup to solve various problems, including: * Authentication through e-mail without LDAP * Dynamic recoding of pages to solve several problems * Preview new SSI templates before rollout * Avoid capitalization issues on UNIX * Activate PHP, but not for everyone *Migrate to Apache except for ASP.
This session is scheduled for Mon, Oct 23, from 4:15 PM to 4:45 PM.
TPR6: Princeton's Apache Web Utility
John Wagner, Princeton University
You've just been told to provide Apache servers supporting varying combinations of Apache 1 and 2, with scripting done with PHP, PERL, and Python, and database access to MySQL and Oracle. You need to provide access control via PAM, LDAP, RSA and WebISO (pubcookie). The target user community is students, departments, internal administrative IT projects, and special requests. The skill levels of the clients will vary from none to highly sophisticated. To cut costs you need to provide multiple instances of the service on a single hardware platform while still maintaining security. Since this is not the primary job for the group doing support, you need to minimize the cost of maintenance. How do you meet the requirements and still have time to do your regular job?
Princeton has been developing a standardized Apache platform that does all of the above for both Solaris and Linux. Using standardized tools to provide cross-platform consistency, we support everything from a shared site available to the entire academic community to multiple, secure sites sharing the hardware resources of a single machine, all with the same code base.We provide supervisory interfaces for controlling Apache and MySQL servers on an entire server along with user interfaces that allow starting and stopping of site-related services by the site owner without requiring access beyond a standard user ID. The environment is designed to allow the server owners to run anything from a simple HTML page on up to a content management system while still allowing periodic updates of the basic infrastructure of their site.
The software is running on 16 servers, supporting 67 Web sites. The presentation will include a description of the overall architecture of our system, and discussion about the trade-offs involved in security and flexibility. And we'll end with a live demonstration of the administrative and user control functions we provide (which will include live creation and updating of a site).
This session is scheduled for Mon, Oct 23, from 5:00 PM to 5:30 PM.
TPR7: A Blueprint for Success: Standardizing Enterprise Web Application Architecture
Andrew Gianni, University at Buffalo
Diane Keddie, University at Buffalo
Building complex Web applications can be a daunting task, particularly when starting from scratch. Wouldn't it be nice if there were an easy-to-use framework that provided a standardized structure for your application's code? Don't you wish you could easily separate your application's interface, business rules, and data access, allowing developers to concentrate on just one of those areas without worrying about the others? What if you could rapidly prototype the screens and basic behaviors for your application without writing all of the complex code required to implement the business rules? Wouldn't you do this if the framework allowed you to develop an easily replicable process across the enterprise using community-supported open source tools? At SUNY Buffalo, we said yes, and this session will outline how we use a customized, open source toolkit for Web application development that has dramatically increased our flexibility, standardization, integration and ease of support for Web applications. The session will include: * A conceptual overview of the architecture * A brief tour of the internals of the toolkit * A case study of a recent development project * Lessons learned from the development of the architecture.
This session is scheduled for Tue, Oct 24, from 8:15 AM to 9:15 AM.
TPR8: Getting Started with WordPress Blogs
Stephanie Leary, Texas A&M University System
This is a live demonstration of WordPress installation and setup. The first half will cover the basics of installing the software, adding users, and installing themes and plugins. The second half will dig into the various user roles and how themes work. We'll demonstrate some common tasks like uploading photos or PDF files, managing comments, and adding widgets. We'll discuss how you might configure WordPress to handle different kinds of blogs: your press releases, a team's project updates, your CEO's blog, or an internal news clipping service.
This session is scheduled for Tue, Oct 24, from 9:45 AM to 10:45 AM.
TPR9: University Experts
Harish Chakravarthy, San Jose State University
The "University Experts" project maps data from disparate, authoritative data sources to create a university-level repository that showcases the campus brain trust. This project provides a proof-of-concept for using service-oriented architecture in a university setting, to integrate uncoordinated data sources.
This session is scheduled for Tue, Oct 24, from 11:00 AM to 12:00 PM.
TPR10: Polling and Feedback
Daniel M. Frommelt, University of Wisconsin-Platteville
Understanding your users can be a tricky business. The best way to find out what they think is to collect a little bit of information from them in an unobtrusive manner. Get your users opinions with a poll, all generated by a simple XML file. Create a small feedback form that will gather user's feedback on an individual page and store it in a XML file. The feedback XML file can be immediately viewed to generate an instant report using XSLT and CSS. Both polling and feedback are based on simple XML, AJAX, and Perl. See how simple it is to accumulate information about your site and see what your users "really" think about the site. Sample files will be made available for the participants to review.
This session is scheduled for Tue, Oct 24, from 1:30 PM to 2:30 PM.
TPR11: Vectors on The Web
Don Albrecht, University of Rochester Medical Center
For years we've been hearing about SVG as being a big deal, just around the corner. This session will provide a general introduction to SVG: how to use it effectively, how to deal with issues of browser support, and how to develop and deploy SVG in your apps. A simple SVG charting widget will be used to demonstrate this technology.
This session is scheduled for Tue, Oct 24, from 2:45 PM to 3:15 PM.
TPR12: Creating a Web-based Podcasting Interface for Eastern Illinois University Faculty and Staff
Daniel P. Harvey, Eastern Illinois University
Ryan Gibson, Eastern Illinois University
Podcasting by faculty and staff at EIU was facilitated by creating a Web interface to simplify the creation and maintenance of RSS feeds. Podcasters use Web forms to create and maintain RSS feeds and to upload or delete audio files. RSS feeds are dynamically generated from a MySQL database for each account. After the user is authenticated through an LDAP server, the FTP functions within PHP automatically upload audio files to the correct location. Next, the XML data necessary for the feed to actually function are generated. This process only requires the user to enter episode titles and descriptions. In addition to ease of use by end-users, the advantages of this set-up include: the elimination of fatal errors in generating usable RSS feeds, the integration of RSS and FTP functions into a single interface, and the ease of supporting a Web interface rather than several separate software tools. The future of this project includes collaborative podcasting and filtered podcast feeds. Collaborative podcasting will allow students to upload audio to a feed and interact with either a group or the entire class. Filtered podcast feeds will filter the XML data based on parameters set by the user. The feed will be dynamically generated by the database using a PHP script.
This session is scheduled for Tue, Oct 24, from 3:30 PM to 4:00 PM.
Copyright 2006 :: HighEdWeb :: Contact Webmaster