Messages posted by wilbur_t
[Logo]
ICEsoft.org Forums: ICEfaces, ICEmobile, ICEpdf
[Search] Search   [Recent Topics] Recent Topics   [Groups] Home Page | www.icesoft.org  [Login] Login 
Messages posted by: wilbur_t  XML
Profile for wilbur_t -> Messages posted by wilbur_t [39] Go to Page: Previous  1, 2, 3
Author Message
General Help -> Yipee! -> Go to message
You're welcome and thanks for the kudos!
General Help -> Menu Bar does only work after reload -> Go to message
Sorry for the delay. We'll take a look at this as soon as we get a moment.
General Help -> ICEFaces on Mobile Phones -> Go to message
Hi Stephan,

We are seeing customers using ICEfaces on mobile devices. One customer is using the Opera browser quite successfully with ICEfaces. Also see this post from Ted Goddard at ICEsoft: http://www.icefaces.org/JForum/posts/list/4640.page

Do you have any particular project in mind?

Wilbur
News & Announcements -> Introduction to ICEfaces Training Course: June 26 - 28, 2007 -> Go to message
The "Introduction to ICEfaces" training course is now available June 26 - 28 in San Clemente, California.

"Introduction to ICEfaces" is a highly interactive course that includes hands on application development. The first day of the course provides a brief background on JSF and a comprehensive overview of ICEfaces and its unique capabilities such as Ajax Push. The second day focuses on hands on development, familiarization with the ICEfaces Component Suite, and styling ICEfaces applications through CSS manipulation. Day 3 offers more in-dept training on application security and integration with third party technologies and tools.

The course is limited to 10 participants on a first-come-first-served basis. For more information or to register online go to http://www.icesoft.com/support/training-index.html. The cost is $1,200 per person with discounts for ICEsoft customers with ICEfaces support subscriptions.

If this date or location doesn't work for you and you would like to attend a public course please let me know as we're planning other dates and locations.

We also offer this course at your site. If you are interested in a private corporate training course please let me know. We will customize the content for your specific requirements.

Wilbur
General Help -> Request for information on public sites using ICEfaces -> Go to message
If you have or know of public facing sites using ICEfaces please post the URL via reply to this topic. There are a number of inquiries to ICEsoft for this information. Your assistance is greatly appreciated.

Thanks,
Wilbur
News & Announcements -> ICEfaces Training Course Now Available -> Go to message
We are pleased to announce our first public ICEfaces training course which will be held in Huntington Beach, California April 23 to 25, 2007.

"Introduction to ICEfaces" is a highly interactive course that includes hands on application development. The first day of the course provides a brief background on JSF and a comprehensive overview of ICEfaces and its unique capabilities such as Ajax Push. The second day focuses on hands on development, familiarization with the ICEfaces Component Suite, and styling ICEfaces applications through CSS manipulation. Day 3 offers more in-dept training on application security and integration with third party technologies and tools.

The course is limited to 10 participants on a first-come-first-served basis. For more information or to register online go to http://www.icesoft.com/support/training-index.html

If this date or location doesn't work for you and you would like to attend a public course please let me know as we're planning other dates and locations.

We also offer this course at your site. If you are interested in a private corporate training course please let me know. We will customize the content for your specific requirements.

Wilbur

General Help -> IceFaces without AJAX -> Go to message
Hi Stephane,

Thanks for your clarification. You can see I assumed "security concerns" when you mentioned risk! ;)

Here are three options for you to consider:

1) Scalability of a synchronous ICEfaces application will be comparable to a standard JSP application deployment. Partial submit introduces more server requests, but responses are typically small (ie: no full page refresh) so overall connection bandwidth requirements may be smaller than non-Ajax version. Also, clustered deployments of synchronous applications can be achieved using standard mechanisms. There is no custom configuration of the Asynchronous HTTP Server, as it is only required for push-style applications.

2) Use standard JSF for development. A pure JSF application can be deployed without Ajax, and the Ajax-enabled at a later date by including ICEfaces. There would be no need to port the application, but development would be restricted to using the standard JSF components.

3) Early on in ICEfaces development we had a mode of operation that turned off Ajax at the framework level. This mode is not currently supported, but could be resurrected if it was important to a key customer. There would definitely be some development required to achieve this mode of operation. There would also be some restrictions with regard to components like autocomplete that rely on Ajax features.

Let me know what would work best for you. We are keen to assist you with your project. Technical assistance will most likely fall either under a professional services engagement or a support agreement. We are open to suggestions from you on how to structure this to meet your requirements.

Wilbur
General Help -> IceFaces without AJAX -> Go to message
Stephane,

In response to your question I am providing specific information with regard to ICEfaces and security. If this doesn't address your concerns please provide further details on what specifically your concern is about AJAX and security. If you prefer you can send this confidentially through our support request form at http://www.icesoft.com/support/reqsupport.html.

The basic premise of web security is that the client is untrusted. Business logic implementation in Javascript breaks this premise. In general, whenever large amounts of JavaScript are dynamically loaded, security testability is compromised.

XMLHttpRequest does not necessarily increase the attack surface of an application but the problem is that an attack can take place invisibly to the user. There is also a tendency with many Ajax implementations to expose application APIs directly over the network via XMLHttpRequest.

ICEfaces is uniquely engineered to overcome these basic security issues by preserving the Web security model and building on Java and JSF security:

- There is no business logic on the client as the application model is server-centric.
- XMLHttpRequest performs standard form submit only.
- Small fixed-function Ajax Bridge is security testable.

ICEfaces is compatible with SSL - XMLHttpRequest connection is the same as base page SSL requests. ICEfaces has the ability to prevent cross-site scripting. JSF output is escaped by default, preventing injection of malicious JavaScript code. You are able to prevent unauthorized data mining. The application output is produced only by the user interface (ICEfaces exposes no data interfaces via Servlets). ICEfaces has the ability to prevent fake form submits. Form submits are processed by the JSF component tree only, limiting the "attack surface" to the user interface. You may also prevent SQL injection attacks. Java libraries such as Hibernate escape SQL input, preventing injection of malicious SQL.

Please let us know if this addresses your concerns.

Wilbur
General Help -> Support question -> Go to message
Jeff,

An incident is any request for support that is not related to a bug in the software.

Wilbur
 
Profile for wilbur_t -> Messages posted by wilbur_t [39] Go to Page: Previous  1, 2, 3
Go to:   
Powered by JForum 2.1.7ice © JForum Team