计算机毕设外文翻译

Talking about security loopholesRichard S. Kraus reference to the core network security business objective is to protect the sustainability of the system and data security, This two of the main threats come from the worm outbreaks, hacking attacks, denial of service attacks, Trojan horse. Worms, hacker attacks problems and loopholes closely linked to, if there is major security loopholes have emerged, the entire Internet will be faced with a major challenge. While traditional Trojan and little security loopholes, but recently many Trojan are clever use of the IE loophole let you browse the website at unknowingly were on the move.Security loopholes in the definition of a lot, I have here is a popular saying: can be used to stem the "thought" can not do, and are safety-related deficiencies. This shortcoming can be a matter of design, code realization of the problem.Different perspective of security loo phole sIn the classification of a specific procedure is safe from the many loopholes in classification.1. Classification from the user groups:● Public loopholes in the software category. If the loopholes in Windows, IEloophole, and so on.● specialized software loophole. If Oracle loopholes, Apach e, etc. loopholes.2. Data from the perspective include :● could not reasonably be read and read data, including the memory of thedata, documents the data, Users input data, the data in the database, network,data transmission and so on.● designa ted can be written into the designated places (including the localpaper, memory, databases, etc.)● Input data can be implemented (including native implementation,according to Shell code execution, by SQL code execution, etc.)3. From the point of view of the scope of the role are :● Remote loopholes, an attacker could use the network and directly throughthe loopholes in the attack. Such loopholes great harm, an attacker can createa loophole through other people's computers operate. Such loopholes and caneasily lead to worm attacks on Windows.● Local loopholes, the attacker must have the machine premise accesspermissions can be launched to attack the loopholes. Typical of the local authority to upgrade loopholes, loopholes in the Unix system are widespread, allow ordinary users to access the highest administrator privileges.4. Trigger conditions from the point of view can be divided into:● Initiative trigger loopholes, an attacker can take the initiative to use the loopholes in the attack, If direct access to computers.● Passive trigger loopholes must be computer operators can be carried out attacks with the use of the loophole. For example, the attacker made to a mail administrator, with a special jpg image files, if the administrator to open image files will lead to a picture of the software loophole was triggered, thereby system attacks, but if managers do not look at the pictures will not be affected by attacks.5. On an operational perspective can be divided into:● File opera tion type, mainly for the operation of the target file path can be controlled (e.g., parameters, configuration files, environment variables, the symbolic link HEC), this may lead to the following two questions: ◇Content can be written into control, the contents of the documents can be forged. Upgrading or authority to directly alter the important data (such as revising the deposit and lending data), this has many loopholes. If history Oracle TNS LOG document can be designated loopholes, could lead to any person may control the operation of the Oracle computer services;◇information content can be output Print content has been contained to a screen to record readable log files can be generated by the core users reading papers, Such loopholes in the history of the Unix system crontab subsystem seen many times, ordinary users can read the shadow ofprotected documents;● Memory coverage, mainly for memory modules can be specified, writecontent may designate such persons will be able to attack to enforce the code (buffer overflow, format string loopholes, PTrace loopholes, Windows 2000 history of the hardware debugging registers users can write loopholes), or directly alter the memory of secrets data.● logic errors, such wide gaps exist, but very few changes, so it is difficult todiscern, can be broken down as follows : ◇loopholes competitive conditions (usually for the design, typical of Ptrace loopholes, The existence of widespread document timing of competition) ◇wrong tactic, usually in design. If the history of the FreeBSD Smart IO loopholes. ◇Algorithm (usually code or design to achieve), If the history of Microsoft Windows 95/98 sharing password can easily access loopholes. ◇Imperfections of the design, such as TCP / IP protocol of the three-step handshake SYN FLOOD led to a denial of service attack. ◇realize the mistakes (usually no problem for the design, but the presence of coding logic wrong, If history betting system pseudo-random algorithm)● External orders, Typical of external commands can be controlled (via the PATH variable, SHELL importation of special characters, etc.) and SQL injection issues.6. From time series can be divided into:● has long found loopholes: manufacturers already issued a patch or repairmethods many people know already. Such loopholes are usually a lot of people have had to repair macro perspective harm rather small.● recently discovered loophole: manufacturers just made patch or repairmethods, the people still do not know more. Compared to greater danger loopholes, if the worm appeared fool or the use of procedures, so will result in a large number of systems have been attacked.● 0day: not open the loophole in the private transactions. Usually such loopholes to the public will not have any impact, but it will allow an attacker to the targetby aiming precision attacks, harm is very great.Different perspective on the use of the loopholesIf a defect should not be used to stem the "original" can not do what the (safety-related), one would not be called security vulnerability, security loopholes and gaps inevitably closely linked to use.Perspective use of the loopholes is:● Data Perspective: visit had not visited the data, including reading and writing.This is usually an attacker's core purpose, but can cause very serious disaster (such as banking data can be written).● Competence Perspective: Major Powers to bypass or p ermissions. Permissionsare usually in order to obtain the desired data manipulation capabilities.● Usability perspective: access to certain services on the system of controlauthority, this may lead to some important services to stop attacks and lead to a denial of service attack.● Authentication bypass: usually use certification system and the loopholes willnot authorize to access. Authentication is usually bypassed for permissions or direct data access services.● Code execution perspective: mainly procedures for the importation of thecontents as to implement the code, obtain remote system access permissions or local system of higher authority. This angle is SQL injection, memory type games pointer loopholes (buffer overflow, format string, Plastic overflow etc.), the main driving. This angle is usually bypassing the authentication system, permissions, and data preparation for the reading.Loopholes explore methods mustFirst remove security vulnerabilities in software BUG in a subset, all software testing tools have security loopholes to explore practical. Now that the "hackers" used to explore the various loopholes that there are means available to the model are:● fuzz testing (black box testing), by constructing procedures may lead toproblems of structural input data for automatic testing.● FOSS audit (White Box), now have a series of tools that can assist in thedetection of the safety procedures BUG. The most simple is your hands the latest version of the C language compiler.● IDA anti-compilation of the audit (gray box testing), and above the sourceaudit are very similar. The only difference is that many times you can obtain software, but you can not get to the source code audit, But IDA is a very powerful anti-Series platform, let you based on the code (the source code is in fact equivalent) conducted a safety audit.● dynamic tracking, is the record of proceedings under different conditions andthe implementation of all security issues related to the operation (such as file operations), then sequence analysis of these operations if there are problems, it is competitive category loopholes found one of the major ways. Other tracking tainted spread also belongs to this category.● patch, the software manufacturers out of the question usually addressed in thepatch. By comparing the patch before and after the source document (or the anti-coding) to be aware of the specific details of loopholes.More tools with which both relate to a crucial point: Artificial need to find a comprehensive analysis of the flow path coverage. Analysis methods varied analysis and design documents, source code analysis, analysis of the anti-code compilation, dynamic debugging procedures.Grading loopholesloopholes in the inspection harm should close the loopholes and the use of the hazards related Often people are not aware of all the Buffer Overflow Vulnerability loopholes are high-risk. A long-distance loophole example and better delineation:●R emote access can be an OS, application procedures, version information.●open unnecessary or dangerous in the service, remote access to sensitiveinformation systems.● Remote can be restricted for the documents, data reading.●remotely important or res tricted documents, data reading.● may be limited for long-range document, data revisions.● Remote can be restricted for important documents, data changes.● Remote can be conducted without limitation in the important documents, datachanges, or for general service denial of service attacks.● Remotely as a normal user or executing orders for system and network-leveldenial of service attacks.● may be remote management of user identities to the enforcement of the order(limited, it is not easy to use).● can be remote management of user identities to the enforcement of the order(not restricted, accessible).Almost all local loopholes lead to code execution, classified above the 10 points system for:●initiative remote trigger code execution (such a s IE loophole).● passive trigger remote code execution (such as Word gaps / charting softwareloopholes).DEMOa firewall segregation (peacekeeping operation only allows the Department of visits) networks were operating a Unix server; operating systems only root users and users may oracle landing operating system running Apache (nobody authority), Oracle (oracle user rights) services.An attacker's purpose is to amend the Oracle database table billing data. Its possible attacks steps:● 1. Access pea cekeeping operation of the network. Access to a peacekeepingoperation of the IP address in order to visit through the firewall to protect the UNIX server.● 2. Apache services using a Remote Buffer Overflow Vulnerability direct accessto a nobody's competence hell visit.● 3. Using a certain operating system suid procedure of the loophole to upgradetheir competence to root privileges.● 4. Oracle sysdba landing into the database (local landing without a password).● 5. Revised target table data.Over five down for process analysis:●Step 1: Authentication bypass●Step 2: Remote loopholes code execution (native), Authentication bypassing ● Step 3: permissions, authentication bypass● Step 4: Authentication bypass● Step 5: write data安全漏洞杂谈Richard S. Kraus 网络安全的核心目标是保障业务系统的可持续性和数据的安全性，而这两点的主要威胁来自于蠕虫的暴发、黑客的攻击、拒绝服务攻击、木马。

外文文献原文THE TECHNIQUE DEVELOPMENT HISTORY OF JSPThe Java Server Pages( JSP) is a kind of according to web of the script plait distance technique, similar carries the script language of Java in the server of the Netscape company of server- side JavaScript( SSJS) and the Active Server Pages(ASP) of the Microsoft. JSP compares the SSJS and ASP to have better can expand sex, and it is no more exclusive than any factory or some one particular server of Web. Though the norm of JSP is to be draw up by the Sun company of, any factory can carry out the JSP on own system.The After Sun release the JSP( the Java Server Pages) formally, the this kind of new Web application development technique very quickly caused the people's concern. JSP provided a special development environment for the Web application that establishes the high dynamic state. According to the Sun parlance, the JSP can adapt to include the Apache WebServer, IIS4.0 on the market at inside of 85% server product.This chapter will introduce the related knowledge of JSP and Databases, and JavaBean related contents, is all certainly rougher introduction among them basic contents, say perhaps to is a Guide only, if the reader needs the more detailed information, pleasing the book of consult the homologous JSP.1.1 GENERALIZEThe JSP(Java Server Pages) is from the company of Sun Microsystems initiate, the many companies the participate to the build up the together of the a kind the of dynamic the state web the page technique standard, the it have the it in the construction the of the dynamic state the web page the strong but the do not the especially of the function. JSP and the technique of ASP of the Microsoft is very alike. Both all provide the ability that mixes with a certain procedure code and is explain by the language engine to carry out the procedure code in the code of HTML. Underneath we are simple of carry on the introduction to it.JSP pages are translated into servlets. So, fundamentally, any task JSP pages can perform could also be accomplished by servlets. However, this underlying equivalence does not mean that servlets and JSP pages are equally appropriate in all scenarios. The issue is not the power of the technology, it is the convenience, productivity, and maintainability of one or the other. After all, anything you can do on a particular computer platform in the Java programming language you could also do in assembly language. But it still matters which you choose.JSP provides the following benefits over servlets alone:• It is easier to write and maintain the HTML. Your static code is ordinary HTML: no extra backslashes, no double quotes, and no lurking Java syntax.• You can use standard Web-site development tools. Even HTML tools that know nothing about JSP can be used because they simply ignore the JSP tags.• You can divide up your development team. The Java programmers can work on the dynamic code. The Web developers can concentrate on the presentation layer. On large projects, this division is very important. Depending on the size of your team and the complexity of your project, you can enforce a weaker or stronger separation between the static HTML and the dynamic content.Now, this discussion is not to say that you should stop using servlets and use only JSP instead. By no means. Almost all projects will use both. For some requests in your project, you will use servlets. For others, you will use JSP. For still others, you will combine them with the MVC architecture . You want the appropriate tool for the job, and servlets, by themselves, do not complete your toolkit.1.2 SOURCE OF JSPThe technique of JSP of the company of Sun, making the page of Web develop the personnel can use the HTML perhaps marking of XML to design to turn the end page with format. Use the perhaps small script future life of marking of JSP becomes the dynamic state on the page contents.( the contents changes according to the claim of)The Java Servlet is a technical foundation of JSP, and the large Web applies the development of the procedure to need the Java Servlet to match with with the JSP and then can complete, this name of Servlet comes from the Applet, the local translation method of now is a lot of, this book in order not to misconstruction, decide the direct adoption Servlet but don't do any translation, if reader would like to, can call it as" small service procedure". The Servlet is similar to traditional CGI, ISAPI, NSAPI etc. Web procedure development the function of the tool in fact, at use the Java Servlet hereafter, the customer need not use again the lowly method of CGI of efficiency, also need not use only the ability come to born page of Web of dynamic state in the method of API that a certain fixed Web server terrace circulate. Many servers of Web all support the Servlet, even not support the Servlet server of Web directly and can also pass the additional applied server and the mold pieces to support the Servlet. Receive benefit in the characteristic of the Java cross-platform, the Servlet is also a terrace irrelevant, actually, as long as match the norm of Java Servlet, the Servlet is complete to have nothing to do with terrace and is to have nothing to do with server of Web. Because the Java Servlet is internal to provide the service by the line distance, need not start a progress to the each claimses, and make use of the multi-threadingmechanism can at the same time for several claim service, therefore the efficiency of Java Servlet is very high.But the Java Servlet also is not to has no weakness, similar to traditional CGI, ISAPI, the NSAPI method, the Java Servlet is to make use of to output the HTML language sentence to carry out the dynamic state web page of, if develop the whole website with the Java Servlet, the integration process of the dynamic state part and the static state page is an evil-foreboding dream simply. For solving this kind of weakness of the Java Servlet, the SUN released the JSP.A number of years ago, Marty was invited to attend a small 20-person industry roundtable discussion on software technology. Sitting in the seat next to Marty was James Gosling, inventor of the Java programming language. Sitting several seats away was a high-level manager from a very large software company in Redmond, Washington. During the discussion, the moderator brought up the subject of Jini, which at that time was a new Java technology. The moderator asked the manager what he thought of it, and the manager responded that it was too early to tell, but that it seemed to be an excellent idea. He went on to say that they would keep an eye on it, and if it seemed to be catching on, they would follow his company's usual "embrace and extend" strategy. At this point, Gosling lightheartedly interjected "You mean disgrace and distend."Now, the grievance that Gosling was airing was that he felt that this company would take technology from other companies and suborn it for their own purposes. But guess what? The shoe is on the other foot here. The Java community did not invent the idea of designing pages as a mixture of static HTML and dynamic code marked with special tags. For example, Cold Fusion did it years earlier. Even ASP (a product from the very software company of the aforementioned manager) popularized this approach before JSP came along and decided to jump on the bandwagon. In fact, JSP not only adopted the general idea, it even used many of the same special tags as ASP did.The JSP is an establishment at the model of Java servlets on of the expression layer technique, it makes the plait write the HTML to become more simple.Be like the SSJS, it also allows you carry the static state HTML contents and servers the script mix to put together the born dynamic state exportation. JSP the script language that the Java is the tacit approval, however, be like the ASP and can use other languages( such as JavaScript and VBScript), the norm of JSP also allows to use other languages.1.3 JSP CHARACTERISTICSIs a service according to the script language in some one language of the statures system this kind of discuss, the JSP should be see make is a kind of script language.However, be a kind of script language, the JSP seemed to be too strong again, almost can use all Javas in the JSP.Be a kind of according to text originally of, take manifestation as the central development technique, the JSP provided all advantages of the Java Servlet, and, when combine with a JavaBeans together, providing a kind of make contents and manifestation that simple way that logic separate. Separate the contents and advantage of logical manifestations is, the personnel who renews the page external appearance need not know the code of Java, and renew the JavaBeans personnel also need not be design the web page of expert in hand, can use to take the page of JavaBeans JSP to define the template of Web, to build up a from have the alike external appearance of the website that page constitute. JavaBeans completes the data to provide, having no code of Java in the template thus, this means that these templates can be written the personnel by a HTML plait to support. Certainly, can also make use of the Java Servlet to control the logic of the website, adjust through the Java Servlet to use the way of the document of JSP to separate website of logic and contents.Generally speaking, in actual engine of JSP, the page of JSP is the edit and translate type while carry out, not explain the type of. Explain the dynamic state web page development tool of the type, such as ASP, PHP3 etc., because speed etc. reason, have already can't satisfy current the large electronic commerce needs appliedly, traditional development techniques are all at to edit and translate the executive way change, such as the ASP → ASP+;PHP3 → PHP4.In the JSP norm book, did not request the procedure in the JSP code part( be called the Scriptlet) and must write with the Java definitely. Actually, have some engines of JSP are adoptive other script languages such as the EMAC- Script, etc., but actually this a few script languages also are to set up on the Java, edit and translate for the Servlet to carry out of. Write according to the norm of JSP, have no Scriptlet of relation with Java also is can of, however, mainly lie in the ability and JavaBeans, the Enterprise JavaBeanses because of the JSP strong function to work together, so even is the Scriptlet part not to use the Java, edit and translate of performance code also should is related with Java.1.4 JSP MECHANISMTo comprehend the JSP how unite the technical advantage that above various speak of, come to carry out various result easily, the customer must understand the differentiation of" the module develops for the web page of the center" and" the page develops for the web page of the center" first.The SSJS and ASP are all in several year ago to release, the network of that time is still very young, no one knows to still have in addition to making all business, datas and the expression logic enter the original web page entirely heap what better solvethe method. This kind of model that take page as the center studies and gets the very fast development easily. However, along with change of time, the people know that this kind of method is unwell in set up large, the Web that can upgrade applies the procedure. The expression logic write in the script environment was lock in the page, only passing to shear to slice and glue to stick then can drive heavy use. Express the logic to usually mix together with business and the data logics, when this makes be the procedure member to try to change an external appearance that applies the procedure but do not want to break with its llied business logic, apply the procedure of maintenance be like to walk the similar difficulty on the eggshell. In fact in the business enterprise, heavy use the application of the module already through very mature, no one would like to rewrite those logics for their applied procedure.HTML and sketch the designer handed over to the implement work of their design the Web plait the one who write, make they have to double work-Usually is the handicraft plait to write, because have no fit tool and can carry the script and the HTML contents knot to the server to put together. Chien but speech, apply the complexity of the procedure along with the Web to promote continuously, the development method that take page as the center limits sex to become to get up obviously.At the same time, the people always at look for the better method of build up the Web application procedure, the module spreads in customer's machine/ server the realm. JavaBeans and ActiveX were published the company to expand to apply the procedure developer for Java and Windows to use to come to develop the complicated procedure quickly by" the fast application procedure development"( RAD) tool. These techniques make the expert in the some realm be able to write the module for the perpendicular application plait in the skill area, but the developer can go fetch the usage directly but need not control the expertise of this realm.Be a kind of take module as the central development terrace, the JSP appeared. It with the JavaBeans and Enterprise JavaBeans( EJB) module includes the model of the business and the data logic for foundation, provide a great deal of label and a script terraces to use to come to show in the HTML page from the contents of JavaBeans creation or send a present in return. Because of the property that regards the module as the center of the JSP, it can drive Java and not the developer of Java uses equally. Not the developer of Java can pass the JSP label( Tags) to use the JavaBeans that the deluxe developer of Java establish. The developer of Java not only can establish and use the JavaBeans, but also can use the language of Java to come to control more accurately in the JSP page according to the expression logic of the first floor JavaBeans.See now how JSP is handle claim of HTTP. In basic claim model, a claimdirectly was send to JSP page in. The code of JSP controls to carry on hour of the logic processing and module of JavaBeanses' hand over with each other, and the manifestation result in dynamic state bornly, mixing with the HTML page of the static state HTML code. The Beans can be JavaBeans or module of EJBs. Moreover, the more complicated claim model can see make from is request other JSP pages of the page call sign or Java Servlets.The engine of JSP wants to chase the code of Java that the label of JSP, code of Java in the JSP page even all converts into the big piece together with the static state HTML contents actually. These codes piece was organized the Java Servlet that customer can not see to go to by the engine of JSP, then the Servlet edits and translate them automatically byte code of Java.Thus, the visitant that is the website requests a JSP page, under the condition of it is not knowing, an already born, the Servlet actual full general that prepared to edit and translate completes all works, very concealment but again and efficiently. The Servlet is to edit and translate of, so the code of JSP in the web page does not need when the every time requests that page is explain. The engine of JSP need to be edit and translate after Servlet the code end is modify only once, then this Servlet that editted and translate can be carry out. The in view of the fact JSP engine auto is born to edit and translate the Servlet also, need not procedure member begins to edit and translate the code, so the JSP can bring vivid sex that function and fast developments need that you are efficiently.Compared with the traditional CGI, the JSP has the equal advantage. First, on the speed, the traditional procedure of CGI needs to use the standard importation of the system to output the equipments to carry out the dynamic state web page born, but the JSP is direct is mutually the connection with server. And say for the CGI, each interview needs to add to add a progress to handle, the progress build up and destroy by burning constantly and will be a not small burden for calculator of be the server of Web. The next in order, the JSP is specialized to develop but design for the Web of, its purpose is for building up according to the Web applied procedure, included the norm and the tool of a the whole set. Use the technique of JSP can combine a lot of JSP pages to become a Web application procedure very expediently.JSP six built-in objectsrequest for:The object of the package of information submitted by users, by calling the object corresponding way to access the information package, namely the use of the target users can access the information.response object:The customer's request dynamic response to the client sent the data.session object1. What is the session: session object is a built-in objects JSP, it in the first JSP pages loaded automatically create, complete the conversation of management.From a customer to open a browser and connect to the server, to close the browser, leaving the end of this server, known as a conversation.When a customer visits a server, the server may be a few pages link between repeatedly, repeatedly refresh a page, the server should bethrough some kind of way to know this is the same client, which requires session object.2. session object ID: When a customer's first visit to a server on the JSP pages, JSP engines produce a session object, and assigned aString type of ID number, JSP engine at the same time, the ID number sent to the client, stored in Cookie, this session objects, and customers on the establishment of a one-to-one relationship. When a customer to connect to the server of the other pages, customers no longer allocated to the new session object, until, close your browser, the client-server object to cancel the session, and the conversation, and customer relationship disappeared. When a customer re-open the browser to connect to the server, the server for the customer to create a new session object.aplication target1. What is the application:Servers have launched after the application object, when a customer to visit the site between the various pages here, this application objects are the same, until the server is down. But with the session difference is that all customers of the application objects are the same, that is, all customers share this built-in application objects.2. application objects commonly used methods:(1) public void setAttribute (String key, Object obj): Object specified parameters will be the object obj added to the application object, and to add the subject of the designation of a keyword index.(2) public Object getAttribute (String key): access to application objects containing keywords for.out targetsout as a target output flow, used to client output data. out targets for the output data.Cookie1. What is Cookie:Cookie is stored in Web server on the user's hard drive section of the text. Cookie allow a Web site on the user's computer to store information on and then get back to it.For example, a Web site may be generated for each visitor a unique ID, and then to Cookie in the form of documents stored in each user's machine.If you use IE browser to visit Web, you will see all stored on your hard drive on the Cookie. They are most often stored in places: c: \ windows \ cookies (in Window2000 is in the C: \ Documents and Settings \ your user name \ Cookies).Cookie is "keyword key = value value" to preserve the format of the record.2. Targets the creation of a Cookie, Cookie object called the constructor can create a Cookie. Cookie object constructor has two string .parameters: Cookie Cookie name and value.Cookie c = new Cookie ( "username", "john");3. If the JSP in the package good Cookie object to send to the client, the use of the response addCookie () method.Format: response.addCookie (c)4. Save to read the client's Cookie, the use of the object request getCookies () method will be implemented in all client came to an array of Cookie objects in the form of order, to meet the need to remove the Cookie object, it is necessary to compare an array cycle Each target keywords.JSP的技术发展历史Java Server Pages(JSP)是一种基于web的脚本编程技术，类似于网景公司的服务器端Java脚本语言—— server-side JavaScript(SSJS)和微软的Active Server Pages(ASP)。

本文摘自《计算机英语》（第二版）机械工业出版社出版的第五单元Unit 5 Software DevelopmentSection AComputer Program1>IntroductionA computer program is a set of instructions that directs a computer to perform some processing function or combination of functions. For the instructions to be carried out ,a computer must execute a program , that is , the computer reads the program , and then follows the steps encoded in the program in a precise order until completion . A program can be executed many different times , with each execution yielding a potentially different result depending upon the options and data that the user gives the computer .Programs fall into two major classes : application programs and operating systems . An application program is one that carries out some function directly for a user , such as word processing or game playing . An operating system is program that manages the computer and the various resources and devices connected to it , such as RAM ( random access memory ) , hard drives , monitors , keyboards , printers , and modems , so that they may be used by other programs . Examples of operating systems are DOS , Windows 95 , OS/2 , and UNIX.2>Program DevelopmentSoftware designers create new programs by using special applications programs , often called utility programs or development programs . A programmer uses another type of program called a text editor to write the new program in a special notation called a programmer creates a text file , which is an ordered list of instructions , also called the program source file . The individual instructions that make up the program source file are calledsource code . At this point , a special applications program translates the source code into machine language , or object code---a format that the operating system will recognize as a proper program and be able to execute .Three types of applications programs translate from source code to object code : compilers , interpreters , and assemblers . The three operate differently and on different types of programming languages , but they serve the same purpose of translating from a programming language into machine language .A compiler translates text files written in a high-level programming language---such as FORTRAN , C, or Pascal---from the source code to the object code all at once . This differs from the approach taken by interpreted languages such as BASIC , in which a program is translated into object code statement by statement as each instruction is executed . The advantage to interpreted languages is that they can begin executing the program immediately instead of having to wait for all of the source code to be compiled . Changes can also be made to the program fairly quickly without having to wait for it to be compiled again . The disadvantage of interpreted languages is that they are slow to execute , since the entire program must be translated one instruction at a time , each time the program is run . On the other hand , compiled languages are compiled only once and thus can be executed by the computer much more quickly than interpreted languages . For this reason , compiled languages are more common and are almost always used in professional and scientific applications .Another type of translator is the assembler , which is used for programs or parts of programs written in assembly language . Assembly language is another programming language , but it is much more similar to machine language than other types of high-level languages . In assembly language , a single statement can usually be translated into a single instruction ofmachine language . Today , assembly language is rarely used to write an entire program , but is instead most often used when the programmer needs to directly control some aspect of the computer’s function .Programs are often written as a set of smaller pieces , with each piece representing some aspect of the overall application program . After each piece has been compiled separately , a program called a linker combines all of the translated pieces into a single executable program .Programs seldom work correctly the first time , so a program callec a debugger is often used to help find problems called bugs . Debugging programs usually detect an event in the executing program and point the programmer back to the origin of the event in the program code .Recent programming systems , such as Java , use a combination of approaches to create and execute programs . A compiler takes a Java source program and translates it into an intermediate form . Such intermediate programs are then transferred over the Internet into computers where an interpreter program then executes the intermediate form as an application program .3>Program ElementsMost programs are built from just a few kinds of steps that are repeated many times in different contexts and in different combinations throughout the program . The most common step performs some computation , and then proceeds to the next step in the program , in the order specified by the programmer .Programs often need to repeat a short series of steps many times , for instance in looking through a list of game scores and finding the highest score . Such repetitive sequences of code are called loops .One of the capabilities that make computers so useful is their ability to make conditional decisions and perform different instructions based on the values of data being processed . IF-then-else statements implement this function by testing some piece of data and then selecting one of twosequences of instructions on the basis of the result . One of the instructions in these alternatives may be a goto statement that directs the computer to select its next instruction from a different part of the program . For example , a program might compare two numbers and branch to a different part of the program depending on the result of the comparision: Programs often use a specific sequence of steps more than once . Such a sequence of steps can be grouped together into a subroutine , which can then be called , or accdssed , as needed in different parts of the main program . Each time a subroutine is called , the computer remembers where it was in the program when the call was made , so that it can return there upon completion of the subroutine . Preceding each call , a program can specify that different data be used by the subroutine , allowing a very general piece of code to be written once and used in multiple ways .Most programs use several varieties of subroutines . The most common of these are functions , procedures , library routines , system routines , and device drivers . Functions are short subroutines that compute some value , such as computations of angles , which the computer cannot compute with a single basic instruction . Procedures perform a more complex function , such as sorting a set of names . Library routines are subroutines that are written for use by many different programs . System routines are similar to library routines but are actually found in the operating system . They provide some service for the application programs , such as printing a line of text . Device drivers are system routines that are added to an operating system to allow the computer to communicate with a new device , such as a scanner , modem , or printer . Device drivers often have features that can be executed directly as applications programs . This allows the user to directly control the device , which is useful if , for instance , a color printer needs to be realigned to attain the best printing quality after changing an ink cartridge .4>Program FunctionModern computers ususlly store programs on some form of magnetic storage media that can be accessed randomly by the computer , such as the hard drive disk permanently located in the computer , or a portable floppy disk . Additional information on such disks , called directories , indicates the names of the various programs on the disk , when they were written to the disk , and where the program begins on the disk media . When a user directs the computer to execute a particular application program , the operating system looks through these directories , locates the program , and reads a copy into RAM . The operating system then directs the CPU ( central processing unit ) to start executing the instructions at the beginning of the program . Instructions at the beginning of the program prepare the computer to process information by locating free memory locations in RAM to hold working data , retrieving copies of the standard options and defaults the user has indicated from a disk , and drawing initial displays on the monitor .The application program requests a copy of any information the user enters by making a call to a system routine . The operating system converts any data so entered into a standard internal form . The application then uses this information to decide what to do next---for example , perform some desired processing function such as reformatting a page of text , or obtain some additional information from another file on a disk . In either case , calls to other system routines are used to actually carry out the display of the results or the accessing of the file from the disk .When the application reaches completion or is prompted to quit , it makes further system calls to make sure that all data that needs to be saved has been written back to disk . It then makes a final system call to the operating system indicating that it is finished . The operating system then frees up the RAM and any devices that the application was using and awaits a command from the user to start another program .5>HistoryPeople have been storing sequences of instructions in the form of a program for several centuries . Music boxes of the 18th century and player pianos of the late 19th and early 20th centuries played musical programs stored as series of metal pins , or holes in paper , with each line ( of pins or holes ) representing when a note was to be played , and the pin or hole indicating what note was to be played at that time . More elaborate control of physical devices became common in the early 1800s with French inventor Joseph Marie Jacquard’s invention of the punch-card controlled weaving loom . In the process of weaving a particular pattern , various parts of the loom had to be mechanically positioned . To automate this process , Jacquard used a single paper card to represent each positioning of the loom , with holes in the card to indicate which loom actions should be done . An entire tapestry could be encoded onto a deck of such cards , with the same deck yielding the same tapestry design each time it was used . Programs of over 24000 cards were developed and used .The world’s first programmable machine was designed---although never fully built---by the English mathematician and inventor , Charles Babbage . This machine , called the Analytical Engine , used punch cards similar to those used in the Jacquard loom to select the specific arithmetic operation to apply at each step . Inserting a different set of cards changed the computations the machine performed . This machine had counterparts for almost everything found in modern computers , although it was mechanical rather than electrical . Construction of the Analutical Engine was never completed because the technology required to build it did not exist at the time .The first card deck programs for the Analutical Engine were developed by British mathemstician Augusta Ada Byron , daughter of the poet Lord Byron . For this reason she is recognized as the world’s first programmer .The modern concept of an internally stored computer program was first proposed by Hungarian-American mathematician John von Neumann in1945 . V on Neumann’s idea was to use the computer’s memory to store th e program as well as the data . In this way , programs can be viewed as data and can be processed like data by other programs . This idea greatly simplifies the role of program storage and execution in computers .6>The FutureThe field of computer science has grown rapidly since the 1950s due to the increase in their use . Computer programs have undergone many changes during this time in response to user need and advances in technology . Newer ideas in computing such as parallel computing , distributed computing , and artificial intelligence , have radically altered the traditional concepts that once determined program form and function .Computer scientists working in the field of patallel computing , in which multiple CPUs cooperate on the same problem at the same time , have introduced a number of new program models . In parallel computing parts of a problem are worked on simultaneously by different processors , and this speeds up the solution of the problem . Many challenges face scientists and engineers who design programs for parallel processing computers , because of the extreme complexity of the systems and the difficulty involved in making them operate as effectively as possible . Another type of parallel computing called distributed computing uses CPUs from many interconnected computers to solve problems , Often the computers used to process information in a distributed computing application are connected over the Internet . Internet applications are becoming a particularly useful form of distributed computing , especially with programming languages such as Java . In such applications , a user logs on to a Web site and downloads a Java program onto their computer . When the Java program is run , it communicate with other programs at its home Web site , and may also communicate with other programs running on different computers or Web sites .Research into artificial intelligence ( AI ) has led to several other newstyles of programming . Logic programs , for example , do not consist of individual instructions for the computer to follow blindly , but instead consist of sets of rules : if x happens then do y . A special program called an inference engine uses these rules to “ reason” its way to a conclusion when presented with a new problem . Applications of logic programs include automatic monitoring of complex systems , and proving mathematical theorems .A radically different approach to computing in which there is no program in the conventional sense is called a neural network . A neural network is a group of highly interconnected simple processing elements , disigned to music the brain . Instead of having a program direct the information processing in the way that a traditional computer does , a neural network processes information depending upon the way that its processing elements are connected . Programming a neural network is accomplished by presenting it with known patterns of input data and adjusting the relative importance of the interconnections between the processing elements until the desired pattern matching is accomplished . Neural networks are usually simulated on traditional computers , but unlike traditional computer programs , neural networks are able to learn from their experience .译文部分如下：计算机程序1.引言一个计算机程序是一系列的指示说明用来指挥电脑的进程功能或者排列组合功能。

本科毕业设计(论文) 外文翻译（附外文原文）系 ( 院 )：信息科学与工程学院课题名称：学生信息管理系统专业(方向)：计算机科学与技术（应用）7.1 Enter ActionMappingsThe Model 2 architecture (see chapter 1) encourages us to use servlets and Java- Server Pages in the same application. Under Model 2, we start by calling a servlet.The servlet handles the business logic and directs control to the appropriate pageto complete the response.The web application deployment descriptor (web.xml) lets us map a URL patternto a servlet. This can be a general pattern, like *.do, or a specific path, like saveRecord.do.Some applications implement Model 2 by mapping a servlet to each business operation. This approach works, but many applications involve dozens or hundredsof business operations. Since servlets are multithreaded, instantiating so manyservlets is not the best use of server resources. Servlets are designed to handle anynumber of parallel requests. There is no performance benefit in simply creatingmore and more servlets.The servlet’s primary job is to interact with the container and HTTP. Handlinga business operation is something that a servlet could delegate to another component. Struts does this by having the ActionServlet delegate the business operationto an object. Using a servlet to receive a request and route it to a handler is knownas the Front Controller pattern [Go3].Of course, simply delegating the business operation to another componentdoes not solve the problem of mapping URIs [W3C, URI] to business operations.Our only way of communicating with a web browser is through HTTP requests and URIs. Arranging for a URI to trigger a business operation is an essential part of developing a web application.Meanwhile, in practice many business operations are handled in similar ways.Since Java is multithreaded, we could get better use of our server resources if wecould use the same Action object to handle similar operations. But for this towork, we might need to pass the object a set of configuration parameters to usewith each operation.So what’s the bottom line? To implement Model 2 in an efficient and flexibleway, we need to:Enter ActionMappings 195♉ Route requests for our business operations to a single servlet♉ Determine which business operation is related to the request♉ Load a multithreaded helper object to handle the business operation♉ Pass the helper object the specifics of each request along with any configuration detail used by this operationThis is where ActionMappings come in.7.1.1 The ActionMapping beanAn ActionMapping (org.apache.struts.action.ActionMapping) describes howthe framework handles each discrete business operation (or action). In Struts,each ActionMapping is associated with a specific URI through its path property. When a request comes in, the ActionServlet uses the path property to select the corresponding ActionMapping. The set of ActionMapping objects is kept in an ActionMappings collection (org.apache.struts.action.ActionMappings). Originally, the ActionMapping object was used to extend the Action objectrather than the Action class. When used with an Action, a mapping gives a specific Action object additional responsibilities and new functionality. So, it was essentiallyan Action decorator [Go4]. Along the way, the ActionMapping evolved into anobject in its own right and can be used with or without an Action.DEFINITION The intent of the decorator pattern is to attach additional responsibilities to an object dynamically. Decorators provide a flexible alternative to subclassingfor extending functionality [Go4].The ActionMappings are usually created through the Struts configuration file.For more about this file, see chapter 4.7.1.2 The ActionMappings catalogThe ActionMappings catalog the business logic available to a Struts application.When a request comes in, the servlet finds its entry in the ActionMappings catalogand pulls the corresponding bean.The ActionServlet uses the ActionMapping bean to decide what to do next. Itmay need to forward control off to another resource. Or it may need to populateand validate an ActionForm bean. At some point, it may have to pass control to an Action object, and when the Action returns, it may have to look up an Action-Forward associated with this mapping.196 CHAPTER 7Designing with ActionMappingsThe ActionMapping works like a routing slip for the servlet. Depending onhow the mapping is filled out, the request could go just about anywhere.The ActionMappings represent the core design of a Struts application. If youwant to figure out how a Struts application works, start with the ActionMappings. Ifyou want to figure out how to write a new Struts application, start with the Action- Mappings. The mappings are at the absolute center of every Struts application.In this chapter, we take a close look at the ActionMapping properties andexplore how they help you design the flow of a Struts application.1.0 vs 1.1 In Struts 1.1, ActionMapping subclasses ActionConfig (org.apache. struts.config.ActionConfig) and adds API methods required forbackward compatibility. ActionMapping is not deprecated, and how thehierarchy will be handled in future releases has not been determined.For now, we refer to the ActionMapping class, but you should note thatin Struts 1.1 all of the action properties are actually defined by the ActionConfigsuper class. The ActionMapping class otherwise works thesame way in both versions.7.2 ActionMapping propertiesTable 7.1 describes the base ActionMapping properties. As with other configuration components, developers may extend ActionMapping to provide additionalproperties.Table 7.1 The base ActionMapping propertiesProperty Descriptionpath The URI path from the request used to select this mapping. (API command) forward The context-relative path of the resource that should serve this request via a forward.Exactly one of the forward, include, or type properties must be specified.orinclude The context-relative path of the resource that should serve this request via aninclude. Exactly one of the forward, include, or type properties must be specified.ortype Optionally specifies a subclass oforg.apache.struts.action.ActionMappingthat should be used when instantiating this mapping.className The fully qualified name of the Action class used by this mapping. SinceStruts 1.1ActionMapping properties 197In the sections that follow, we take a look at each of these properties.7.2.1 The path propertyThe ActionMapping URI, or path, will look to the user like just another file onthe web server. But it does not represent a file. It is a virtual reference to our ActionMapping.Because it is exposed to other systems, the path is not really a logical name, likethose we use with ActionForward. The path can include slashes and an extension—as if it referred to a file system—but they are all just part of a single name.The ActionMappings themselves are a “flat” namespace with no type of internalhierarchy whatsoever. They just happen to use the same characters that we areused to seeing in hierarchical file systems.name The name of the form bean, if any, associated with this action. This is not the classname. It is the logical name used in the form bean configuration.roles The list of security roles that may access this mapping.scope The identifier of the scope (request or session) within which the form bean, if any,associated with this mapping will be created.validate Set to true if the validate method of the form bean (if any) associated with thismapping should be called.input Context-relative path of the input form to which control should be returned ifa validationerror is encountered. This can be any URI: HTML, JSP, VM, or another Action- Mapping.parameter General-purpose configuration parameter that can be used to pass extra informationto the Action selected by this ActionMapping.attribute Name of the request-scope or session-scope attribute under which our form bean isaccessed, if it is other than the bean's specified name.prefix Prefix used to match request parameter names to form bean property names, if any.suffix Suffix used to match request parameter names when populating the properties ofour ActionForm bean, if any.unknown Can be set to true if this mapping should be configured as the default for this application(to handle all requests not handled by another mapping). Only one mappingcan be defined as the default unknown mapping within an application.forwards(s) Block of ActionForwards for this mapping to use, if any.exception(s) Block of ExceptionHandlers for this mapping to use, if any.Table 7.1 The base ActionMapping properties (continued)Property DescriptionSinceStruts 1.1SinceStruts 1.1198 CHAPTER 7Designing with ActionMappingsOf course, it can still be useful to treat your ActionMappings as if they werepart of a hierarchy and group related commands under the same "folder." Theonly restriction is that the names must match whatever pattern is used in the application’s deployment description (web.xml) for the ActionServlet. This is usuallyeither /do/* or *.do, but any similar pattern can be used.If you are working in a team environment, different team members can begiven different ActionMapping namespaces to use. Some people may be workingwith the /customer ActionMappings, others may be working with the /vendor ActionMappings. This may also relate to the Java package hierarchy the team isusing. Since the ActionMapping URIs are logical constructs, they can be organizedin any way that suits your project.With Struts 1.1, these types of namespaces can be promoted to applicationmodules. Each team can work independently on its own module, with its own setof configuration files and presentation pages. Configuring your application to use multiple modules is covered in chapter 4.DEFINITION The web runs on URIs, and most URIs map to physical files. If you want to change the resource, you change the corresponding file. Some URIs, likeStruts actions, are virtual references. They do not have a correspondingfile but are handled by a programming component. To change the resource,we change how the component is programmed. But since thepath is a URI and interacts with other systems outside our control, thepath is not a true logical reference—the name of an ActionForward, forinstance. We can change the name of an ActionForward without consultingother systems. It’s an internal, logical reference. If we change thepath to an ActionMapping, we might need to update other systems thatrefer to the ActionMapping through its public URI.7.2.2 The forward propertyWhen the forward property is specified, the servlet will not pass the request to an Action class but will make a call to RequestDispatcher.forward. Since the operationdoes not use an Action class, it can be used to integrate Struts with otherresources and to prototype systems. The forward, include, and type propertiesare mutually exclusive. (See chapter 6 for more information.)7.2.3 The include propertyWhen the include property is specified, the servlet will not pass the request to an Action class but will make a call to RequestDispatcher.include. The operationActionMapping properties 199does not use an Action class and can be used to integrate Struts with other components. The forward, include, and type properties are mutually exclusive. (Seechapter 6 for more information.)7.2.4 The type propertyMost mappings will specify an Action class type rather than a forward or include.An Action class may be used by more than one mapping. The mappings may specifyform beans, parameters, forwards, or exceptions. The forward, include, andtype properties are mutually exclusive.7.2.5 The className propertyWhen specified, className is the fully qualified Java classname of the ActionMapping subclass that should be used for this object. This allows you to use your own ActionMapping subclass with specialized methods and properties. See alsosection 7.4.7.2.6 The name propertyThis property specifies the logical name for the form bean, as given in the formbean segment of the Struts configuration file. By default, this is also the name tobe used when placing the form bean in the request or session context. Use theattribute property of this class to specify a different attribute key.7.2.7 The roles propertyThis property is a comma-delimited list of the security role names that are allowed access to this ActionMapping object. By default, the same system that is used with standard container-based security is applied to the list of roles given here. Thismeans you can use action-based security in lieu of specifying URL patterns in the deployment descriptor, or you can use both together.The security check is handled by the processRoles method of the Request- Processor (org.apache.struts.action.RequestProcessor). By subclassing RequestProcessor, you can also use the roles property with application-based security. See chapter 9 for more about subclassing RequestProcessor.7.2.8 The scope propertyThe ActionForm bean can be stored in the current request or in the session scope (where it will be available to additional requests). While most developers userequest scope for the ActionForm, the framework default is session scope. Tomake request the default, see section 7.4.SinceStruts 1.1SinceStruts 1.1200 CHAPTER 7Designing with ActionMappings7.2.9 The validate propertyAn important step in the lifecycle of an ActionForm is to validate its data before offering it to the business layer. When the validate property for a mapping is true, the ActionServlet will call the ActionForm’s validate method. If validate returns false, the request is forwarded to the resource given by the input property.Often, developers will create a pair of mappings for each data entry form. Onemapping will have validate set to false, so you can create an empty form. Theother has validate set to true and is used to submit the completed form.NOTE Whether or not the ActionForm validate method is called does not relateto the ActionServlet’s validating property. That switch controlshow the Struts configuration file is processed.7.2.10 The input propertyWhen validate is set to true, it is important that a valid path for input be provided. This is where control will pass should the ActionForm validate methodreturn false. Often, this is the address for a presentation page. Sometimes it willbe another Action path (with validate set to false) that is required to generatedata objects needed by the page.NOTE The input path often leads back to the page that submitted the request.While it seems natural for the framework to return the request to whereit originated, this is not a simple task in a web application. A request is oftenpassed from component to component before a response is sent backto the browser. The browser only knows the path it used to retrieve theinput page, which may or may not also be the correct path to use for theinput property. While it may be possible to try and generate a default inputpage based on the HTTP referrer attribute, the Struts designersdeemed that approach unreliable.inputForwardIn Struts 1.0, the ActionMapping input property is always a literal URI. InStruts 1.1, it may optionally be the name of an ActionForward instead. The ActionForward is retrieved and its path property is used as the input property.This can be a global or local ActionForward.To use ActionForwards here instead of literal paths, set the inputForwardattribute on the <controller> element for this module to true:SinceStruts 1.1ActionMapping properties 201<controller inputForward="true">For more about configuring Struts, see chapter 4. For more about ActionForwards,see chapter 6.7.2.11 The parameter propertyThe generic parameter property allows Actions to be configured at runtime. Severalof the standard Struts Actions make use of this property, and the standardScaffold Actions often use it, too. The parameter property may contain a URI, the name of a method, the name of a class, or any other bit of information an Actionmay need at runtime. This flexibility allows some Actions to do double and tripleduty, slashing the number of distinct Action classes an application needs on hand.Within an Action class, the parameter property is retrieved from the mappingpassed to perform:parameter = mapping.getParameter();Multiple parametersWhile multiple parameters are not supported by the standard ActionMappingsclass, there are some easy ways to implement this, including using HttpUtils, a StringTokenizer, or a Properties file (java.util.Properties).HttpUtils. Although deprecated as of the Servlet API 2.3 specification, theHttpUtils package (javax.servlet.http.HttpUtils) provides a static method that parses any string as if it were a query string and returns a Hashtable(java.util.Hashtable):Hashtable parameters = parseQueryString(parameter);The parameter property for your mapping then becomes just another query string, because you might use it elsewhere in the Struts configuration. stringTokenizer. Another simple approach is to delimit the parameters using the token of your choice—such as a comma, colon, or semicolon—and use the StringTokenizer to read them back:StringTokenizer incoming =new StringTokenizer(mapping.getParameter(),";");int i = 0;String[] parameters = new String[incoming.countTokens()]; while (incoming.hasMoreTokens()) {parameters[i++] = incoming.nextToken().trim();}202 CHAPTER 7Designing with ActionMappingsProperties file. While slightly more complicated than the others, another popular approach to providing multiple parameters to an ActionMapping is with a standard Properties files (java.util.Properties). Depending on your needs, the Properties file could be stored in an absolute location in your file system or anywhere on your application’s CLASSPATH.The Commons Scaffold package [ASF, Commons] provides a ResourceUtils package (mons.scaffold.util.ResourceUtils) with methods forloading a Properties file from an absolute location or from your application’s CLASSPATH.7.2.12 The attribute propertyFrom time to time, you may need to store two copies of the same ActionForm inthe same context at the same time. This most often happens when ActionFormsare being stored in the session context as part of a workflow. To keep their names from conflicting, you can use the attribute property to give one ActionForm bean a different name.An alternative approach is to define another ActionForm bean in the configuration, using the same type but under a different name.7.2.13 The prefix and suffix propertiesLike attribute, the prefix and suffix properties can be used to help avoid naming conflicts in your application. When specified, these switches enable aprefix or suffix for the property name, forming an alias when it is populatedfrom the request.If the prefix this was specified, thenthisName=McClanahanbecomes equivalent toname=McClanahanfor the purpose of populating the ActionForm. Either or both parameters would call getName("McClanahan");This does not affect how the properties are written by the tag extensions. It affects how the autopopulation mechanism perceives them in the request.Nested components 2037.2.14 The unknown ActionMappingWhile surfing the Web, most of us have encountered the dreaded 404— page not found message. Most web servers provide some special features for processing requests for unknown pages, so webmasters can steer users in the right direction. Struts offers a similar service for ActionMapping 404s—the unknown ActionMapping. In the Struts configuration file, you can specify one ActionMapping toreceive any requests for an ActionMapping that would not otherwise be matched:<actionname="/debug"forward="/pages/debug.jsp"/>When this option is not set, a request for an ActionMapping that cannot bematched throws400 Invalid path /notHere was requestedNote that by a request for an ActionMapping, we mean a URI that matches the prefix or suffix specified for the servlet (usually /do/* or *.do). Requests for other URI patterns, good or bad, will be handled by other servlets or by the container:/do/notHere (goes to the unknown ActionMapping)/notHere.txt (goes to the container)7.3 Nested componentsThe ActionMapping properties are helpful when it comes to getting an Action torun a business operation. But they tell only part of the story. There is still much todo when the Action returns.An Action may have more than one outcome. We may need to register several ActionForwards so that the Action can take its pick.7.3.1 Local forwardsIn the normal course, an ActionMapping is used to select an Action object to handle the request. The Action returns an ActionForward that indicates which pageshould complete the response.The reason we use ActionForwards is that, in practice, presentation pages areeither often reused or often changed, or both. In either case, it is good practice to encapsulate the page’s location behind a logical name, like “success” or “failure.”The ActionForward object lets us assign a logical name to any given URI.204 CHAPTER 7Designing with ActionMappingsOf course, logical concepts like success or failure are often relative. What represents success to one Action may represent failure to another. Each Action-Mapping can have its own set of local ActionForwards. When the Action asks for a forward (by name), the local set is checked before trying the global forwards. See chapter 6 for more about ActionForwards.Local forwards are usually specified in the Struts configuration file. See chapter4 for details.7.3.2 Local exceptionsMost often, an application’s exception handlers (org.apache.struts.action. ExceptionHandler) can be declared globally. However, if a given ActionMapping needs to handle an exception differently, it can have its own set of local exception handlers that are checked before the global set.Local exceptions are usually specified in the Struts configuration file. Seechapter 4 for details.7.4 Rolling your own ActionMappingWhile ActionMapping provides an impressive array of properties, developers may also provide their own subclass with additional properties or methods. InStruts 1.0, this is configured in the deployment descriptor (web.xml) for the ActionServlet:<init-param><param-name>mapping</param-name><param-value>app.MyActionMapping</param-value></init-param>In Struts 1.1, this is configured in the Struts configuration file as an attribute to the <action-mappings> element:<action-mappings type="app.MyActionMapping">Individual mappings may also be set to use another type through the className attribute:<action className="app.MyActionMapping">For more about configuring Struts, see chapter 4.SinceStruts 1.1Summary 205The framework provides two base ActionMapping classes, shown in table 7.2. They can be selected as the default or used as a base for your own subclasses.The framework default is SessionActionMapping, so scope defaults to session. Subclasses that provide new properties may set them in the Struts configuration using a standard mechanism:<set-property property="myProperty" value="myValue" /> Using this standard mechanism helps developers avoid subclassing the Action- Servlet just to recognize the new properties when it digests the configuration file. This is actually a feature of the Digester that Struts simply inherits.7.5 SummarySun’s Model 2 architecture teaches that servlets and JavaServer Pages should be used together in the same application. The servlets can handle flow control and data acquisition, and the JavaServer Pages can handle the HTML.Struts takes this one step further and delegates much of the flow control anddata acquisition to Action objects. The application then needs only a single servletto act as a traffic cop. All the real work is parceled out to the Actions and theStruts configuration objects.Like servlets, Actions are efficient, multithreaded singletons. A single Actionobject can be handling any number of requests at the same time, optimizing your server’s resources.To get the most use out of your Actions, the ActionMapping object is used as a decorator for the Action object. It gives the Action a URI, or several URIs, and away to pass different configuration settings to an Action depending on which URIis called.In this chapter, we took a close look at the ActionMapping properties andexplained each property’s role in the scheme of things. We also looked at extendingthe standard ActionMapping object with custom properties—just in case yourscheme needs even more things.Table 7.2 The default ActionMapping classesActionMapping Descriptionorg.apache.struts.action.SessionActionMapping Defaults the scope property to sessionorg.apache.struts.action.RequestActionMapping Defaults the scope property to request206 CHAPTER 7Designing with ActionMappingsIn chapter 8, the real fun begins. The configuration objects covered so far aremainly a support system. They help the controller match an incoming requestwith a server-side operation. Now that we have the supporting players, let’s meet the Struts diva: the Action object.7.1 进入ActionMappingModel 2 架构(第1章)鼓励在同一个应用中使用servlet和JSP页面。

计算机专业毕业设计中英对照外文翻译-对象的创建和存在时间外文资料Object landscapes and lifetimesTechnically, OOP is just about abstract data typing, inheritance, and polymorphism, but other issues can be at least as important. The remainder of this section will cover these issues.One of the most important factors is the way objects are created and destroyed. Where is the data for an object and how is the lifetime of the object controlled? There are different philosophies at work here. C++ takes the approach that control of efficiency is the most important issue, so it gives the programmer a choice. For maximum run-time speed, the storage and lifetime can be determined while the program is being written, by placing the objects on the stack (these are sometimes called automatic or scoped variables) or in the static storage area. This places a priority on the speed of storage allocation and release, and control of these can be very valuable in some situations. However, you sacrifice flexibility because you must know the exact quantity, lifetime, and type of objects while you're writing the program. If you are trying to solve a more general problem such as computer-aided design, warehouse management, or air-traffic control, this is too restrictive.The second approach is to create objects dynamically in a pool of memory called the heap. In this approach, you don't know until run-time how many objects you need, what their lifetime is, or what their exact type is. Those are determined at the spur of the moment while the program is running. If you need a new object, you simply make it on the heap at the point that you need it. Because the storage is managed dynamically, at run-time, the amount of time required to allocate storage on the heap is significantly longer than the time to create storage on the stack. (Creating storage on the stack is often a single assembly instruction to move the stack pointer down, and another to move it back up.) The dynamic approach makes the generally logical assumption that objects tend to be complicated, so the extra overhead of finding storage andreleasing that storage will not have an important impact on the creation of an object. In addition, the greater flexibility is essential to solve the general programming problem.Java uses the second approach, exclusively]. Every time you want to create an object, you use the new keyword to build a dynamic instance of that object.There's another issue, however, and that's the lifetime of an object. With languages that allow objects to be created on the stack, the compiler determines how long the object lasts and can automatically destroy it. However, if you create it on the heap the compiler has no knowledge of its lifetime. In a language like C++, you must determine programmatically when to destroy the object, which can lead to memory leaks if you don’t do it correctly (and this is a common problem in C++ programs). Java provides a feature called a garbage collector that automatically discovers when an object is no longer in use and destroys it. A garbage collector is much more convenient because it reduces the number of issues that you must track and the code you must write. More important, the garbage collector provides a much higher level of insurance against the insidious problem of memory leaks (which has brought many a C++ project to its knees).The rest of this section looks at additional factors concerning object lifetimes and landscapes.1 Collections and iteratorsIf you don’t know how many objects you’re going to need to solve a particular problem, or how long they will last, you also don’t know how to store those objects. How can you know how much space to create for those objects? You can’t, since that information isn’t known until run-time.The solution to most problems in object-oriented design seems flippant: you create another type of object. The new type of object that solves this particular problem holds references to other objects. Of course, you can do the same thing with an array, which is available in most languages. But there’s more. This new object, generally called a container (also called a collection, but the Java library uses that term in a different sense so this book will use “container”), will expanditself whenever necessary to accommodate everything you place inside it. So you don’t need to know how manyobjects you’re going to hold in a container. Just create a container object and let it take care of the details.Fortunately, a good OOP language comes with a set of containers as part of the package. In C++, it’s part of the Standard C++ Library and is sometimes called the Standard Template Library (STL). Object Pascal has containers in its Visual Component Library (VCL). Smalltalk has a very complete set of containers. Java also has containers in its standard library. In some libraries, a generic container is considered good enough for all needs, and in others (Java, for example) the library has different types of containers for different needs: a vector (called an ArrayList in Java) for consistent access to all elements, and a linked list for consistent insertion at all elements, for example, so you can choose the particular type that fits your needs. Container libraries may also include sets, queues, hash tables, trees, stacks, etc.All containers have some way to put things in and get things out; there are usually functions to add elements to a container, and others to fetch those elements back out. But fetching elements can be more problematic, because a single-selection function is restrictive. What if you want to manipulate or compare a set of elements in the container instead of just one?The solution is an iterator, which is an object whose job is to select the elements within a container and present them to the user of the iterator. As a class, it also provides a level of abstraction. This abstraction can be used to separate the details of the container from the code that’s accessing that container. The container, via the iterator, is abstracted to be simply a sequence. The iterator allows you to traverse that sequence without worrying about the underlying structure—that is, whether it’s an ArrayList, a LinkedList, a Stack, or something else. This gives you the flexibility to easily change the underlying data structure without disturbing the code in your program. Java began (in version 1.0 and 1.1) with a standard iterator, called Enumeration, for all of its container classes. Java 2 has added a much more complete container library thatcontains an iterator called Iterator that does more than the older Enumeration.From a design standpoint, all you really want is a sequence that can be manipulated to solve your problem. If a single type of sequence satisfied all of your needs, there’d be no reason to have different kinds. There are two reasons that you need a choice of containers. First, containers provide different types of interfaces and external behavior. A stack has a different interface and behavior than that of a queue, which is different from that of a set or a list. One of these might provide a more flexible solution to your problem than the other. Second, different containers have different efficiencies for certain operations. The best example is an ArrayList and a LinkedList. Both are simple sequences that can have identical interfaces and external behaviors. But certain operations can have radically different costs. Randomly accessing elements in an ArrayList is a constant-time operation; it takes the same amount of time regardless of the element you select. However, in a LinkedList it is expensive to move through the list to randomly select an element, and it takes longer to find an element that is further down the list. On the other hand, if you want to insert an element in the middle of a sequence, it’s much cheaper in a LinkedList than in an ArrayList. These and other operations have different efficiencies depending on the underlying structure of the sequence. In the design phase, you might start with a LinkedList and, when tuning for performance, change to an ArrayList. Because of the abstraction via iterators, you can change from one to the other with minimal impact on your code.In the end, remember that a container is only a storage cabinet to put objects in. If that cabinet solves all of your needs, it doesn’t really matter how it is implemented (a basic concept with most types of objects). If you’re working in a programming environment that has built-in overhead due to other factors, then the cost difference between an ArrayList and a LinkedList might not matter. You might need only one type of sequence. You can even imagine the “perfect” container abstraction, which can automatically change its underlying implementation according to the way it is used.2 The singly rooted hierarchyOne of the issues in OOP that has become especially prominent since the introduction of C++ is whether all classes should ultimately be inherited from a single base class. In Java (as with virtually all other OOP languages) the answer is “yes” and the name of this ultimate base class is simply Object. It turns out that the benefits of the singly rooted hierarchy are many.All objects in a singly rooted hierarchy have an interface in common, so they are all ultimately the same type. The alternative (provided by C++) is that you don’t know that everything is the same fundamental type. From a backward-compatibility standpoint this fits the model of C better and can be thought of as less restrictive, but when you want to do full-on object-oriented programming you must then build your own hierarchy to provide the same convenience that’s built into other OOP languages. And in any new class library you acquire, some other incompatible interface will be used. It requires effort (and possibly multiple inheritance) to work the new interface into your design. Is the extra “flexibility” of C++ worth it? If you need it—if you have a large investment in C—it’s quite valuable. If you’re starting from scratch, other alternatives such as Java can often be more productive.All objects in a singly rooted hierarchy (such as Java provides) can be guaranteed to have certain functionality. You know you can perform certain basic operations on every object in your system. A singly rooted hierarchy, along with creating all objects on the heap, greatly simplifies argument passing (one of the more complex topics in C++).A singly rooted hierarchy makes it much easier to implement a garbage collector (which is conveniently built into Java). The necessary support can be installed in the base class, and the garbage collector can thus send the appropriate messages to every object in the system. Without a singly rooted hierarchy and a system to manipulate an object via a reference, it is difficult to implement a garbage collector.Since run-time type information is guaranteed to be in all objects, you’llnever end up with an object whose type you cannot determine. This is especially important with system level operations, such as exception handling, and to allow greater flexibility in programming.3 Collection libraries and support for easy collection useBecause a container is a tool that you’ll use frequently, it makes sense to have a library of containers that are built in a reusable fashion, so you can take one off the shelf Because a container is a tool that you’ll use frequently, it makes sense to have a library of containers that are built in a reusable fashion, so you can take one off the shelf and plug it into your program. Java provides such a library, which should satisfy most needs.Downcasting vs. templates/genericsTo make these containers reusable, they hold the one universal type in Java that was previously mentioned: Object. The singly rooted hierarchy means that everything is an Object, so a container that holds Objects can hold anything. This makes containers easy to reuse.To use such a container, you simply add object references to it, and later ask for them back. But, since the container holds only Objects, when you add your object reference into the container it is upcast to Object, thus losing its identity. When you fetch it back, you get an Object reference, and not a reference to the type that you put in. So how do you turn it back into something that has the useful interface of the object that you put into the container?Here, the cast is used again, but this time you’re not casting up the inheritance hierarchy to a more general type, you cast down the hierarchy to a more specific type. This manner of casting is called downcasting. With upcasting, you know, for example, that a Circle is a type of Shape so it’s safe to upcast, but you don’t know that an Object is necessarily a Circle or a Shape so i t’s hardly safe to downcast unless you know that’s what you’re dealing with.It’s not completely dangerous, however, because if you downcast to thewrong thing you’ll get a run-time error called an exception, which will be described shortly. When you fetch object references from a container, though, you must have some way to remember exactly what they are so you can perform a proper downcast.Downcasting and the run-time checks require extra time for the running program, and extra effort from the programm er. Wouldn’t it make sense to somehow create the container so that it knows the types that it holds, eliminating the need for the downcast and a possible mistake? The solution is parameterized types, which are classes that the compiler can automatically customize to work with particular types. For example, with a parameterized container, the compiler could customize that container so that it would accept only Shapes and fetch only Shapes.Parameterized types are an important part of C++, partly because C++ has no singly rooted hierarchy. In C++, the keyword that implements parameterized types is “template.” Java currently has no parameterized types since it is possible for it to get by—however awkwardly—using the singly rooted hierarchy. However, a current proposal for parameterized types uses a syntax that is strikingly similar to C++ templates.译文对象的创建和存在时间从技术角度说，OOP（面向对象程序设计）只是涉及抽象的数据类型、继承以及多形性，但另一些问题也可能显得非常重要。

题目Programming Overlay Networkswith Overlay SocketsProgramming Overlay Networks with Overlay Sockets The emergence of application-layer overlay networks has inspired the development of new network services and applications. Research on overlay net-workshas focused on the design of protocols to maintain and forward data in an overlay network, however, less attention has been given to the software development process of building application programs in such an environment. Clearly,the complexity of overlay network protocols calls for suitable application programming interfaces (APIs) and abstractions that do not require detailed knowledge of the overlay protocol, and, thereby, simplify the task of the application programmer. In this paper, we present the concept of an overlay socket as a new programming abstraction that serves as the end point of communication in an overlay network. The overlay socket provides a socket-based API that is independent of the chosen overlay topology, and can be configured to work for different overlay topologies. The overlay socket can support application data transfer over TCP, UDP, or other transport protocols. This paper describes the design of the overlay socket and discusses API and configuration options.1 IntroductionApplication-layer overlay networks [5, 9, 13, 17] provide flexible platforms for develop-ing new network services [1, 10, 11, 14, 18–20] without requiring changes to the network-layer infrastructure. Members of an overlay network, which can be hosts, routers, servers, or applications, organize themselves to form a logical network topology, and commu-nicate only with their respective neighbors in the overlay topology. A member ofan overlay network sends and receives application data, and also forwards data intended for other members. This paper addresses application development in overlay networks. We use the term overlay network programming to refer to the software development process of building application programs that communicate with one another in an application-layer overlay_This work is supported in part by the National Science Foundation through grant work. The diversity and complexity of building and maintaining overlay networks make it impractical to assume that application developers can be concerned with the complexity of managing the participation of an application in a specific overlay networktopology.We present a software module, called overlay socket, that intends to simplify the task of overlay network programming. The design of the overlay socket pursues the following set of objectives: First, the application programming interface (API) of the overlay socket does not require that an application programmer has knowledge of the overlay network topology. Second, the overlay socket is designed to accommodate dif-ferent overlay network topologies. Switching to different overlay network topologies is done by modifying parameters in a configuration file. Third, the overlay socket, which operates at the applicationlayer,can accommodate different types of transport layer protocols. This is accomplished by using network adapters that interface to the un-derlying transport layer network and perform encapsulation and de-encapsulation of messages exchanged by the overlay socket. Currently available network adapters are TCP, UDP, and UDP multicast. Fourth, the overlay socket provides mechanisms for bootstrapping new overlay networks. In this paper, we provide an overview of the overlay socket design and discuss over-lay network programming with the overlay socket. The overlay socket has been imple-mented in Java as part of the HyperCast 2.0 software distribution [12]. The software has been used for various overlay applications, and has been tested in both local-area as well as wide-area settings. The HyperCast 2.0 software implements the overlay topolo-gies described in [15] and [16]. This paper highlights important issues of the overlay socket, additional information can be found in the design documentation available from[12]. Several studies before us have addressed overlay network programming issues. Evenearly overlay network proposals, such as Yoid [9], Scribe [4], and Scattercast [6], have presented APIs that aspire to achieve independence of the API from the overlay network topology used. Particularly, Yoid and Scattercast use a socket-like API, how-ever, these APIs do not address issues that arise when the same API is used by different overlay network topologies. Several works on application-layer multicast overlays inte-grate the application program with the software responsible for maintaining the overlay network, without explicitly providing general-purpose APIs.These include Narada [5], Overcast [13], ALMI [17], and NICE [2]. A recent study [8] has proposed a common API for the class of so-called structured overlays, which includes Chord [19], CAN [18], and Bayeux [20], and other overlays that were originally motivated by distributed hash tables. Our work has a different emphasis than [8], since we assume a scenario where an application programmer must work with several, possibly fundamentally dif-ferent, overlay network topologies and different transmission modes (UDP, TCP), and, therefore, needs mechanisms that make it easy to change the configuration of the un-derlying overlay network..Internet Overlay socket Application Overlay socket Application Application Overlay socket Application Application Overlay socket Application Overlay Network. Fig. 1. The overlay network is a collection of overlay sockets. Root (sender) Root (receiver) (a) Multicast (b) Unicast.Fig. 2. Data forwarding in overlay networks.The rest of the paper is organized as following. In Section 2 we introduce con-cepts, abstractions, and terminology needed for the discussion of the overlay socket. In Section 3 we present the design of the overlay socket, and discuss its components. In Section 4 we show how to write programs using the overlay socket. We present brief conclusions in Section 5.2 Basic ConceptsAn overlay socket is an endpoint for communication in an overlay network, and an overlay network is seen as a collection of overlay sockets that self-organize using an overlay protocol (see Figure 1). An overlay socket offers to an application programmer a Berkeley socket-style API [3] for sending and receiving data over an overlay network.Each overlay socket executes an overlay protocol that is responsible for maintaining the membership of the socket in the overlay network topology. Each overlay socket has a logical address and a physical address in the overlay network. The logical address is dependent on the type of overlay protocol used. In the overlay protocols currently implemented in HyperCast 2.0, the logical addresses are 32- bit integers or_x_y_coordinates, where x and y are positive 32-bit positive integers. The physical address is a transport layer address where overlay sockets receive messages from the overlay network. On the Internet, the physical address is an IP address and a TCP or UDP port number. Application programs that use overlay sockets only work with logical addresses, and do not see physical addresses of overlay nodes. When an overlay socket is created, the socket is configured with a set of configu-ration parameters, called attributes. The application program can obtain the attributes from a configuration file or it downloads the attributes from a server. The configuration file specifies the type of overlay protocol and the type of transport protocol to be used,.but also more detailed information such as the size of internal buffers, and the value of protocol-specific timers. The most important attribute is the overlay identifier (overlay ID) which is used as a global identifier for an overlay network and which can be used as a key to access the other attributes of the overlay network. Each new overlay ID corresponds to the creation of a new overlay network. Overlay sockets exchange two types of messages, protocol messages and application messages. Protocol messages are the messages of the overlay protocol that main-tain the overlay topology. Application messages contain applicationdata that is encap-sulatedn an overlay message header. An application message uses logical addresses in the header to identify source and, for unicast, the destination of the message. If an overlay socket receives an application message from one of its neighbors in the over-laynetwork, it determines if the message must be forwarded to other overlay sockets, and if the message needs to be passed to the local application. The transmission modes currently supported by the overlay sockets are unicast, and multicast. In multicast, all members in the overlay network are receivers.In both unicast and multicast,the com-mon abstraction for data forwarding is that of passing data in spanning trees that are embedded in the overlay topology. For example, a multicast message is transmitted downstream a spanning tree that has the sender of the multicast message as the root (see Figure 2(a)). When an overlay socket receives a multicast message, it forwards the message to all of its downstream neighbors (children) in the tree, and passes the mes-sage to the local application program. A unicast message is transmitted upstream a tree with the receiver of the message as the root (see Figure 2(b)). An overlay socket that receives a unicast message forwards the message to the upstream neighbor (parent) in the tree that has the destination as the root. An overlay socket makes forwarding decisions locally using only the logical ad-dresses of its neighbors and the logical address of the root of the tree. Hence, there is a requirement that each overlay socket can locally compute its parent and its children in a tree with respect to a root node. This requirement is satisfied by many overlay network topologies, including [15, 16, 18–20].3 The Components of an Overlay SocketAn overlay socket consists of a collection of components that are configured when the overlay socketis created, using the supplied set of attributes. These components include the overlay protocol, which helps to build and maintain the overlay network topology, a component that processes application data, and interfaces to a transport-layer network. The main components of an overlay socket, as illustrated in Figure 3, are as follows:The overlay node implements an overlay protocol that establishes and maintains the overlay network topology. The overlay node sends and receives overlay protocol messages, and maintains a set of timers. The overlay node is the only component of an overlay socket that is aware of the overlay topology. In the HyperCast 2.0. Overlay socket Forwarding EngineApplication Programming InterfaceStatistics InterfaceProtocol MessagesApplicationReceiveBufferApplicationTransmitBuffer Overlay NodeO verlay NodeInterfac eNode AdapterAdapter InterfaceSocket AdapterA dapter InterfaceApplication MessagesApplication ProgramTransport-layer NetworkApplication MessagesFig. 3. Components of an overlay socket.software, there are overlay nodes that build a logical hypercube [15] and a logical Delaunay triangu-lartion [16].The forwarding engine performs the functions of an application-layer router, that sends, receives, and forwards formatted application-layer messages in the overlay network. The forwarding engine communicates with the overlay node to query next hop routing information for application messages. The forwarding decision is made using logical addresses of the overlay nodes. Each overlay socket has two network adapters that each provides an interface to transport-layer protocols, such as TCP or UDP. The nodeadapter serves as the in-terface for sending and receiving overlay protocol messages, and the socket adapter serves as the interface for application messages. Each adapter has a transport level address, which, in the case of the Internet, consists of an IP address and a UDP or TCP port number. Currently, there are three different types of adapters, for TCP, UDP, and UDP multicast. Using two adapters completely separates the handling of messages for maintaining the overlay protocol and the messages that transport application data.The application receive buffer and application transmit buffer can temporarily store messages that, respectively, have been received by the socket but not been deliv-ered to theapplication, or that have been released by the application program, but not been transmitted by the socket. The application transmit buffer can play a role when messages cannot be transmitted due to rate control or congestion control con-straints. The application transmit buffer is not implemented in the HyperCast 2.0 software.Each overlay socket has two external interfaces. The application programming in-terface (API) of the socket offers application programs the ability to join and leave existing overlays, to send data to other members of the overlay network, and receive data from the overlay network. The statistics interface of the overlay socket provides access to status information of components of the overlay socket, and is used for monitoring and management of an overlay socket. Note in Figure 3 that some components of the overlay socket also have interfaces, which are accessed by other components of the overlay socket. The overlay manager is a component external to the overlay socket (and not shown in Figure 3). It is responsible for configuring an overlay socket when the socket is created. The overlay manager reads a configuration file that stores the attributes of an overlay socket, and, if it is specified in the configuration file, may access attributes from a server, and then initiates the instantiation of a new overlay socket.4 Overlay Network ProgrammingAn application developer does not need to be familiar with the details of the components of an overlay socket as described in the previous section. The developer is exposed only to the API of the overlay socket and to a file with configuration parameters.The configuration file is a text file which stores all attributes needed to configure an overlay socket. The configuration file is modified whenever a change is needed to the transport protocol, the overlay protocol, or some other parameters of the overlay socket. In the following, we summarize only the main features of the API, and we refer to [12] for detailed information on the overlay socket API.4.1 Overlay Socket APISince the overlay topology and the forwarding of application-layer data is transparent to the application program, the API for overlay network programming can be made simple. Applications need to be able to create a new overlay network, join and leave an existing overlay network, send data to and receive data from other members in the overlay.The API of the overlay socket is message-based, and intentionally stays close to the familiar Berkeley socket API [3]. Since space considerations do not permit a description of the full API, we sketch the API with the help of a simplified example. Figure 4 shows the fragment of a Java program that uses an overlay socket. An application program configures and creates an overlay socket with the help of an overlay manager (o m). The overlay manager reads configuration parameters for the overlay socket from a configu-ration file (hypercast.pro p), which can look similarly as shown in Figure 5. The applica-tion program reads the overlay ID with command om.getDefaultProperty(“OverlayID”) from the file, and creates an configuration object (confi g) for an overlay socket with the.// Generate the configuration object OverlayManager om = newOverlayManager("hypercast.prop");String MyOverlay = om.getDefaultProperty("OverlayID"); OverlaySocketConfig config = new om.getOverlaySocketConfig(MyOverlay); // create an overlay socketOL Socket socket = config.createOverlaySocket(callback);// Join an overlaysocket.joinGroup();// Create a messageOL Message msg = socket.createMessage(byte[] data, int length);// Send the message to all members in overlay networksocket.sendToAll(msg);// Receive a message from the socketOL Message msg = socket.receive();Fig. 4. Program with overlay sockets.# OVERLAY Server:OverlayServer =# OVERLAY ID:OverlayID = 1234KeyAttributes= Socket,Node,SocketAdapter# SOCKET:Socket = HCast2-0HCAST2-0.TTL = 255HCAST2-0.ReceiveBufferSize = 200# SOCKET ADAPTER:SocketAdapter = TCPSocketAdapter.TCP.MaximumPacketLength = 16384# NODE:Node = DT2-0DT2-0.SleepTime = 400# NODE ADAPTER:NodeAdapter = NodeAdptUDPServer NodeAdapter.UDP.MaximumPacketLength = 8192 NodeAdapter.UDPServer.UdpServer0 =128.143.71.50:8081Fig. 5. Configuration file (simplified) given overlay ID. The configuration objectalso loads all configuration information from the configuration file, and then creates the overlay socket(config.createOverlaySocke t).Once the overlay socket is created, the socket joins the overlay network (socket.join-Grou p). When a socket wants to multicast a message, it instantiates a new message (socket.createMessage) and trans-mits the message using the sendToAll method. Other transmission options are send-To-Parent, send-To-Children, sendToNeighbors, and sendToNode, which, respectively, send a message to the upstream neighbor with respect to a given root (see Figure 2), to the downstream neighbors, to all neighbors, or to a particular node with a given logical address.4.2 Overlay Network Properties ManagementAs seen, the properties of an overlay socket are configured by setting attributes in a configuration file. The overlay manager in an application process uses the attributes to create a new overlay socket. By modifying the attributes in the configuration file, an application programmer can configure the overlay protocol or transport protocol that is used by the overlay socket. Changes to the file must be done before the socket is created. Figure 5 shows a (simplified) example of a configuration file. Each line of the configuration file assigns a value to an attribute. The complete list of attributes and the range of values is documented in [12]. Without explaining all entries in Figure 5, the file sets, among others, the ov erlay ID to …1234 ‟, selects version 2.0 of the DT protocol as overlay protocol (…Node=DT2-0 ‟), and it sets the transport protocol of the socket adaptor to TCP(…SocketAdapter=TCP ‟).Each overlay network is associated with a set of attributes that characterize the properties of the over-lay sockets that participate in the overlay network. As mentioned earlier, the most important attribute is the overlay ID, which is used to identify an y network, andwhich can be used as a key toaccess all other attributes of an overlay network. The overlay ID should be a globally unique identifier.A new overlay network is created by generating a new overlay ID and associating a set of attributes that specify the properties of the overlay sockets in the overlay network. To join an overlay network, an overlay socket must know the overlay ID and the set of attributes for this overlay ID. This information can be obtained from a configuration file, as shown in Figure 5.All attributes have a name and a value, both of which are strings. For example, the overlay protocol of an overlay socket can be determined by an attribute with name NODE. If the attribute is set to NOD-E=DT2- 0, then the overlay node in the overlay socket runs the DT (version 2) overlay protocol. The overlay socket distinguishes between two types of attributes: key attributes and configurable attributes. Key attributes are specific to an overlay network with a given overlay ID. Key attributes are selectedwhen the overlay ID is created for an overlay network, and cannot be modified after-wards.Overlay sockets that participate in an overlay network must have identical key attributes, but can have different configurable attributes. The attributes OverlayID and KeyAttributes are key attributes by default in all overlay networks. Configurable at-tributes specify parameters of an overlay socket, which are not considered essential for establishing communication between overlay sockets in the same overlay network, and which are considered …tunable‟.5 ConclusionsWe discussed the design of an overlay socket which attempts to simplify the task of overlay network programming. The overlay socket serves as an end point of commu-nication in the overlay network. The overlay socket can be used for various overlay topologies and support different transport protoc-ols. The overlay socket supports a simple API for joining and leaving an overlaynetwork, and for sending and receiving data to and from other sockets in the overlay network. The main advantage of the overlay socket is that it is relatively easy to change the configuration of the overlay network. An implementation of the overlay socket is distributed with the HyperCast2.0 soft-ware. The software has been extensively tested. A variety of different applications, such as distributed whiteboard and a video streaming application, have been developed with the overlay sockets. Acknowledgement. In addition to the authors of this article the contributors include Bhupinder Sethi, Tyler Beam, Burton Filstrup, Mike Nahas, Dongwen Wang, Konrad Lorincz, Jean Ablutz, Haiyong Wang, Weisheng Si, Huafeng Lu, and Guangyu Dong.应用层覆盖网络的出现促进了新网络服务和应用的发展。

Talking about security loopholesRichard S. Kraus reference to the core network security business objective is to protect the sustainability of the system and data security, This two of the main threats come from the worm outbreaks, hacking attacks, denial of service attacks, Trojan horse. Worms, hacker attacks problems and loopholes closely linked to, if there is major security loopholes have emerged, the entire Internet will be faced with a major challenge. While traditional Trojan and little security loopholes, but recently many Trojan are clever use of the IE loophole let you browse the website at unknowingly were on the move.Security loopholes in the definition of a lot, I have here is a popular saying: can be used to stem the "thought" can not do, and are safety-related deficiencies. This shortcoming can be a matter of design, code realization of the problem.Different perspective of security loo phole sIn the classification of a specific procedure is safe from the many loopholes in classification.1. Classification from the user groups:● Public loopholes in the software category. If the loopholes inWindows, IE loophole, and so on.● specialized software loophole. If Oracle loopholes, Apach e, etc.loopholes.2. Data from the perspective include :● could not reasonably be read and read data, including the memoryof the data, documents the data, Users input data, the data in thedatabase, network, data transmission and so on.● designa ted can be written into the designated places (includingthe local paper, memory, databases, etc.)● Input data can be implemented (including native implementation,according to Shell code execution, by SQL code execution, etc.)3. From the point of view of the scope of the role are :● Remote loopholes, an attacker could use the network and directlythrough the loopholes in the attack. Such loopholes great harm, an attacker can create a loophole through other people's computers operate. Such loopholes and can easily lead to worm attacks on Windows.● Local loopholes, the attacker must have the machine premiseaccess permissions can be launched to attack the loopholes.Typical of the local authority to upgrade loopholes, loopholes in the Unix system are widespread, allow ordinary users to access the highest administrator privileges.4. Trigger conditions from the point of view can be divided into:● Initiative trigger loopholes, an attacker can take theinitiative to use the loopholes in the attack, If direct access to computers.● Passive trigger loopholes must be computer operators can becarried out attacks with the use of the loophole. For example, the attacker made to a mail administrator, with a special jpg image files, if the administrator to open image files will lead to a picture of the software loophole was triggered, thereby system attacks, but if managers do not look at the pictures will not be affected by attacks.5. On an operational perspective can be divided into:● File opera tion type, mainly for the operation of the target filepath can be controlled ., parameters, configuration files, environment variables, the symbolic link HEC), this may lead to the following two questions:◇ Content can be written into control, the contents of the documents can be forged. Upgrading or authority to directly alter the important data (such as revising the deposit and lending data), this has many loopholes. If history Oracle TNS LOG document can be designated loopholes, could lead to any person may control the operation of the Oracle computer services;◇ information content can be output Print content has been contained to a screen to record readable log files can be generated by the core users reading papers, Such loopholes in the history of the Unix system crontab subsystem seen many times, ordinary users can read the shadow of protected documents;● Memory coverage, mainly for memory modules can be specified, write content may designate such persons will be able to attack to enforce the code (buffer overflow, format string loopholes, PTrace loopholes, Windows 2000 history of the hardware debugging registers users can write loopholes), or directly alter the memory of secrets data.● logic errors, such wide gaps exist, but very few changes, so it is difficult to discern, can be broken down as follows : ◇ loopholes competitive conditions (usually for the design, typical of Ptrace loopholes, The existence of widespread document timing of competition) ◇ wrong tactic, usually in design. If the history of the FreeBSD Smart IO loopholes. ◇ Algorithm (usually code or design to achieve), If the history of Microsoft Windows 95/98 sharing password can easily access loopholes. ◇Imperfections of the design, such as TCP / IP protocol of the three-step handshake SYN FLOOD led to a denial of service attack. ◇ realize the mistakes (usually no problem for the design, but the presence of coding logic wrong, If history betting system pseudo-random algorithm)● External orders, Typical of external commands can be controlled(via the PATH variable, SHELL importation of special characters, etc.) and SQL injection issues.6. From time series can be divided into:● has long found loopholes: manufacturers already issued a patchor repair methods many people know already. Such loopholes are usually a lot of people have had to repair macro perspective harm rather small.● recently discovered loophole: manufacturers just made patch orrepair methods, the people still do not know more. Compared to greater danger loopholes, if the worm appeared fool or the use of procedures, so will result in a large number of systems have been attacked.● 0day: not open the loophole in the private transactions. Usuallysuch loopholes to the public will not have any impact, but it will allow an attacker to the target by aiming precision attacks, harm is very great.Different perspective on the use of the loopholesIf a defect should not be used to stem the "original" can not do what the (safety-related), one would not be called security vulnerability, security loopholes and gaps inevitably closely linked to use. Perspective use of the loopholes is:● Data Perspective: visit had not visited the data, including readingand writing. This is usually an attacker's core purpose, but can cause very serious disaster (such as banking data can be written).● Competence Perspective: Major Powers to bypass or permissions.Permissions are usually in order to obtain the desired data manipulation capabilities.● Usability perspective: access to certain services on the systemof control authority, this may lead to some important services to stop attacks and lead to a denial of service attack.● Authentication bypass: usually use certification system and theloopholes will not authorize to access. Authentication is usually bypassed for permissions or direct data access services.● Code execution perspective: mainly procedures for the importationof the contents as to implement the code, obtain remote system access permissions or local system of higher authority. This angle is SQL injection, memory type games pointer loopholes (buffer overflow, format string, Plastic overflow etc.), the main driving. This angle is usually bypassing the authentication system, permissions, and data preparation for the reading.Loopholes explore methods mustFirst remove security vulnerabilities in software BUG in a subset, all software testing tools have security loopholes to explore practical. Now that the "hackers" used to explore the various loopholes that there are means available to the model are:● fuzz testing (black box testing), by constructing procedures maylead to problems of structural input data for automatic testing.● FOSS audit (White Box), now have a series of tools that can assistin the detection of the safety procedures BUG. The most simple is your hands the latest version of the C language compiler.● IDA anti-compilation of the audit (gray box testing), and abovethe source audit are very similar. The only difference is that many times you can obtain software, but you can not get to the source code audit, But IDA is a very powerful anti-Series platform, let you based on the code (the source code is in fact equivalent) conducted a safety audit.● dynamic tracking, is the record of proceedings under differentconditions and the implementation of all security issues related to the operation (such as file operations), then sequence analysis of these operations if there are problems, it is competitive category loopholes found one of the major ways. Other tracking tainted spread also belongs to this category.● patch, the software manufacturers out of the question usuallyaddressed in the patch. By comparing the patch before and after the source document (or the anti-coding) to be aware of the specific details of loopholes.More tools with which both relate to a crucial point: Artificial need to find a comprehensive analysis of the flow path coverage. Analysis methods varied analysis and design documents, source code analysis, analysis of the anti-code compilation, dynamic debugging procedures. Grading loopholesloopholes in the inspection harm should close the loopholes and the use of the hazards related Often people are not aware of all the Buffer Overflow Vulnerability loopholes are high-risk. A long-distance loophole example and better delineation:●Remote access can be an OS, application procedures, versioninformation.●open unnecessary or dangerous in the service, remote access tosensitive information systems.● Remote can be restric ted for the documents, data reading.●remotely important or restricted documents, data reading.● may be limited for long-range document, data revisions.● Remote can be restricted for important documents, data changes.● Remote can be conducted withou t limitation in the importantdocuments, data changes, or for general service denial of service attacks.● Remotely as a normal user or executing orders for system andnetwork-level denial of service attacks.● may be remote management of user identities to the enforcement ofthe order (limited, it is not easy to use).● can be remote management of user identities to the enforcement ofthe order (not restricted, accessible).Almost all local loopholes lead to code execution, classified above the10 points system for:●initiative remote trigger code execution (such as IE loophole).● passive trigger remote code execution (such as Word gaps / chartingsoftware loopholes).DEMOa firewall segregation (peacekeeping operation only allows the Department of visits) networks were operating a Unix server; operating systems only root users and users may oracle landing operating system running Apache (nobody authority), Oracle (oracle user rights) services. An attacker's purpose is to amend the Oracle database table billing data. Its possible attacks steps:● 1. Access peacekeeping operation of the network. Access to apeacekeeping operation of the IP address in order to visit through the firewall to protect the UNIX server.● 2. Apache services using a Remote Buffer Overflow Vulnerabilitydirect access to a nobody's competence hell visit.● 3. Using a certain operating system suid procedure of the loopholeto upgrade their competence to root privileges.● 4. Oracle sysdba landing into the database (local lan ding withouta password).● 5. Revised target table data.Over five down for process analysis:●Step 1: Authentication bypass●Step 2: Remote loopholes code execution (native), Authentication bypassing● Step 3: permissions, authentication bypass● S tep 4: Authentication bypass● Step 5: write data安全漏洞杂谈Richard S. Kraus 网络安全的核心目标是保障业务系统的可持续性和数据的安全性，而这两点的主要威胁来自于蠕虫的暴发、黑客的攻击、拒绝服务攻击、木马。