Problem Statement :  Data-formats ...client-side validation , server-side validation

                     client-side validation of data-format's is potentially prone for compromise and reliability,

                     server-side validation is reliable ...but can make the server-slow if sufficient processing
                     power is not provisioned.

                  eg scenario: online sales-tax filing for maharastra state government,

                               a client-side data format of  MS-excel was choosen ...and validation performed on client
                               as reliable.

                     also read through "opportunity_XML_RSS_exploitation.txt",
                                       "Opportunity_ticketing_reservation_systems.txt",
                                       "opportunity_crm_othersoftwaresystems[erp]_xmlRSS_http_channel_Push_notification_mechanism.txt",
                                       "opportunity_datastorage_mediums_data_access_views.txt",
                                       "opportunity_dynamic_virtualization_storage_blueprint.txt",
                                       "opportunity_email_embedded_forms_communication_data_transport_layer.txt'


                   1)user-input,presentation framework [derived from use-case-modeled mappable as envisaged in 3)], 
                   2)data-validation-layer ,
                   3)validated-data-mapped-to-[o]rdbms [read through ...opportunity_datastorage_mediums_data_access_views.txt,
                                                        given that most databases support XML ...and also deriving from how data
                                                        is stored for a table with in a database ...instead of converting to
                                                        rdbms and XML ....a record of XML being appended can be explored potentially ]
                   
                    ...all expressed in XML.... Client-side and server-side programs/frame-works that work or take these XML as input
                    ....read through "opportunity_public_templates_XML_DTD_interfaces_api.txt"


Opportunity A: A document with embedded script that is executable or validated on client-side ...for convinence of the end-users.

              ...ideally ...validating such data ...on the server-side for doubly assuring there is no compromise on the data
              or validation-code in critical environments.

              for instance by opening a process thread or shell on the server-side which re-validates or re-executes the document in a
              embedded environment as in the client by populating the data-recieved from the client into a template on the 
              server with-out relying on the client-side-validation of the data,  XML ideally offer's most viable data-format for
              this kind of scenario viz. marshall or ship the data in concise or most portable format between client to server.

              Eg: windows offer's or let's running a client-side program in a ...server-side shell , leverage processing or infrastructure
                  architechture's that can leverage server-side-processing powers.

              ...ability to apply a template on the data on the client-side ...and revalidate the data on the server-side by
                 applying a server-side validatable template ...that can be executed in threaded version on server-side validation
                 program....given the context ...data needs to adhere to a XML-DTD-DOM...data marshalling needs to be in set's of
                 XML documents....given or applying OOP ...classes/interfaces are re-usable ...those that can be used or instantiated
                 for use on client-side and server-side.

                 here-in it is presumed that just the data is marshalled  from the client to the server ...not the formatting and 
                 validation ...when data gather from a end-user is trasmitted back to the server, keeping it lite-weight,by seperating
                 the presentation layer ....with the validation-layer ...ability to apply the validation frame-work(ideally much like
                 the presentation-layer the validation part expressed in XML ...the same XML input document when used on the client-side ,
                 the client-side validation program takes into account the user-interface and input from end-user, while the server-side
                 validation program taking or picking from the XML-input for data validation just re-validates the data)  on the data 
                 on the server-side when revalidation of data on server-side is required.

                 As part of deriving or developing the XML-namespace-schema, for interaction's with user or other error-handling,
                 the scope and context of error-handling, valid-input to every input captured is attached to field or namespace
                 as a regular-expression matching valid-data, all these well defined within the XML-namespace-schema,

                
              presuming data-format used for marshalling is XML ...leveraging Ajax or client-side validation tools XSLT or CSS 
              or for that matter MS-Exel(ability to import into a template with embedded validations ...of excel 2003 version) on 
              the client-side

              and many a server-side XML compatible architechtures (perl/php/java/.net...etc) can be applied on such data on the server-side.

       
              The advantage of such a data format being that apart from http-protocol ...data-marshaling ...transactions over other protocols
              including passive such as email can be leveraged.


example: Anology of the computing architecture.
-----------------------------------------------


           if ... validating a html form and thus the data,

                          instead of attaching a validation to each field in the form,

                          a function that validates ...the content of the form before the form 
                          is shipped to server ...pick's or throw's error message from text or 
                          comment attached to the field upon fialing a validation

                                                     ................expressed or translated XML-namespace-schema.



           the same javascript- function ....applied on the server-side to re-validate the data submitted 
           to server on form-submission.


           mapping(XML document's or relational-entities to which the data needs to be piped into the data-repository).


Opportunity B): further to as envisaged in projects.pdf and else-where on this uri/url by this individual


                Understanding and deriving from how reverse-proxing works, given the context templated-structure(pre-processed)
                content (pages) to be served to clients.

               
                As also web-application containers viz. .war, .rar , .zip ,.cab untarred containing .jsp, .php, .aspx, .jsf, ..etc

                ...used in web-tier architecture.

 
                ability to permanently place such content in virtual-memory or RAM ...i.e. explicity provision , so as to pre-clude
                any kind of paging on these kind of cacheable content...rather than being located on a pagefile on even on the disk 
                i.e. avoid Disk I/O ( given subjected to the RPM , IO hindrance from inherent features
                of a disk based medium) ...i.e. ability to exploit a RAMdisk for the purpose.



Opportunity c): further to as envisaged in projects.pdf, else-where on this uri/url by this individual.

                given that java, phython, perl ....a few other language's provide a client-side byte-code compilable
                environments  ported to most operating system based platforms.


                customized native language-extensible modules or code and written and ported to these client side execution
                environment ....to provide grained fine control, control on client-side code ...ability to preserve the source-code
                and also the fact ...ability to be secure from reverse-engineer the byte-code by using object-code.

                Thus ability have properitary business-logic residing as object-code(re-usable-libraries) native to platform
                ...fine tune the dependancy on the network-request's just to data-requests.
------------------------------------------------------------------------------------------------------------------------------------------------------------

Problem-statement: given the context of propigated notion of  content-type , content-type handler's on client-side/server-side ,

                   scope or context of packaging, circulating arbitary executable-code/routine's ...as acceptable content-type

                   for instance as a valid image,

                   in this context refer to projects.pdf(597,

Opportunity d:)  viability or sustainability ....of the various supported file-types, file-extensions in the context of  OS.

                 scope and potential of virus ...threat ..from various client-side scripting, interpreter language's 

                 particularly .wsh other automation of regular OS related activities.


                 given the scope and context of loading a function or executable code from the perspective of instructions,
                 loadable from a address-space (viz. any programming context evaluating the scope of void pointer's ...null,
                 and memory address-space  ....scope for limiting ...any loadable memory-address-space ...by potentially
                 what may be termed ...memory address segmentation...defining segments from which any executable addresspace 
                 can be located ...say kind of safe , unsafe say kind of ability to make use of unix umask
                 all non-os installed or downloaded content from internet falling under a segment of address-able-space)


                 given the context of exploiting branding,visibility ...at times or most of the times usually vieled under
                 the category of brand-reputation ....potential scope from tool-bar's, messenger , audio-video (voip/other
                 content handling) ...requiring explicit installation on the OS.


                 ability to package client-side scripting based libraries ...that support remote-method invocation such as
                 soap only, ability to configure the web-browser to support external code-libraries as menu-bar's or utilities
                 accessible upon invocation ...i.e. emulate tool/menu options available/accessible by default, and donot
                 require installation or registration in the OS.


                 Understanding the perceptions of insider-threat ...outsider-threat ...scope of technology-consultancy-competency
                 ----------------------------------------------------------------------------------------------------------------------

                 Also given the scope and content of the most network-vulnerabilities , technical-assessment ...innovative product-service
                 offering ...subject you cloud ...network-access-point's ...from  out-side viz. a external entity...assesing
                 vulnerabilities threat's ...application load-test across the network ...including simulating DOS.


             
            Rationalizable scenario context:   given the scope and context  of ....analogous scenario.

                
		time-stamp manipulation ??

              			 file-system entries ??

             			 database emulation??       ...database as independent integral software module hosted on a OS


                digital signing of installable's...on a OS ...OEM vendor, service-provider, from other's ??[validity authenticity],
                having a properitary ...CA root, server....scope validity context


   


Opportunity f:) understanding and interpreting push, pull of content over networks....eg: XML-RSS feed.       

                further to as envisaged in the document projects.pdf.

 
                ability to kind of marshall or broadcast ....on the lines of DNS implementations...i.e. encode query/data
                broadcast using XML-envoloped messages.


Opportunity g:) online presentations ...dynamic image generation ...on the fly contextual presentation of data

                financial domain ...banking ...stocks ...various other contexts.

                Graphical plotting as can be leveraged from many a utilities viz.GD, flash or other similar plotting interfaces.

                a judicious choice between server-side pre-processed generation to client-side dynamic presentation.

                eg: trend analysis ...bundle with various entreprise-solutions opportunity_enhanced_computing_server_host_audit_trail.txt
                                      pre-package solutions like ERP,CRM,other off the shelf software.


Opportunity h:) further to opportunity d) 

                          using PGP , digital handshake (ssh ...converse of it) ...improving reliability of softwares.

                Problem-statement: Who has access to information??

                                    
                understanding of fire-wall's ,proxies ...??  isapi ...understanding apache ...etc

                ability to determine ...who can ...from-where-can ...how can ...information be accessed??

                       ...pre-packaged off the shelf-solutions(applets, remoting, 2tier....3tier architectures) beyond user-credentials

                if a server-side application can retrieve ?? ip-address, mac-address ..?? ...database-queries ??

                GUI/non-gui operating systems ...fine grained control over operating in a networked environments ...nis/ldap centric
                client configurations ...ability to control ...data marshalling.
 
                read through the document 'opportunity_distributed_computing_high_availability_microscopic_macroscopic.txt'
   


Opportunity i:) for both 2/3  architechture's ...for efficient performance one of the key factor's is 

                session handling?? 

                number of spawnable thread's by a daemon ...given that all connection's are on a end-point i.e. a port.

                ...since every client interaction with server is contextual,
                ...chosing right kind of session handling(database,server-side-cache-cookies, http-args ...etc),
                limitations on the number of open-descriptors.

                ability to control some or all of the above factors as configurable parameters, for instance that of the
                open-descriptor's ...as whole to OS level or a micro-scopic process or thread-pool level ....a fine-grained
                control on all tcp/ip related daemons would offer a more appropriate.


Opportunity j:) further to as envisaged in projects.pdf, elsewhere on this uri/url

                when recieving data from a client ...2/3 tier architechtures as can be termed or in vogue,

                avoiding duplicate or multiple data submissions from client??

                eg: ...vulnerabilities of multiple submit from a client ...before a ack can be given to the client??

                  abandon the session.

                to avoid such instance ...wrap all such data uploads in https transactions.
                using primary, unique keys on the database ...also incoprating meta-info recieved as part data-recived into database.
                viz. ip-address/mac etc.

                            
             

                               
 Note: The above problem statement having been encountered in various scenarios
      and detailed in various 'Proof of concepts' as mentioned in 
      
       http://uk.geocities.com/ravivenkatus/projects.pdf
       http://ravishankarkv.tripod.com/projects.pdf
        ....apply appropriate
      'use-case' modeling, rationalize and arrive at a workable and feasible 
       solution both commercially and techinically viable.


   
   