Stata
web services: Toward
healthcare informatics applications integrated
in a service
-
oriented architecture (SOA)
in a service
-
oriented architecture (SOA)
Alexander Zlotnik
Technical University of Madrid, ETSIT, DIE
Ramon y Cajal University Hospital
Modesto Escobar
Universidad de Salamanca
Ascensión Gallardo-Antolín
UC3M, Department of Signals and Systems, Madrid
Stata is a registered trademark of StataCorp LP, College Station, TX, USA.
UC3M, Department of Signals and Systems, Madrid
Juan Manuel Montero Martí
nez
Technical University of Madrid, ETSIT, DIE
web services: Toward
Stata-based
healthcare informatics applications integrated
oriented architecture (SOA)
oriented architecture (SOA)
Technical University of Madrid, ETSIT, DIE
UC3M, Department of Signals and Systems, Madrid
UC3M, Department of Signals and Systems, Madrid
nez
Technical University of Madrid, ETSIT, DIE
Why?
User-
contributed
ssc install <program>
findit <program>
(runs both search
and
net from
http://www.website.com/
net from
http://www.website.com/
manually copy program files to
C:\ado\plus\<subdir>
\
contributed
programs
and
net search)
http://www.website.com/
http://www.website.com/
manually copy program files to
\
Sometimes
Sometimes
not enough
Sometimes
this is
Sometimes
this is
not enough
Sometimes
your
… requires
complex interactions
external software packages
external software packages
(ex: WinBUGS
, MATLAB, Maxima,
… uses
proprietary data sources
(ex: real
-
time currency exchange rates)
(ex: real
-
time currency exchange rates)
… uses
proprietary source code
your
program…
complex interactions
with
external software packages
external software packages
, MATLAB, Maxima,
AnyLogic)
proprietary data sources
time currency exchange rates)
time currency exchange rates)
proprietary source code
Sometimes
your
… does not have the
version of
program requires (
ex: it may require v14 and
program requires (
ex: it may require v14 and
they may only have v12
… does not have
Stata
common in some fields
common in some fields
… does not
have a PC, but may have a
smartphone
with a web browser
(ex:
developing countries
your
users…
version of
Stata your
ex: it may require v14 and
ex: it may require v14 and
they may only have v12
)
Stata
at all (Stata is not very
common in some fields
)
common in some fields
)
have a PC, but may have a
with a web browser
developing countries
)
What if…?
Your program
Private
data sources
Stata
/ Mata
External
programs
Stata
/ Mata
Your server
What if…?
Your program
Stata
/ Mata
Private
data sources
External
programs
Stata
/ Mata
Your server
Web interface
Access from
any device
What if…?
Your program
Stata
/ Mata
Private
data sources
External
programs
Stata
/ Mata
Web interface
Access from
any device
Security: client isolation
Sometimes
your
… requires
complex interactions
external software packages
external software packages
(ex: WinBUGS
, MATLAB, Maxima,
… uses
proprietary data sources
(ex: real
-
time currency exchange rates)
(ex: real
-
time currency exchange rates)
… uses
proprietary source code
your
program…
complex interactions
with
external software packages
external software packages
, MATLAB, Maxima,
AnyLogic)
proprietary data sources
time currency exchange rates)
time currency exchange rates)
proprietary source code
What if…?
Private
data sources
Your program
Stata
/ Mata
External
programs
Stata
/ Mata
Web service
XML
XML
What if…?
Web service
XML
Desktop
applications
Web
applications
XML
Mobile
applications
WSDL
SOAP
native iOS apps
native Android apps
Service-
oriented architecture
Web service
XML
Enterprise
Service Bus
XML
WSDL
SOAP
oriented architecture
Other
web services
How?
How?
Option 1:
Translate
Stata
Your program
Translate
Stata
a general-
purpose programming language
in web applications.
Ex: Java, C / C++, C#,
Ruby, etc
Stata
/ Mata program into
Stata
/ Mata program into
purpose programming language
used
in web applications.
Ex: Java, C / C++, C#,
ASP.net + VB.net, Python,
How?
Option 1:
Translate
Stata
Your program
Translate
Stata
a general-
purpose programming language
in web applications.
Ex: Java, C / C++, C#,
Ruby, etc
- Few
numerical libraries
-
May
not
have the same functions
-
May
not
have the same functions
-
Functions may
in the
same way
--
subtle errors
--
numerical precision issues
--
performance issues
Stata
/ Mata program into
Stata
/ Mata program into
purpose programming language
used
in web applications.
Ex: Java, C / C++, C#,
ASP.net + VB.net, Python,
numerical libraries
have the same functions
have the same functions
Functions may
not be implemented
same way
subtle errors
numerical precision issues
performance issues
How?
Option 2:
Translate
Stata
Your program
Translate
Stata
R & RShiny
Application
Stata
/ Mata program into
Stata
/ Mata program into
or SAS Stored Process Web
How?
Option 2:
Translate
Stata
Your program
Translate
Stata
R & RShiny
Application
-
Still requires a
in most cases
-
Again, functions may
-
Again, functions may
in the
same way
- RShiny
is a nice alternative but the free
version only supports
Stata
/ Mata program into
Stata
/ Mata program into
or SAS Stored Process Web
Still requires a
laborious translation
in most cases
Again, functions may
not
be implemented
Again, functions may
not
be implemented
same way
is a nice alternative but the free
version only supports
one concurrent session
How?
Option 3:
Use a slightly modified version of your
Your program
Use a slightly modified version of your
existing
Stata
Stata is a registered trademark of StataCorp LP, College Station, TX, USA,
and the Stata logo is used with the permission of StataCorp.
Use a slightly modified version of your
Use a slightly modified version of your
Stata
program in a web application.
How?
Option 3:
Use a slightly modified version of your
Your program
Use a slightly modified version of your
existing
Stata
--
In this presentation, we will see how to build a
web application/web service
program
, with
Stata/IC,
Stata
--
Very similar techniques can be used with
Numerics
for
Stata is a registered trademark of StataCorp LP, College Station, TX, USA,
and the Stata logo is used with the permission of StataCorp.
Use a slightly modified version of your
Use a slightly modified version of your
Stata
program in a web application.
In this presentation, we will see how to build a
web application/web service
using your Stata
, with
minimal modifications based on
Stata
/SE or Stata/MP.
Very similar techniques can be used with
for
Stata.
Technologies
Program core: Stata
+ Mata
Web application language:
Web server: Apache
Operating system:
Windows
+ Mata
Web application language:
PHP
Windows
Technologies
Program core: Stata
+ Mata
Web application language:
Web server: Apache
Operating system:
Windows
Well-known
Easy to use
+ Mata
Web application language:
PHP
Windows
Technologies
Program core: Stata
+ Mata
Web application language:
Web server: Apache
Operating system:
Windows
Well-known
Easy to use
+ Mata
Web application language:
PHP
Open source
Windows
Web application language
PHP implementation
example
Other
languages may also be used:
- Java (servlets, JSPs)
- Python
-
ASP /
ASP.net
+ C# /
VB.net
-
ASP /
ASP.net
+ C# /
VB.net
-
C/C++, Perl (CGI interface)
-et cetera
Web application language
example
languages may also be used:
VB.net
VB.net
C/C++, Perl (CGI interface)
Web server
Apache
implementation
Other
web servers, application containers and
application servers may also be used:
- Tomcat
-
JBoss
-
JBoss
- Oracle WebLogic
- IBM WebSphere
- Magic xpa
-et cetera
implementation
example
web servers, application containers and
application servers may also be used:
Operating system
It should be possible to do this on
operating system
that supports
operating system
that supports
(i.e. Windows, Unix/Linux, Mac OS X).
Operating system
It should be possible to do this on
any
that supports
Stata
that supports
Stata
(i.e. Windows, Unix/Linux, Mac OS X).
General idea
Web interface
(HTML / JS)
Web application
(PHP / Java /
ASP.net + C# / etc…)
Web server /
Application server
Operating system
Program written in
Stata / Mata
Stata IC / SE / MP
Operating system
Calling Stata
Web interface
(HTML / JS)
Web application
(PHP / Java /
ASP.net + C# / etc…)
Web server /
Application server
Operating system
Stata
command(s)
Program written in
Stata / Mata
Stata IC / SE / MP
Operating system
command(s)
Getting a response from
Web interface
(HTML / JS)
Web application
(PHP / Java /
ASP.net + C# / etc…)
text files
images
data files
log files
Web server /
Application server
Operating system
Getting a response from
Stata
Program written in
Stata / Mata
text files
images
data files
log files
Stata IC / SE / MP
Operating system
Simplified example
Simplified example
Web interface
(HTML / JS)
Calling Stata
Web application
(PHP / Java /
ASP.net + C# / etc…)
Web server /
Application server
Operating system
Stata
command(s)
Program written in
Stata / Mata
Stata IC / SE / MP
Operating system
command(s)
Calling Stata
Calling Stata
<html>
<head> Web interface </head>
<head> Web interface </head>
<body>
<form action=“
call_stata.php
Stata command(s):<br><br>
<textarea name="
stata_commands
<input type="submit"
value="Send command
(s)
</form>
</body>
</html>
<head> Web interface </head>
<head> Web interface </head>
call_stata.php
" method="post">
Stata command(s):<br><br>
stata_commands
" ><br><br>
(s)
to Stata" >
Calling Stata
Web interface
(HTML / JS)
Web application
(PHP / Java /
ASP.net + C# / etc…)
Web server /
Application server
Operating system
Stata
command(s)
Program written in
Stata / Mata
Stata IC / SE / MP
Operating system
command(s)
Calling Stata
call_stata.php
call_stata.phpcall_stata.php
call_stata.php
<?php
<?php<?php
<?php
...
......
...
$stata_commands
= $_POST[“
write_stata_do_file(
$stata_commands
execute_stata_do_file();
...
......
...
>
>>
>
= $_POST[“
stata_commands”];
$stata_commands
);
Calling Stata
Our web application will execute:
<
<<
<path_to_Stata
path_to_Statapath_to_Stata
path_to_Stata>/
>/>/
>/
Stata.exe
Stata.exeStata.exe
Stata.exe
(
Stata
User’s Guide, section [
(
Stata
User’s Guide, section [
Stata.exe
Stata.exeStata.exe
Stata.exe
/q /e do “
/q /e do “/q /e do “
/q /e do “commands.do
commands.docommands.do
commands.do”
””
”
User’s Guide, section [
B.5
])
User’s Guide, section [
B.5
])
Calling Stata
Our web application will execute:
<
<<
<path_to_Stata
path_to_Statapath_to_Stata
path_to_Stata>/
>/>/
>/
Stata.exe
Stata.exeStata.exe
Stata.exe
We’ll previously write our commands
Stata.exe
Stata.exeStata.exe
Stata.exe
/q /e do “
/q /e do “/q /e do “
/q /e do “commands.do
commands.docommands.do
commands.do”
””
”
We’ll previously write our commands
here
$stata_commands
Calling Stata
Our web application will execute:
<
<<
<path_to_Stata
path_to_Statapath_to_Stata
path_to_Stata>/
>/>/
>/
Stata.exe
Stata.exeStata.exe
Stata.exe
cd
cdcd
cd
<
<<
<
path_to_temp_folder
path_to_temp_folderpath_to_temp_folder
path_to_temp_folder
>
>>
>
We’ll previously write our commands
Example:
cd
cdcd
cd
<
<<
<
path_to_temp_folder
path_to_temp_folderpath_to_temp_folder
path_to_temp_folder
>
>>
>
sysuse
sysusesysuse
sysuse auto
autoauto
auto
histogram price
histogram pricehistogram price
histogram price
Stata.exe
Stata.exeStata.exe
Stata.exe
/q /e do “
/q /e do “/q /e do “
/q /e do “commands.do
commands.docommands.do
commands.do”
””
”
We’ll previously write our commands
here
$stata_commands
Calling Stata
Web interface
(HTML / JS)
Web application
(PHP / Java /
ASP.net + C# / etc…)
Web server /
Application server
Operating system
Stata
command(s)
Program written in
Stata / Mata
Stata IC / SE / MP
Operating system
command(s)
Calling Stata
Problem:
modern versions of
work if called directly from a web server
work if called directly from a web server
(SYSTEM user).
stata.exe /e /q …
Web application
PHP: shell_exec()
modern versions of
Stata will not
work if called directly from a web server
work if called directly from a web server
Stata IC / SE / MP
Calling Stata
Problem:
modern versions of
work if called directly from a web server
work if called directly from a web server
(SYSTEM user).
Solution:
wrapper + user impersonation
Wrapper library
stata.exe /e /q …
Web application
PHP: shell_exec()
modern versions of
Stata will not
work if called directly from a web server
work if called directly from a web server
wrapper + user impersonation
Stata IC / SE / MP
Getting a response from
Web interface
(HTML / JS)
Web application
(PHP / Java /
ASP.net + C# / etc…)
text files
images
data files
log files
Web server /
Application server
Operating system
Getting a response from
Stata
Program written in
Stata / Mata
text files
images
data files
log files
Stata IC / SE / MP
Operating system
Getting a response from
Our web application will execute:
cd
cdcd
cd
<
<<
<
path_to_
path_to_path_to_
path_to_
web
webweb
web
_folder
_folder_folder
_folder
>/
>/>/
>/
img
imgimg
img
<
<<
<path_to_Stata
path_to_Statapath_to_Stata
path_to_Stata>/
>/>/
>/
Stata.exe
Stata.exeStata.exe
Stata.exe
We’ll previously write our commands
Example:
cd
cdcd
cd
<
<<
<
path_to_
path_to_path_to_
path_to_
web
webweb
web
_folder
_folder_folder
_folder
>/
>/>/
>/
img
imgimg
img
sysuse
sysusesysuse
sysuse auto
autoauto
auto
histogram price, normal saving(graph01, replace)
histogram price, normal saving(graph01, replace)histogram price, normal saving(graph01, replace)
histogram price, normal saving(graph01, replace)
graph export graph01.png, replace
graph export graph01.png, replacegraph export graph01.png, replace
graph export graph01.png, replace
Now our web application will be able to display
<
<<
<path_to_
path_to_path_to_
path_to_web
webweb
web_folder
_folder_folder
_folder>/img/
>/img/>/img/
>/img/
graph01.png
graph01.pnggraph01.png
graph01.png
Getting a response from
Stata
img
imgimg
img
/
//
/
Stata.exe
Stata.exeStata.exe
Stata.exe
/q /e do “
/q /e do “/q /e do “
/q /e do “commands.do
commands.docommands.do
commands.do”
””
”
We’ll previously write our commands
here
img
imgimg
img
/
//
/
histogram price, normal saving(graph01, replace)
histogram price, normal saving(graph01, replace)histogram price, normal saving(graph01, replace)
histogram price, normal saving(graph01, replace)
graph export graph01.png, replace
graph export graph01.png, replacegraph export graph01.png, replace
graph export graph01.png, replace
Now our web application will be able to display
graph01.png
graph01.pnggraph01.png
graph01.png
Getting a response from
call_stata.php
call_stata.phpcall_stata.php
call_stata.php
<?php
<?php<?php
<?php
...
......
...
$stata_commands
= $_POST[“
write_stata_do_file
($stata_commands);
execute_stata_do_file();
display_results
display_resultsdisplay_results
display_results
(); //display graph01.
(); //display graph01.(); //display graph01.
(); //display graph01.
...
......
...
?>
?>?>
?>
Getting a response from
Stata
= $_POST[“
stata_commands”];
($stata_commands);
(); //display graph01.
(); //display graph01.(); //display graph01.
(); //display graph01.
png
pngpng
png
Getting a response from
call_stata.php
call_stata.phpcall_stata.php
call_stata.php
<?
<?<?
<?php
phpphp
php
...
......
...
function display_results
() {
echo “<html>”;
echo “ <head>Result</
head
echo “ <body>”;
echo “ <img src=img/
graph01.png
graph01.pnggraph01.png
graph01.png
echo “ </body>”;
echo “</html>”;
}
...
......
...
?>
Getting a response from
Stata
() {
head
>”;
>”;
graph01.png
graph01.pnggraph01.png
graph01.png
>”;
Getting a response from
Getting a response from
Stata
Basic security
SQL injection attack:
'; DROP TABLE users;
Basic security
Prevent “Stata
injection”
--
Limited, sanitized inputs,
Ideally, no free text
fields on the web interface
-
-
Avoid or restrict
shell(),
-
-
Avoid or restrict
shell(),
in your Stata program
injection”
attacks:
Limited, sanitized inputs,
fields on the web interface
shell(),
xshell
(),
winexec
()
shell(),
xshell
(),
winexec
()
Basic security
Bad practice Better practice
Basic security
Prevent “Stata
injection”
--
Limited, sanitized inputs,
Ideally, no free text
fields on the web interface
-
-
Avoid or restrict
shell(),
-
-
Avoid or restrict
shell(),
in your Stata program
injection”
attacks:
Limited, sanitized inputs,
fields on the web interface
shell(),
xshell
(),
winexec
()
shell(),
xshell
(),
winexec
()
Basic security
Bad practice Better practice
Basic security
Bad practice
It’s even better to avoid
dynamic shell() commands
if
Stata
is executed
Better practice
if
Stata
is executed
through a web interface
Implementation
Implementation
examples
Implementation
Implementation
Web interface for
Studying coincidences with network analysis
and other multivariate tools
and other multivariate tools
Modesto Escobar. Stata
Journal. 2015 (
Web interface for
–coin–
Studying coincidences with network analysis
and other multivariate tools
and other multivariate tools
Journal. 2015 (
in press)
Web interface for
A general-purpose
nomogram
predictive logistic regression models
predictive logistic regression models
Zlotnik A, Abraira V. Stata
Journal. 2015. Volume 15, Number 2
URL:
http://www.zlotnik.net/stata/nomograms
Web interface for
–nomolog–
nomogram
generator for
predictive logistic regression models
predictive logistic regression models
Journal. 2015. Volume 15, Number 2
http://www.zlotnik.net/stata/nomograms
In the web implementation, we must add a tab for loading the
dataset and executing the logistic regression command.
In the web implementation, we must add a tab for loading the
dataset and executing the logistic regression command.
Questions?
Questions?
Credits
Special thanks to all the people who made and released
these
design resources
for free:
these
design resources
for free:
◎
Presentation template by
◎Photographs by Unsplash
(license)
Special thanks to all the people who made and released
for free:
for free:
Presentation template by
SlidesCarnival
& Death to the Stock Photo
