Skip to main content

Home/ SoftwareEngineering/ Group items tagged application

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Guide to SQL Injection - OWASP - 0 views

www.owasp.org/...Guide_to_SQL_Injection

security SqlInjection background overview

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Least privilege connections
  • Always use accounts with the
  • minimum privilege necessary
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      yet another reason why shared db logins (eg. etl_update) are a *BAD IDEA* ie. a set of apps using the same db login are effectively granted the 'highest common denominator' of db privileges, so have more access than they should (eg. update/delete privilege on tables unrelated to app)
  • ...9 more annotations...
  • for the application
  • Parameterized Queries with Bound Parameters
  • keep the
  • query
  • d data
  • separate through the use of placeholders known as "bound" parameters
  • how to Review Code for SQL Injection Vulnerabilities.
  • Guide to SQL Injection
  • "injection" of a SQL query via the input data from the client to the application
  • kuni katsuya on 21 Sep 12
     
    "Least privilege connections"
kuni katsuya

java - Flex+JPA/Hibernate+BlazeDS+MySQL how to debug this monster? - Stack Overflow - 0 views

stackoverflow.com/...ysql-how-to-debug-this-monster

graniteds flex blazeds debugging

shared by kuni katsuya on 20 Sep 12 - No Cached
  • Set break points in my Java code Start up the Java application server with the appropriate debug JVM properties set (e.g. -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n) From Eclipse, I attach a remote debugger to the app server on the default port 8000. The Java Debugger will open up when a break point is hit. Set breakpoints in my Flex application (or one of its modules). From Eclipse (with Flash Builder) I launch a debug configuration for my Flex app. The Flex Debugger will open up when a break point is hit. At this point I have two debuggers open and everything work great. Two other things I do: a) extend the transaction system timeout, so it doesn't get trigger while I am sitting there think for a few minutes b) use Charles Proxy (in reverse proxy mode) inbetween the client and server to watch the AMF traffic and view payloads, etc.
  • Flex+JPA/Hibernate+BlazeDS+MySQL how to debug this monster?
kuni katsuya

Chapter 15. Data Management - 1 views

www.graniteds.org/...graniteds.datamanagement.html

graniteds tide DataManagement

shared by kuni katsuya on 23 Apr 13 - No Cached
  •  abstractEntity.uid();
    • kuni katsuya
      kuni katsuya on 23 Apr 13
       
      sets the uid before persist
  •  UUID.randomUUID().toString();
  • AbstractEntity 
  • ...70 more annotations...
  • @MappedSuperclass
  • Important things on ID/UID
  • entity lives in three layers:
  • Flex client
  • JPA persistence context
  • database
  • When updating existing entities coming from the database
  • id is defined and is maintained in the three layers during the different serialization/persistence operations
  • when a new entity is being created in any of the two upper layers (Flex/JPA)
  • new entity has no id until it has been persisted to the database
  • most common solution is to
  • have a second persisted id, the uid
  • which is created by the client and persisted along with the entity
  • recommended approach to avoid any kind of subtle problems is to have a real uid property which will be persisted in the database but is not a primary key for efficiency concerns
  • You can now ask Tide to
  • limit the object graph before sending it
  • Flex with the following API :
  • EntityGraphUnintializer
  • uninitializeEntityGraph
  • Person object will be uninitialized
  • uperson contains
  • only the minimum of data
  • to correctly merge your changes in the server persistence context
  • Tide uses the
  • client data tracking
  • to determine which parts of the graph need to be sent
  • Calling the EntityGraphUninitializer manually is a bit tedious and ugly, so there is a cleaner possibility when you are using generated typesafe service proxies
  • annotate your service method arguments with @org.granite.tide.data.Lazy :
  • @Lazy
  • take care that you have added the [Lazy] annotation to your Flex metadata compilation configuration
  • in the Flex application, register the UninitializeArgumentPreprocessor component in Tide as follows :
  • [UninitializeArgumentPreprocessor]
  • all calls to PersonService.save() will
  • automatically use a properly uninitialized version
  • of the person argument.
  • 15.4. Dirty Checking and Conflict Handling
  • simplify the handling of data between Flex and Java EE
  • Chapter 15. Data Management
  • Tide maintains a client-side cache of entity instances and ensures that every instance is unique in the Flex client context
  •  uid().hashCode();
  • Tide currently only supports Integer or Long version fields, not timestamps and that the field must be nullable
  • in a multi-tier environment (@Version annotation)
  • highly recommended to use
  • JPA optimistic locking
  • highly recommended to add a
  • persistent uid field
  • AbstractEntity
  • in general this identifier will be
  • initialized from Flex
  • @Column(name="ENTITY_UID", unique=true, nullable=false, updatable=false, length=36)     private String uid;
  • @Version     private Integer version;
  • uid().equals(((AbstractEntity)o).uid())
  • consistent identifier through all application layers
  • @PrePersist
  • 15.3. Reverse Lazy Loading
  • 15.4. Dirty Checking and Conflict Handling
  • 15.4. Dirty Checking and Conflict Handling
  • 15.4. Dirty Checking and Conflict Handling
  • Dirty Checking and Conflict Handling
  • entity instance can be in two states :
  • Stable
  • Dirty
  • property meta_dirty is
  • bindable
  • could be used
  • to enable/disable a Save button
  • correct way of knowing if any object has been changed in the context, is to use the property meta_dirty of the Tide context
  • tideContext.meta_dirty
  • reliable when using optimistic locking
  • check that its @Version field has been incremented
kuni katsuya

log4jdbc - JDBC proxy driver for logging SQL and other interesting information. - Googl... - 0 views

code.google.com/log4jdbc

database jdbc logging log4jdbc java

shared by kuni katsuya on 06 Oct 12 - No Cached
  • for prepared statements, the bind arguments are automatically inserted into the SQL output
  • SQL timing information can be generated to help identify how long SQL statements take to run
  • included tool to produce profiling report data for quickly identifying slow SQL in your application
  • ...16 more annotations...
  • SQL connection number information is generated
  • change the driver class name to net.sf.log4jdbc.DriverSpy
  • "jdbc:log4"
  • jdbc.sqlonly
  • jdbc.sqltiming
  • jdbc.audit
  • jdbc.resultset
  • jdbc.connection
  • only SQL
  • the SQL
  • timing statistics
  • ALL JDBC calls
  • very voluminous output
  • all calls to ResultSet objects
  • connection open and close events
  • useful for hunting down connection leak problems
kuni katsuya

Temporary Documentation - 0 views

cwiki.apache.org/...temporary-documentation.html

java javaee6 ApacheDeltaSpike CDI configuration

shared by kuni katsuya on 19 Nov 12 - No Cached
  • Low-level configurations
  • ConfigResolver
  • ConfigResolver.getPropertyValue
  • ...7 more annotations...
  • ConfigSource
  • A ConfigResolver uses all configured implementations of ConfigSource to lookup the property in question.
  • Custom Config-Sources
  • interface ConfigSourceProvider
  • ConfigSource
  • DeltaSpikeConfig (CDI based config)
  • application scoped CDI beans
kuni katsuya

Dependency injection discourages object-oriented programming? @ Blog of Adam Warski - 0 views

www.warski.org/...es-object-oriented-programming

java javaee6 CDI CdiDependencyInjection OO Object-Oriented procedural DI DependencyInjection

shared by kuni katsuya on 12 Dec 12 - No Cached
  • Dependency injection discourages object-oriented programming?
  • if you’re using DI, and you have an X entity, do you have an XService or XManager with lots of method where X is the first argument?
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      evidence of the anti-pattern of procedural design in a java ee6 cdi application
  • previous way is more procedural
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ie. ProductService.ship(Product,Customer)
  • ...12 more annotations...
  • service/manager is a set of procedures you can run, where the execution takes a product and a customer as arguments
  • better
  • OO approach
  • not saying that achieving the above is not possible with a DI framework
  • only that DI
  • encourages the ProductService approach
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      well, dependency injection, but moreover, the soa approach to service design tends to force otherwise intelligent software engineers into doing procedural design the services just end up being bags of method calls that implement any type of behavior, with the domain objects or entity beans being reduced to mere data structures with little responsibility or behavior beyond persistence. (which, in this anti-pattern, is typically mostly provided by the repository or dao class! ie. domain object crud)
  • it’s just easier
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      ... if you just blindly follow the anti-pattern, of course  ;)
  • many benefits
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      with the procedural approach, you also cannot implement polymorphic behavior, for instance
  • builder
  • fluent interface
  • it’s not for small projects
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      fuckwhat? small or big matters not. if di is applied poorly, regardless of project size, it's an anti-pattern! disregard these comments!
  • problems with DI frameworks:
    • kuni katsuya
      kuni katsuya on 12 Dec 12
       
      not sure i agree with these points, but will refuse in a later sticky note
kuni katsuya

Access Tokens and Types - Facebook Developers - 0 views

developers.facebook.com/...access-tokens-and-types

Facebook login authentication AccessToken FacebookAPI

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Access Tokens and Types
  • Access Tokens
  • random string that provides temporary, secure access to Facebook APIs
  • ...27 more annotations...
  • token identifies a User, App or Page session and provides information about granted permissions
  • Types
  • User Access
  • generated in the login flow when a
  • Facebook Pages
  • on behalf of a user
  • use this token to perform API calls
  • Page Access
  • used to
  • manage
  • user grants permissions to an app
  • user who is the
  • App Secret or an App Access token should never be included in any code that could be accessed by anyone other than a developer of the app
  • must grant an extended permission called
  • manage_pages
  • use this type of token to make API calls
  • on behalf of a page
  • unique to each page, admin and app
  • App Access
  • useful to modify app settings, create and manage test users or read App Insights data
  • use app tokens to publish or delete content
  • on behalf of a user
  • unique to each app
  • Security Best Practices
  • extremely important that an App Secret is not compromised
  • Page admin
  • App Access Tokens should only be used directly from your app's servers in order to provide the best security
kuni katsuya

Unquiet Code | Using Generics To Build Fluent API's In Java - 0 views

www.unquietcode.com/...s-to-build-fluent-apis-in-java

Java generics FluentAPI DesignPatterns ApiDesign

shared by kuni katsuya on 27 Mar 13 - No Cached
  • Using Generics To Build Fluent API's In Java
  • extends BaseClass
  • super(ChildClass.class)
  • ...19 more annotations...
  • accomplish the same idea using generics
  • creates a bad sort of dependency where we need to update the base class every time we make a new derived class. Not good!
  • superclass requests information about the child, and the child provides it
  • (CHILD)
  • <CHILD extends BakedGood<CHILD>>
  • CHILD
  • (CHILD)
  • CHILD
  • abstract
  • extends BakedGood<Cake>
  • The type parameter is saying “the Child class must extend Base<Child>”, forcing the Child class to provide its own type to the type system
  • Now that we can return the derived class in our chained method calls we are free to alternately call methods from the base class and the derived class
  • All of the normal polymorphic abilities are retained (you can see that we’ve implemented the abstract bake() method required by BakedGood)
  • .bake()
  • .bake()
  • practical applications of fluent API’s can be found
  • this one
  • best article I was able to find on the topic was
  • here and here
kuni katsuya

Getting Started with JSON-P (The Aquarium) - 0 views

blogs.oracle.com/...getting_started_with_json_p

javaee7 JSON JSON-P JAX-RS

shared by kuni katsuya on 27 Mar 13 - No Cached
  • JSON-P is now in the proposed final draft stage
    • kuni katsuya
      kuni katsuya on 27 Mar 13
       
      now == 2013.03.25
  • Getting Started with JSON-P
  • Mar 25, 2013
  • ...4 more annotations...
  • JSON-P
  • new API being added to Java EE 7
  • Java API for JSON Processing
  • API to enable developers to parse, generate, transform and query JSON, particularly in JAX-RS and WebSocket powered next-generation HTML 5 applications
kuni katsuya

Adobe Marketing Cloud - 0 views

microsite.omniture.com/...index.html

SiteCatalyst Administration documentation bookmarks

shared by kuni katsuya on 26 Feb 13 - No Cached
kuni katsuya

What is Genesis? | Adobe Developer Connection - 0 views

developer.omniture.com/...c-what-is-genesis

shared by kuni katsuya on 23 Jan 13 - No Cached
  • What is Genesis?
  • automates the integration between the Adobe Digital Marketing Suite products and over 60 partner applications that extend the Suite
kuni katsuya

Chapter 2. Mapping Entities - 0 views

docs.jboss.org/...entity.html

JPA @Id @GeneratedValue GenerationType

shared by kuni katsuya on 08 Feb 13 - No Cached
  • 2.2.3. Mapping identifier properties
  • @Id annotation lets you define which property is the identifier of your entity
  • can be set by the application itself
  • ...1 more annotation...
  • or be generated by Hibernate (preferred)
kuni katsuya

Comma-separated values - Wikipedia, the free encyclopedia - 0 views

en.wikipedia.org/...Comma-separated_values

CSV CommaSeparatedValue

shared by kuni katsuya on 20 Feb 13 - Cached
  • Comma-separated values
  • line breaks
  • records
  • ...7 more annotations...
  • Basic rules and examples
  • fields
  • separated by some other character
  • Application support
  • but depending on the system's regional settings, it may expect a semicolon as a separator instead of a comma, since in some languages the comma is used as the decimal separator
  • Microsoft Excel will open .csv files,
  • Also, many regional versions of Excel will not be able to deal with Unicode in CSV
kuni katsuya

How to trace JDBC statements with JBoss AS - jboss datasource - JBoss application serve... - 0 views

www.mastertheboss.com/...-jdbc-statements-with-jboss-as

java jdbc logging jbossas7

shared by kuni katsuya on 07 Nov 12 - No Cached
kuni katsuya

Needle - Effective Unit Testing for Java EE - Overview - 0 views

needle.spree.de/overview

java javaee6 testing

shared by kuni katsuya on 24 Oct 12 - No Cached
  • Test Java EE applications effectively
  • Needle is a lightweight framework for testing Java EE components
  • outside of the container in isolation
  • ...3 more annotations...
  • reduces the test setup code by
  • analysing dependencies
  • automatic injection of mock objects
kuni katsuya

Chapter 2. Mapping Entities - 0 views

docs.jboss.org/...entity.html

jpa CompositePrimaryKey @EmbeddedId @Id @IdClass @OneToOne @ManyToOne

shared by kuni katsuya on 24 Oct 12 - No Cached
  • Composite identifier
  • You can define a composite primary key through several syntaxes:
  • @EmbeddedId
  • ...66 more annotations...
  • map multiple properties as @Id properties
  • annotated the property as
  • map multiple properties as @Id properties and declare an external class to be the identifier type
  • declared on the entity via the @IdClass annotation
  • The identifier type must contain the same properties as the identifier properties of the entity: each property name must be the same, its type must be the same as well if the entity property is of a
  • basic type
  • last case is far from obvious
  • recommend you not to use it (for simplicity sake)
  • @EmbeddedId property
  • @EmbeddedId
  • @Embeddable
  • @EmbeddedId
  • @Embeddable
  • @Embeddable
  • @EmbeddedId
  • Multiple @Id properties
  • arguably more natural, approach
  • place @Id on multiple properties of my entity
  • only supported by Hibernate
  • does not require an extra embeddable component.
  • @IdClass
  • @IdClass on an entity points to the class (component) representing the identifier of the class
  • WarningThis approach is inherited from the EJB 2 days and we recommend against its use. But, after all it's your application and Hibernate supports it.
  • Mapping entity associations/relationships
  • One-to-one
  • three cases for one-to-one associations:
  • associated entities share the same primary keys values
  • foreign key is held by one of the entities (note that this FK column in the database should be constrained unique to simulate one-to-one multiplicity)
  • association table is used to store the link between the 2 entities (a unique constraint has to be defined on each fk to ensure the one to one multiplicity)
  • @PrimaryKeyJoinColumn
  • shared primary keys:
  • explicit foreign key column:
  • @JoinColumn(name="passport_fk")
  • foreign key column named passport_fk in the Customer table
  • may be bidirectional
  • owner is responsible for the association column(s) update
  • In a bidirectional relationship, one of the sides (and only one) has to be the owner
  • To declare a side as
  • not responsible for the relationship
  • the attribute
  • mappedBy
  • is used
  • mappedBy
  •  Indexed collections (List, Map)
  • Lists can be mapped in two different ways:
  • as ordered lists
  • as indexed lists
  • @OrderBy("number")
  • List<Order>
  • List<Order>
  • List<Order> 
  • To use one of the target entity property as a key of the map, use
  • @MapKey(name="myProperty")
  •  @MapKey(name"number")
  • Map<String,Order>
  • String number
    • kuni katsuya
      kuni katsuya on 24 Oct 12
       
      map key used in Customer.orders
  • @MapKeyJoinColumn/@MapKeyJoinColumns
  • if the map key type is another entity
  • @ManyToAny
  • 2.4.5.2. @Any
  • @Any annotation defines a polymorphic association to classes from multiple tables
  • this is most certainly not meant as the usual way of mapping (polymorphic) associations.
  • @ManyToAny allows polymorphic associations to classes from multiple tables
  • first column holds the type of the associated entity
  • remaining columns hold the identifier
  • not meant as the usual way of mapping (polymorphic) associations
kuni katsuya

Snowdrop | Spring Extensions for JBoss AS - JBoss Community - 0 views

www.jboss.org/snowdrop

jboss spring integration

shared by kuni katsuya on 10 May 12 - No Cached
  • Snowdrop
  • Snowdrop provides:
  • JBoss AS-specific components for deploying and running Spring applications (the Spring Deployer)
« First ‹ Previous 81 - 100 of 155 Next › Last »
Showing 20 items per page