Skip to main content

Home/ SoftwareEngineering/ Group items tagged association

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Managing Project Permissions - JIRA 5.1 - Atlassian Documentation - Confluence - 0 views

confluence.atlassian.com/...Managing+Project+Permissions

security authorization Project Permission PermissionScheme example Jira

shared by kuni katsuya on 01 Sep 12 - No Cached
  • Project permissions can be granted to:
  • Individual usersGroupsProject rolesIssue roles such as 'Reporter', 'Project Lead' and 'Current Assignee''Anyone' (e.g. to allow anonymous access)A (multi-)user picker custom field.A (multi-)group picker custom field. This can either be an actual group picker custom field, or a (multi-)select-list whose values are group names.
  • Many other permissions are dependent on this permission
    • kuni katsuya
      kuni katsuya on 01 Sep 12
       
      example of dependencies *between* permissions. eg, in this case, work-on-issues permission 'needs' browse-projects permission could be expressed as a permission hierarchy where if work-on-issues permission is granted, means/implies that user already has browse-projects permission (w-o-i perm 'subsumes' b-p perm) might imply permission hierarchy
  • ...8 more annotations...
  • Permission Schemes
  • A permission scheme is a set of
  • user/group/role
  • assignments for the project permissions
  • Every project has a permission scheme
  • One permission scheme can be associated with multiple projects
  • Permission schemes prevent having to set up permissions individually for every project
  • it can be applied to all projects that have the same type of access requirements
kuni katsuya

UML Class Diagrams - structure diagrams which show architecture of the designed system ... - 0 views

www.uml-diagrams.org/class-diagrams.html

UML ClassDiagram

shared by kuni katsuya on 03 Sep 12 - No Cached
  • «Boundary»
  • Boundary is a stereotyped class or object that represents some system boundary
  • «Control»
  • ...31 more annotations...
  • Control is a stereotyped class or object that is used to model flow of control or some coordination in behavior
  • usually describe some "business logic"
  • «Entity»
  • Entity is a stereotyped class or object that represents some information or data, usually but not necessarily persistent.
  • Features of a class are
  • attributes
  • operations
  • Static features are underlined
  • «Boundary»
  • «Boundary»
  • «Control»
  • «Entity»
  • «Control»
  • Interface
  • An interface is a classifier that declares of a set of coherent public features and obligations
  • specifies a contract.
  • Data Type
  • A data type is a classifier - similar to a class - whose instances are
  • identified only by their value
  • typical use of data types would be to represent value types
  • «dataType»
  • Enumeration
  • An enumeration is a data type whose values are enumerated in the model as user-defined enumeration literals.
  • «enumeration».
  • Multiplicity
  • Multiplicity allows to specify cardinality (allowed number of instances) of described element
  • Visibility
  • UML has the following types of visibility: public package protected private
  • Package visibility is represented by '~' literal.
  • Protected visibility is represented by '#' literal.
  • Private visibility is represented by '-' literal.
kuni katsuya

Overview of Interceptors - The Java EE 6 Tutorial - 0 views

docs.oracle.com/...gkigq.html

javaee6 interceptors tutorial overview

shared by kuni katsuya on 16 May 12 - No Cached
  • Overview of Interceptors
  • allow developers to invoke interceptor methods in conjunction with method invocations or lifecycle events on an associated target class
  • logging, auditing, or profiling
  • ...7 more annotations...
  • Interceptor classes and methods are defined using metadata annotations, or in the deployment descriptor of the application containing the interceptors and target classes
  • Interceptor Metadata Annotations
  • AroundInvoke
  • AroundTimeout
  • PostConstruct
  • PreDestroy
  • Interceptor classes must have a public, no-argument constructor
kuni katsuya

Chapter 9. Integration with Seam 2.2 - 0 views

www.graniteds.org/...graniteds.seam2.html

graniteds seam2 integration

shared by kuni katsuya on 15 May 12 - No Cached
  • Integration with Seam 2.2
  • GraniteDS provides out-of-the-box integration with Seam 2.2 via either the RemoteObject API or the Tide API to remotely call Seam components, and fully supports serialization of JPA entities from and to your Flex application, taking care of lazily loaded associations
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
‹ Previous 21 - 25 of 25
Showing 20 items per page