Skip to main content

Home/ SoftwareEngineering/ Group items tagged databases

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

JBoss AS7 Deployment Plugin - Deploy/Undeploy Examples - 0 views

docs.jboss.org/...deployment-example.html

jbossas7 maven plugin deployment examples

shared by kuni katsuya on 20 Jul 12 - No Cached
  • Deploying your application
  • plugin goals deploy, undeploy, and redeploy
  • <plugin> <groupId>org.jboss.as.plugins</groupId> <artifactId>jboss-as-maven-plugin</artifactId> <version>7.1.1.Final</version> </plugin>
  • ...15 more annotations...
  • file listed under the filename parameter can be deployed to the server using the deploy goal
  • deploy
  • redeploy
  • undeploy
  • <phase>install</phase>
  • <goal>deploy</goal>
  • Deploying other artifacts
  • possible to deploy other artifacts that are not related to your deployment, e.g. database drivers:
  • <phase>install</phase>
  • <goal>deploy-artifact</goal>
  • <configuration> <groupId>postgresql</groupId> <artifactId>postgresql</artifactId> <name>postgresql.jar</name> </configuration>
  • artifact must be already listed as a dependency in the projects pom.xml.
  • Deploying your application in domain mode.
  • add the domain tag as well as specify at least one server group.
  • <domain> <server-groups> <server-group>main-server-group</server-group> </server-groups> </domain>
kuni katsuya

Dependency Injection in Java EE 6 (Part 6) - 0 views

www.theserverside.com/...-Injection-in-Java-EE-6-Part-6

injection tutorial javaee6 CDI examples

shared by kuni katsuya on 30 Jul 12 - No Cached
  • one of the most important value propositions for frameworks like Spring has been the ability to easily extend the framework or integrate third-party solutions
  • SPI allows you to register your own beans, custom scopes, stereotypes, interceptors and decorators with CDI even if is it not included in the automatic scanning process (such as perhaps registering Spring beans as CDI beans), programmatically looking up CDI beans and injecting them into your own objects (such as injecting CDI beans into Spring beans) and adding/overriding annotation-metadata from other sources (such as from a database or property file)
  • SPI can be segmented into three parts. Interfaces like Bean, Interceptor and Decorator model container meta-data (there are a few other meta-data interfaces such as ObserverMethod, Producer, InjectionTarget, InjectionPoint, AnnotatedType, AnnotatedMethod, etc). Each meta-data object encapsulates everything that the CDI container needs to know about the meta-data type
kuni katsuya

Application Security With Apache Shiro - 0 views

www.infoq.com/...apache-shiro

security ApacheShiro

shared by kuni katsuya on 08 Aug 12 - No Cached
  • previously known as the JSecurity project
  • The word Subject is a security term that basically means "the currently executing user"
  • Core Concepts: Subject, SecurityManager, and Realms
  • ...12 more annotations...
  • Subject
  • 'Subject' can mean a human being, but also a 3rd party process, daemon account, or anything similar. It simply means 'the thing that is currently interacting with the software'
  • Subject currentUser = SecurityUtils.getSubject();
  • SecurityManager
  • SecurityManager manages security operations for all users
  • Realms
  • Realm acts as the ‘bridge’ or ‘connector’ between Shiro and your application’s security data. That is, when it comes time to actually interact with security-related data like user accounts to perform authentication (login) and authorization (access control), Shiro looks up many of these things from one or more Realms configured for an application.
  • Realm is essentially a security-specific DAO
  • Shiro provides out-of-the-box Realms to connect to a number of security data sources (aka directories) such as LDAP, relational databases (JDBC), text configuration sources like INI and properties files, and more
  • Authorization
  • A permission is a raw statement of functionality, for example ‘open a door’, ‘create a blog entry’, ‘delete the ‘jsmith’ user’, etc. By having permissions reflect your application’s raw functionality, you only need to change permission checks when you change your application’s functionality. In turn, you can assign permissions to roles or to users as necessary at runtime.
  • “Run As” support for assuming the identity of another Subject
kuni katsuya

Security Module Drafts - Apache DeltaSpike - Apache Software Foundation - 0 views

cwiki.apache.org/...Security+Module+Drafts

ApacheDeltaSpike

shared by kuni katsuya on 16 Aug 12 - No Cached
  • Authorization
  • Impersonalization
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      impersonation
  • authenticates “as a user” or access application imitating his identity - without knowing his password
  • ...36 more annotations...
  • elements of the user interface are displayed to the user based on the user's privilege level
  • assign permissions to individual objects within the application’s business domain
    • kuni katsuya
      kuni katsuya on 16 Aug 12
       
      individual objects == instances
  • Permissions
  • Permissions assigned to user for a given resource in the tree are inherited by other resources
  • Permissions are inherited
  • persist user, group and role information in database. JPA implementation is his dream
  • Security Module Drafts
  • Identity
  • interface Identity
  • login()
  • logout()
  • getUser()
  • Events LoggedInEvent LoginFailedEvent AlreadyLoggedInEvent PreLoggedOutEvent PostLoggedOutEvent PreAuthenticateEvent PostAuthenticateEvent
  • Object level permission
  • Grant or revoke permissions
  • Group management
  • User/Identity management
  • identity.hasRole
  • identity.hasPermission
  • Permissions model
  • Identity Management (IDM)
  • User, Group and Role
  • Events
  • hooks for common IDM or Security operations
  • Audit and logging for permission and IDM related changes
  • Event API.
  • Impersonalization
  • Impersonalization
  • control which elements of the user interface are displayed to the user based on their assigned permissions
  • ask for permission
  • without need to obtain object from DB
  • String resourceId
  • structure of resources
  • more advanced security resolution mechanisms
  • Rules based engine
  • external services - XACML
kuni katsuya

Interview of GraniteDS founders | RIAgora - 0 views

www.riagora.com/...nterview-of-graniteds-founders

graniteds blazeds comparison interview

shared by kuni katsuya on 06 Jun 12 - No Cached
  • explained the origin of GraniteDS and the differences with LiveCycle Data Services
  • ActionScript3 reflection API
  • GraniteDS 2.2
  • ...8 more annotations...
  • JSR-303 (“Bean Validation”) ActionScript3 framework for form validation
  • validation framework is a specific adaptation of the JSR-303 (Bean Validation) specification to Flex: like its Java counterpart, it relies on validation annotations placed on bean properties and provides an engine API that lets you validate your forms without writing by hand a specific validator for each of your input fields
  • code generation tools provided by GraniteDS so that when you write your Java entity bean with validation annotations, they are automatically replicated in your ActionScript3 beans
  • problem with LCDS is mainly that it promotes a strict “client / server” architecture, with – roughly speaking – a heavy Flex client application connected to a server almost reduced to a database frontend
  • big majority of  these organizations use BlazeDS, a free and open-source subset of LCDS
  • need more advanced mechanisms than just Remoting start looking for open-source libraries to enable deeper integrations with the Java business layer, and GraniteDS is for sure the most popular project
  • “Flex Data Services” (now renamed to “Live Cycle Data Services”)
  • Flex Data Services seemed too “client-centric”
kuni katsuya

NetBeansUserFAQ - NetBeans Wiki - 0 views

wiki.netbeans.org/NetBeansUserFAQ

netbeans faq

shared by kuni katsuya on 15 Jun 12 - Cached
kuni katsuya

Session Management Cheat Sheet - OWASP - 0 views

www.owasp.org/...Session_Management_Cheat_Sheet

OWASP BestPractices CheatSheet SessionManagement

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Session Management Cheat Sheet
  • should not be extremely descriptive nor offer unnecessary details
  • change the default session ID name of the web development framework to a generic name
  • ...50 more annotations...
  • length must be at least 128 bits (16 bytes)
  • Session ID Length
  • Session ID Name Fingerprinting
  • Session ID Properties
  • Session ID Entropy
  • must be unpredictable (random enough) to prevent guessing attacks
  • good PRNG (Pseudo Random Number Generator) must be used
  • must provide at least 64 bits of entropy
  • Session ID Content (or Value)
  • content (or value) must be meaningless
  • identifier on the client side
  • meaning and business or application logic associated to the session ID must be stored on the server side
  • session objects or in a session management database or repository
  • create cryptographically strong session IDs through the usage of cryptographic hash functions such as SHA1 (160 bits).
  • Session Management Implementation
  • defines the exchange mechanism that will be used between the user and the web application to share and continuously exchange the session ID
  • token expiration date and time
  • This is one of the reasons why cookies (RFCs 2109 & 2965 & 6265 [1]) are one of the most extensively used session ID exchange mechanisms, offering advanced capabilities not available in other methods
  • Transport Layer Security
  • use an encrypted HTTPS (SSL/TLS) connection for the entire web session
  • not only for the authentication
  • process where the user credentials are exchanged.
  • “Secure” cookie attribute
  • must be used to ensure the session ID is only exchanged through an encrypted channel
  • never switch a given session from HTTP to HTTPS, or viceversa
  • should not mix encrypted and unencrypted contents (HTML pages, images, CSS, Javascript files, etc) on the same host (or even domain - see the “domain” cookie attribute)
  • should not offer public unencrypted contents and private encrypted contents from the same host
  • www.example.com over HTTP (unencrypted) for the public contents
  • secure.example.com over HTTPS (encrypted) for the private and sensitive contents (where sessions exist)
  • only has port TCP/80 open
  • only has port TCP/443 open
  • “HTTP Strict Transport Security (HSTS)” (previously called STS) to enforce HTTPS connections.
  • Secure Attribute
  • instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection
  • HttpOnly Attribute
  • instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access the cookies via the DOM document.cookie object
  • Domain and Path Attributes
  • instructs web browsers to only send the cookie to the specified domain and all subdomains
  • “Domain” cookie attribute
  • “Path” cookie attribute
  • instructs web browsers to only send the cookie to the specified directory or subdirectories (or paths or resources) within the web application
  • vulnerabilities in www.example.com might allow an attacker to get access to the session IDs from secure.example.com
  • Expire and Max-Age Attributes
  • “Max-Age”
  • “Expires” attributes
  • it will be considered a
  • persistent cookie
  • and will be stored on disk by the web browser based until the expiration time
  • use non-persistent cookies for session management purposes, so that the session ID does not remain on the web client cache for long periods of time, from where an attacker can obtain it.
  • Session ID Life Cycle
kuni katsuya

Logging Cheat Sheet - OWASP - 0 views

www.owasp.org/...Logging_Cheat_Sheet

OWASP logging BestPractices CheatSheet

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Legal and other opt-ins
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      terms & conditions acceptance, license transfers, etc
  • Data changes
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      all changes to domain objects
  • Event attributes
  • ...35 more annotations...
  • Log date and time
  • Event date and time
  • Application identifier
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service type
  • Application address
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. service instance
  • User identity
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      ie. subject
  • Type of event
  • Severity of event
  • Description
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. event message text
  • Action
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. action performed on managed resource (eg. 'update' action on resource 'hotel')
  • original intended purpose of the request
  • Object
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      eg. managed resource being accessed
  • affected component
  • Result status
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      boolean was_successful
  • Reason
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      include in event message text
  • Extended details
  • Data to exclude
  • Access tokens
  • Session identification values
  • Sensitive personal data
  • passwords
  • Database connection strings
  • Encryption keys
  • payment
  • Information a user has opted out of collection
  • Synchronize time across all servers and devices
  • Input validation failures
  • Which events to log
  • proportional to the information security risks
  • Always log:
  • Authentication successes and failures
  • Authorization failures
  • Session management failures
  • Application errors and system events
  • Application and related systems start-ups and shut-downs
  • Use of higher-risk functionality
kuni katsuya

SQL Injection - OWASP - 0 views

www.owasp.org/...SQL_injection

security SqlInjection background overview

shared by kuni katsuya on 21 Sep 12 - No Cached
  • SQL Injection
  • "injection" of a SQL query via the input data from the client to the application
  • exploit can
  • ...18 more annotations...
  • read sensitive data
  • modify database data
  • execute administration operations
  • SQL injection errors occur when:
  • Data enters a program from an
  • untrusted source
  • The data used to
  • dynamically construct a SQL query
  • consequences are:
  • Confidentiality:
  • sensitive data
  • Authentication
  • user names and passwords
  • Authorization
  • change this information
  • Integrity
  • read sensitive information
  • changes or even delete this information
kuni katsuya

MySQL Error Number 1005 Can't create table '.mydb#sql-328_45.frm' (errno: 150) | VerySi... - 0 views

verysimple.com/...le-mydbsql-328_45frm-errno-150

database MySQL ErrorNumber1005 moronic

shared by kuni katsuya on 27 Sep 12 - No Cached
  • MySQL Error Number 1005 Can’t create table
  • (errno: 150)
  • SHOW ENGINE INNODB STATUS
  • ...12 more annotations...
  • Known Causes:
  • First Steps:
  • dreaded errno 150:
  • The two key fields type and/or size is not an exact match
  • One of the key field that you are trying to reference does not have an index and/or is not a primary key
  • One or both of your tables is a MyISAM table
  • You have specified a cascade ON DELETE SET NULL, but the relevant key field is set to NOT NULL
  • Make sure that the Charset and Collate options are the same both at the table level as well as individual field level for the key columns
  • You have a default value (ie default=0) on your foreign key column
  • You have a syntax error in your ALTER statement or you have mistyped one of the field names in the relationship
  • The name of your foreign key exceeds the
  • max length of 64 chars
    • kuni katsuya
      kuni katsuya on 27 Sep 12
       
      64 char max? seriously??? in this century?!
kuni katsuya

MySQL :: Enforcing Foreign Keys Programmatically in MySQL - 0 views

dev.mysql.com/...ql-enforcing-foreign-keys.html

database MySQL foreignkey enforcement triggers

shared by kuni katsuya on 27 Sep 12 - Cached
  • programmatically enforce foreign keys on storage engines which do not natively support them
  • done by the use of triggers
  • Enforcing Foreign Keys Programmatically in MySQL
  • kuni katsuya on 27 Sep 12
     
    "UPDATE myisam_parent SET mparent_id=4 WHERE mparent_id=3; "
« First ‹ Previous 81 - 98 of 98
Showing 20 items per page