Skip to main content

Home/ SoftwareEngineering/ Group items tagged recovery

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

JBoss Developer Framework - 0 views

www.jboss.org/...get-started

javaee6 examples

shared by kuni katsuya on 24 Jul 12 - No Cached
  • jta-crash-rec Crash Recovery, JTA Uses Java Transaction API and JBoss Transactions to demonstrate recovery of a crashed transaction
  • jts-distributed-crash-rec JTS Demonstrates recovery of distributed crashed components
  • cdi-injection CDI Demonstrates the use of CDI 1.0 Injection and Qualifiers with JSF as the front-end client.
  • ...13 more annotations...
  • bean-validation JPA, Bean Validation Shows how to use Arquillian to test Bean Validation
  • ejb-security Security, EJB Shows how to use Java EE Declarative Security to Control Access to EJB 3
  • payment-cdi-event CDI Demonstrates how to use CDI 1.0 Events
  • richfaces-validation RichFaces Demonstrates RichFaces and bean validation
  • ejb-in-war JSF, WAR, EJB Packages an EJB JAR in a WAR
  • greeter EJB, JPA, JSF, JTA, CDI Demonstrates the use of CDI 1.0, JPA 2.0, JTA 1.1, EJB 3.1 and JSF 2.0
  • helloworld-mdb EJB, MDB, JMS Demonstrates the use of JMS 1.1 and EJB 3.1 Message-Driven Bean
  • helloworld-rs JAX-RS, CDI Demonstrates the use of CDI 1.0 and JAX-RS
  • kitchensink BV, EJB, JAX-RS, JPA, JPA, JSF, CDI
  • servlet-async CDI, EJB, Servlet Demonstrates CDI, plus asynchronous Servlets and EJBs
  • servlet-security Security, Servlet Demonstrates how to use Java EE declarative security to control access to Servlet 3
  • shopping-cart EJB Demonstrates a stateful session bean
  • tasks Arquillian, JPA Demonstrates testing JPA using Arquillian
kuni katsuya

Authentication Cheat Sheet - OWASP - 0 views

www.owasp.org/...Authentication_Cheat_Sheet

security authentication CheatSheet

shared by kuni katsuya on 09 Aug 12 - No Cached
  • Authentication Cheat Sheet
  • Sessions should be
  • unique per user
  • ...26 more annotations...
  • computationally very difficult to predict
  • "strong" password policy
  • Secure Password Recovery Mechanism
  • Require re-authentication for Sensitive Features
  • Authentication and Error Messages
  • can be used for the purposes of user ID and password enumeration
  • Incorrectly implemented error messages
  • generic manner
  • respond with a generic error message regardless if the user ID or password was incorrect
  • give no indication to the status of an existing account
  • Authentication responses
  • Invalid user ID or password"
  • does not indicate if the user ID or password is the incorrect parameter
  • Transmit Passwords Only Over TLS
  • login page
  • all subsequent authenticated pages
  • must be exclusively accessed over TLS
  • unencrypted session ID
  • credentials
  • Implement Account Lockout
  • lock out an account if more than a preset number of unsuccessful login attempts are made
  • can produce a result that locks out entire blocks of application users accounts
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      somewhat of a denial-of-service attack, since legitimate users can no longer access their accounts/services
  • sensible strategy
  • is to lockout accounts for a number of hours
  • Password lockout mechanisms have a logical weakness
  • Session Management General Guidelines
kuni katsuya

MySQL :: MySQL 5.7 Reference Manual :: 5.4.4.2 Configurable InnoDB Auto-Increment Locking - 0 views

dev.mysql.com/...to-increment-configurable.html

shared by kuni katsuya on 08 Aug 13 - No Cached
  • Configurable
    • kuni katsuya
      kuni katsuya on 08 Aug 13
       
      new and improved!(?)
  • table-level locks held until the end of a statement make INSERT statements using auto-increment safe for use with
  • statement-based replication
  • ...24 more annotations...
  • However, those locks limit concurrency and scalability when multiple transactions are executing insert statements at the same time
  • For INSERT statements where the number of rows to be inserted is known at the beginning of processing the statement, InnoDB quickly allocates the required number of auto-increment values without taking any lock, but only if there is no concurrent session already holding the table-level AUTO-INC lock (because that other statement will be allocating auto-increment values one-by-one as it proceeds)
  • obtains auto-increment values under the control of a mutex (a light-weight lock) that is not held until the statement completes, but only for the duration of the allocation process
  • innodb_autoinc_lock_mode = 0 (“traditional” lock mode)
  • special table-level AUTO-INC lock is obtained and held to the end of the statement
  • lock mode is provided for:
  • Backward compatibility.
  • innodb_autoinc_lock_mode = 1 (“consecutive” lock mode)
  • important impact of this lock mode is significantly better scalability
  • This mode is safe for use with
  • statement-based replication
  • innodb_autoinc_lock_mode = 2 (“interleaved” lock mode)
  • This is the fastest and most scalable lock mode
  • but it is
  • not safe
  • when using
  • statement-based replication
  • recovery scenarios when SQL statements are replayed from the binary log
  • Using auto-increment with replication
  • set innodb_autoinc_lock_mode to 0 or 1 and use the same value on the master and its slaves
  • Auto-increment values are not ensured to be the same on the slaves as on the master if you use innodb_autoinc_lock_mode = 2 (“interleaved”) or configurations where the master and slaves do not use the same lock mode
  • If you are using
  • row-based replication
  • all of the auto-increment lock modes are safe
1 - 4 of 4
Showing 20 items per page