Skip to main content

Home/ Groups/ SoftwareEngineering
Rss Feed
Sort By: Most Recent | Popular Filter: All | Bookmarks | Topics Simple Middle
kuni katsuya

Guide to SQL Injection - OWASP - 0 views

www.owasp.org/...Guide_to_SQL_Injection

security SqlInjection background overview

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Least privilege connections
  • Always use accounts with the
  • minimum privilege necessary
    • kuni katsuya
      kuni katsuya on 21 Sep 12
       
      yet another reason why shared db logins (eg. etl_update) are a *BAD IDEA* ie. a set of apps using the same db login are effectively granted the 'highest common denominator' of db privileges, so have more access than they should (eg. update/delete privilege on tables unrelated to app)
  • ...9 more annotations...
  • for the application
  • Parameterized Queries with Bound Parameters
  • keep the
  • query
  • d data
  • separate through the use of placeholders known as "bound" parameters
  • how to Review Code for SQL Injection Vulnerabilities.
  • Guide to SQL Injection
  • "injection" of a SQL query via the input data from the client to the application
  • kuni katsuya on 21 Sep 12
     
    "Least privilege connections"
kuni katsuya

Preventing SQL Injection in Java - OWASP - 0 views

www.owasp.org/...eventing_SQL_Injection_in_Java

security SqlInjection prevention Java DefensiveCoding

shared by kuni katsuya on 21 Sep 12 - No Cached
  • Preventing SQL Injection in Java
  • inject (or execute) SQL commands within an application
  • Defense Strategy
  • ...19 more annotations...
  • To prevent SQL injection:
  • All queries should be
  • parametrized
  • All dynamic data
  • should be
  • explicitly bound to parametrized queries
  • String concatenation
  • should never be used
  • to create dynamic SQL
  • OWASP SQL Injection Prevention Cheat Sheet.
  • Parameterized Queries
  • Prepared Statements
  • automatically be escaped by the JDBC driver
  • userId = ?
  • PreparedStatement
  • setString
  • Dynamic Queries via String Concatenation
  • never construct SQL statements using string concatenation of unchecked input values
  • dynamic queries via the java.sql.Statement class leads to SQL Injection
kuni katsuya

SQL Injection - OWASP - 0 views

www.owasp.org/...SQL_injection

security SqlInjection background overview

shared by kuni katsuya on 21 Sep 12 - No Cached
  • SQL Injection
  • "injection" of a SQL query via the input data from the client to the application
  • exploit can
  • ...18 more annotations...
  • read sensitive data
  • modify database data
  • execute administration operations
  • SQL injection errors occur when:
  • Data enters a program from an
  • untrusted source
  • The data used to
  • dynamically construct a SQL query
  • consequences are:
  • Confidentiality:
  • sensitive data
  • Authentication
  • user names and passwords
  • Authorization
  • change this information
  • Integrity
  • read sensitive information
  • changes or even delete this information
kuni katsuya

MySQL :: MySQL 5.5 Reference Manual :: 13.1.17 CREATE TABLE Syntax - 0 views

dev.mysql.com/...create-table.html

MySQL MySQL5.5 column comment length

shared by kuni katsuya on 20 Sep 12 - No Cached
kuni katsuya

AMFParser - 0 views

amfparser.codeplex.com

graniteds flex blazeds debugging AMF AMFParser Fiddler2

shared by kuni katsuya on 20 Sep 12 - No Cached
  • AMFParser
  • AMFParser plugin for Fiddler2 web debugger
  • parsing and displaying AMF data inside HTTP's POST requests and responses
kuni katsuya

java - Flex+JPA/Hibernate+BlazeDS+MySQL how to debug this monster? - Stack Overflow - 0 views

stackoverflow.com/...ysql-how-to-debug-this-monster

graniteds flex blazeds debugging

shared by kuni katsuya on 20 Sep 12 - No Cached
  • Set break points in my Java code Start up the Java application server with the appropriate debug JVM properties set (e.g. -Xdebug -Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n) From Eclipse, I attach a remote debugger to the app server on the default port 8000. The Java Debugger will open up when a break point is hit. Set breakpoints in my Flex application (or one of its modules). From Eclipse (with Flash Builder) I launch a debug configuration for my Flex app. The Flex Debugger will open up when a break point is hit. At this point I have two debuggers open and everything work great. Two other things I do: a) extend the transaction system timeout, so it doesn't get trigger while I am sitting there think for a few minutes b) use Charles Proxy (in reverse proxy mode) inbetween the client and server to watch the AMF traffic and view payloads, etc.
  • Flex+JPA/Hibernate+BlazeDS+MySQL how to debug this monster?
kuni katsuya

graniteds - can newer web containers having Servlet 3 extend BlazeDS max # of simultane... - 0 views

stackoverflow.com/...-blazeds-max-of-simultaneous-u

graniteds AsynchronousServlets asynchronous servlets servlet3.0

shared by kuni katsuya on 20 Sep 12 - No Cached
  • GraniteDS & Asynchronous Servlets
  • to handle many thousands concurrent users, you can even
  • create a cluster of GraniteDS servers
  • ...9 more annotations...
  • Asynchronous Servlets Performance
  • With a non NIO or non Continuation based server, this would require around 11,000 threads to handle 10,000 simultaneous users. Jetty handles this number of connections with only 250 threads.
  • Classical synchronous model: 10,000 concurrent users -> 11,000 server threads. 1.1 ratio.
  • Comet asynchronous model: 10,000 concurrent users -> 250 server threads. 0.025 ratio.
  • classical (synchronous) servlet model
  • request -> immediate processing -> response
  • Comet implementations rely on a different model:
  • request -> wait for available data -> response
  • With synchronous servlet processing, each request is handled by one dedicated server thread
kuni katsuya

Christophe Herreman » Blog Archive » Spring ActionScript at FlexCamp 2008 Bel... - 0 views

www.herrodius.com/158

flex service configuration

shared by kuni katsuya on 20 Sep 12 - Cached
  • endpoints externally configured
  • allows me to switch between different endpoints - different test or production servers for instance - just by specifying the ip and port in an external properties file
  • don't have to specify any compiler arguments that point to the services-config.xml or messaging-config.xml files.
kuni katsuya

Externalizing Service Configuration using BlazeDS and LCDS - 0 views

coenraets.org/...uration-using-blazeds-and-lcds

flex service configuration

shared by kuni katsuya on 21 Aug 12 - No Cached
  • Externalizing Service Configuration using BlazeDS
  • RemoteObject
  • *when* the configuration of your services is being read.
  • ...26 more annotations...
  • application stops working when you move it to another server
  • project in Flex Builder
  • check “use remote object access service”
  • This adds a compiler argument pointing to the location of your
  • services-config.xml
  • -services
  • services-config.xml
  • When you then
  • compile
  • your application, the required
  • values
  • of services-config.xml are
  • baked into the SWF
  • read at
  • compile time
  • not at runtime
  • {server.name}
  • {server.port}
  • {context.root}
  • {server.name} and {server.port} are replaced at
  • server the SWF was loaded from
  • {context.root} is still substituted at
  • compile time
  • Flex SDK provides an API that allows you to configure your channels at runtime
  • number of ways you can pass values to a SWF at runtime
  • read a configuration file using HTTPService at application startup
kuni katsuya

Web | Apache Shiro - 0 views

shiro.apache.org/web.html

security ApacheShiro SessionManagement session

shared by kuni katsuya on 19 Sep 12 - No Cached
  • Session Management
  • Servlet Container Sessions
  • kuni katsuya on 19 Sep 12
     
    "t"
kuni katsuya

BlazeDS Developer Guide - BlazeDS client architecture - 0 views

livedocs.adobe.com/...help.html

blazeds Flex RemoteObject Producer Consumer HTTPService WebService Channels ChannelSets Messages

shared by kuni katsuya on 18 Sep 12 - No Cached
kuni katsuya

[#SHIRO-160] Flex integration with Shiro - ASF JIRA - 0 views

issues.apache.org/...SHIRO-160

Shiro Flex integration security

shared by kuni katsuya on 09 Aug 12 - No Cached
kuni katsuya

Mirror/deltaspike at master · DeltaSpike/Mirror · GitHub - 0 views

github.com/...deltaspike

ApacheDeltaSpike github CDI CdiExtensions ReleaseNotes

shared by kuni katsuya on 16 Sep 12 - No Cached
  • CDI Extensions Project
  • best mature features of
  • JBoss Seam3
  • ...27 more annotations...
  • Apache MyFaces CODI
  • other CDI Extensions projects.
  • container agnostic
  • different containers get activated via
  • Maven Profiles
  • CDI container integration via
  • Arquillian
  • Building Apache DeltaSpike
  • DeltaSpike-0.3
  • Release Notes
  • [DELTASPIKE-62] - Discuss security module
  • [DELTASPIKE-74] - unit and integration tests for @Secured
  •  [DELTASPIKE-75] - documentation for @Secured
  • [DELTASPIKE-78] - review and discuss Authentication API
  •  [DELTASPIKE-77] - review and discuss Identity API
  • [DELTASPIKE-79] - review and discuss Authorization API
  • [DELTASPIKE-81] - review and discuss Identity Management
  • [DELTASPIKE-82] - review and discuss external authentication
  • [DELTASPIKE-176] - unit and integration tests for @Transactional
  • [DELTASPIKE-177] - documentation for @Transactional
  •  [DELTASPIKE-179] - unit and integration tests for @TransactionScoped
  • [DELTASPIKE-175] - @Transactional for EntityTransaction
  •  [DELTASPIKE-178] - @TransactionScoped
  •  [DELTASPIKE-190] - Create ConfigurableDataSource
  • [DELTASPIKE-219] - @Transactional for JTA UserTransaction
  • [DELTASPIKE-230] - Fallback stragtegy for resource bundles and locales
  •   [DELTASPIKE-223] - Add convention for @MessageResource annotated types.
kuni katsuya

Temporary Documentation - Apache DeltaSpike - Apache Software Foundation - 0 views

cwiki.apache.org/...Temporary+Documentation

ApacheDeltaSpike documentation CDI

shared by kuni katsuya on 16 Aug 12 - No Cached
  • DeltaSpike will consist of a number of portable CDI extensions that provide useful features for Java application developers
  • de-facto standard of CDI-Extensions
  • Project-Configuration (with Maven)
kuni katsuya

Remote call using class as parameter - Google Groups - 0 views

groups.google.com/forum

graniteds remoting DTO ValueObject Method parameter wrapper Java ActionScript3 Class

shared by kuni katsuya on 16 Sep 12 - No Cached
  • public class ClassHolderDTO<T> {    private Class<T> classToTransfer;// get/set boilerplate}
  • Resource
  • Class<Resource> entityClass
  • ...18 more annotations...
  • Class as parameter
  • serverside
  • Remote call using class as parameter
  • Does GraniteDS could manage date and TimeZone ?
  • Flash Player (GMT +X) -> IExternizable methods (GMT + X - X = GMT + 0) - > AMF over HTTP (GMT + 0) -> Granite AMF0Deserializer (GMT + 0) -> Granite Converter (GMT + 0 + Y = GMT + Y) -> Java Services (GMT + Y)Java Services (GMT + Y) -> Granite Converter (GMT + Y - Y = GMT + 0) -> Granite AMF0Deserializer (GMT + 0) -> AMF over HTTP (GMT + 0) -> IExternizable methods (GMT + 0 + X = GMT + X) -> Flash Player (GMT + X)
  • We use
  • GMT + 0
  • for AMF for convention
  • define a
  • fixed timezone
  • for your AMF that is over HTTP
  • GMT + X
  • : timezone for your flex client
  • GMT + Y
  • : timezone for your server
  • don't want to modify the default templates
  • override the readExternal / writeExternal methods and do the conversion here.
  • The patch is to use a custom template for generating your as files with a conversion to GMT 0 in the implementations of IExternalizable methods.On the server-side you add a Converter to convert dates GMT 0 to dates GMT + Y.
    • kuni katsuya
      kuni katsuya on 16 Sep 12
       
      see better suggestion below (ie. override instead of replace)
« First ‹ Previous 501 - 520 of 1272 Next › Last »
Showing 20 items per page