Systems Integration
Jun 21 2010
Oracle Weblogic 10.3 and IBM MQ - Can They Play Nicely?
Recently I was called on to develop a Message-Driven Bean (MDB) that was to be deployed under Oracle Weblogic 10.3. Easy enough, right? The only problem was that the queue it was supposed to listen to was on a remote Unix machine, and was defined under IBM MQ Server 6.0. There are several how-to's on the internet about how this can be done, but none of them were complete enough to get it working. My goal in this article is to tie together all of the threads needed to get Weblogic 10.3 and MQ chatting away happily.
Jun 17 2010
Accessing the Dusty Corners of DNS with Java
Most Java developers have never needed to interact with the DNS directly; the most well-known job of DNS, that of resolving hostnames to IP addresses, is performed automatically every time a network operation involving a hostname is performed. Similarly, finding a server that is willing to accept email for a particular email address is performed transparently using DNS. How would a Java developer get access to such arcane, low-level information to do something as simple as validate that a particular email address has a server somewhere in the world willing to accept email for it? It all comes down to hierarchy.
Jun 16 2010
Secure Development - Denial of Service Attacks
No matter how well-written or secure your application is, Denial of Service (DoS) attacks always pose a risk. Most web applications are publicly accessible by design, so the server/application really has no way to tell 10,000 legitimate user requests from 10,000 malicious requests designed to bring it down. If a DoS attack originates from a single source or from a few sources, it can be blocked fairly easily once the source(s) are identified. Unfortunately, most DoS attacks today are actually DDoS attacks (distributed DoS), which means that they originate from hundreds or thousands of different places across the Internet, most commonly from botnets. This makes it nearly impossible to shut down the malicious traffic without also cutting off the legitimate users...which is exactly the point of a DoS attack.
Some common types of DoS attacks are the following:
Jun 10 2010
Secure Development - Secure Configuration Management
Writing secure code is the most important aspect of secure development, since this is where the proverbial rubber meets the road. However, there are many other environmental factors that contribute to your application's overall security posture. This includes the application/web server, backend systems such as databases, and of course the underlying operating systems and network infrastructure. Consider the following common vulnerabilities:
Jun 02 2010
Secure Development - Secure Storage
So you've locked down your user input validation, your authentication/access control, and even your error handling. What else could possibly go wrong? If you're not careful about what data you store and how you protect it, you can cause serious damage to your users or even be held legally responsible for data breaches.
Protecting the back-end storage of your application is just as important as locking down the front-end user interface and web server. Some of the most common mistakes include: