I'm dedicated agile security architect/system architect/developer with specialty of open source framework.
May 21, 2013
JBoss DatabaseServerLoginModule with Added Salt and Iteration Count
http://www.rtner.de/software/PBKDF2.html
How to Encrypt Password in JBoss 7 and EAP 6
So how do we achieve that with JBoss 7 and EAP 6? The shipped solution is JBoss Vault. Here follows a link of using it - https://community.jboss.org/wiki/JBossAS7SecuringPasswords. A note of the example, that you might want to consider:
- The key length of 1024 bytes is quite weak, consider using a longer key.
- You probably want to increase the default validity period, with the -validity flag.
"The default implementation of the vault utlizes a Java KeyStore. Its configuration uses Password Based Encryption, which is security by obscurity. This is not 100% security. It only gets away from the problem of clear text passwords in configuration files. There is always a weak link. (As mentallurg suggests in the comments, the keystore password is the weakest link)."
"Ideally, 3rd party ISV robust implementations of Vaults should provide the necessary security."
[https://community.jboss.org/wiki/JBossAS7SecuringPasswords#Frequently_Asked_Questions]
And maybe the most obvious question is how to make it stronger. And Red Hat answer that also on the same page. Store the keystore on an external USB device which you mount on bootup and then remove it. Or use a stronger third party solution.
How to enable Tree View in File Browse Nautilus in RHEL 6
- Open Preferences dialog, by clicking Edit -> Preference. See picture 1.
- In first tab select the lowest option Show only folders
- In the second tab select Always open in browser windows. See picture 2.
If you want more extensions to Nautilius, check out the Nautilius extensions page - https://live.gnome.org/Nautilus/Extending.
May 16, 2013
How to Handle Character Encoding in JSP and Servlets
When writing simple web application you might not want to bother to use some web framework and simply use simple JSP and Servlet. This has been the case for me recently, but there is of course pitfalls with that as everything else in life. And one of those is to handle character encoding.
In you JSP be sure you use the below encoding settings:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Insert title here</title>
</head>
<body>
<h1>Empty Page</h1>
</body>
</html>
These encoding settings are important if you are planning to pass get parameters in the URL and those parameters might contain character not covered in ISO-8859-1 character table. You should here be aware of how the HTTP work, that it is stateless by design, which means that the server has no way of knowing how to interpret the url-encoded GET parameters, so it assumes ISO-8859-1.
The next gotcha is when I JSP call a Servlet. Here again the server has no way of knowing how to interpret the url-encoded GET parameters, therefore you must explicitly tell the server how to url encode the passed parameters. That is done via the methods.
req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");
If you are planning to send direct HTML response from the Servlet, do not forget to set the response content type.
resp.setContentType("text/html; charset=UTF-8");
May 14, 2013
Problem installing Maven 3 on Ubuntu 13.04 Raring
The following packages have unmet dependencies:
maven : Depends: libwagon2-java (>= 2.2-2) but it is not going to be installed
I searched the official Ubuntu bug report site, https://bugs.launchpad.net/ubuntu/ and found the solution.
https://bugs.launchpad.net/ubuntu/+source/maven2/+bug/1173142