Posts

Making your web application flawless against security attacks is a challenge for every java developer. In this article I will briefly describe common practical development techniques that can help you to achieve it.

Deploying application into secure environment adds some restrictions on logging and log management. OWASP community gives some useful recommendations.

One of the first requirement of Netty ISO8588 client connector is the support for automatic reconnect.

One of the first receipts I came across was Thomas Termin’s one. He suggests adding a ChannelHandler which will schedule the calling of client’s connect() method once a Channel becomes inactive. Plus adding ChannelFutureListener which will re-create a bootstrap and re-connect if initial connection was failed.

Although this is a working solution, I had a feeling that something is not optimal. Namely, the new Bootstrap is being created on every connection attempt.

So, I created a FutureListener which should be registered once a Channel is closed.

User authentication is an important part of the web service API design. One of the common approaches is the Hash-based Message Authentication Code – HMAC. Used together with transport level security, it provides a reliable mechanizm of user authentication and message integrity validation.

For those, who not yet familiar with Scrum, I highly recommend to watch the “Scrum Training Series” presentations and the AgileMethodology.org website.

A Scrum Reference Card is also useful to understand what the Scrum is, it’s processes, roles and practices.

The presentations describes the Scrum process step by step.

Introduction to Scrum #

Setting entropy pool for Java server on linux is fair simple. Just add a system property to specify a device to read from.