Bean Validation Made Simple With JSR 303

http://java.dzone.com/articles/bean-validation-made-simple   The URL above explains clearly and concisely how to avoid checking that a value meets a constraint without the need for an if(isStringValueNull?) code block.

Advertisements

Advice on Technical Hiring from the Employers Perspective

The below is an extract from a chapter from the O’Reilly published 97 Tthings Every Software Architect Should Know:

 

Most people probably agree that finding top-notch developers requires thorough technical interviewing.  But what does thorough mean exactly?  It doesn’t mean requiring candidates to answer difficult questions about obscure technical details.  Screening for specific technical knowledge is definitely part of the process but turning an interview into a certification test will not guarantee success.  You are searching for developers with problem solving skills and passion.  The tools you use are sure to change; you need people who are good at attacking problems regardless of the technologies involved.  Proving someone has the ability to recite every method in an API tells you very little about their aptitude or passion for solving problems.

However, asking someone to explain their approach to diagnosing a performance problem gives you great insight into their methods for problem solving.  If you want to learn about developer’s ability to apply lessons learned, ask what they would change given the chance to start their most recent project anew. Good developers are passionate about their work.  Asking them about past experience will bring out that passion and tell you what correct answers to technical trivia questions cannot….

by Chad LaVigne
This work is licensed under a Creative Commons Attribution 3″

Security Issue for Java and MySQL or SQL

The most basic vulnerability is to leave the database operating on the default port of 3306 with the default user name and password. Ensure that this port is not open to the web.

SQL Injection Vulnerability

To protect against SQL Injection, it is necessary to avoid methods which take an argumenrt which is directly used in an SQL query.

The solution is a two setp process.

  1. First, validate the input argument against a regex or caught parse exception. Therefore you will know, if the method is supposed to accept a String containing a int, or an entire set of digits, you can be sure that this is the case. This ensures you are not using user input to directly query the database without validating it first.
  2. The second prevention step is not to use a direct SQL query. Instead use a prepared statement. This means that you are not using string concatenation or string replacement to query the database. If this were the case, an attacker can pass your method an SQL statement which will then be run against your database.