Updating Your Local SSL Certificate

Previously: Create SSL Certificate for HTTPS localhost on Tomcat 7 Chrome and Internet Explorer

The local certificate will expire after 3 months. here is how to update it.

1.Inspect your tomcats’ server.xml file to see what java it is using. So lets say it is using:
C:\Program Files\Java\jdk1.XXX
2.Delete the expired certificate with the following command:
keytool -delete -alias gleniris.com -keyalg
RSA -keystore “C:\Program Files\Java\C:\Program Files\Java\jdk1.XXX\jre\lib\security\cacerts” – the password is by default changeit
3.restart the machine
4.generate a new cert with the following command:
keytool -genkey -alias gleniris.com -keyalg
RSA -keystore “C:\Program Files\Java\C:\Program Files\Java\jdk1.XXX\jre\lib\security\cacerts”

You are now asked to enter your name. enter your name as whatever value your alias is. In my case I entered the name as gleniris.com
5.Copy the certificate which you have generated:
Attempt to navigate to the secure section of your site. For me, it was (Note the HTTPS protocol):
https://my.gleniris.com:8443
Using the 3 dot menu, more tools, developer tools, security tab, and Click the Certificate Information > Details tab > Copy To file > Export. Save it as the defaut .cer file type. Save it with the same name as you alias. For me this file is named:
gleniris.com.cer
6.Create an entry in the trusted certificate publishers directory of your machine
Open a command window and type
certmgr.msc
Expand the ‘Trusted Publishers’ directory. Using the menu bar, select action >All Tasks >Import, and import the file you created in step 4. Repeat this process in the ‘Trusted Root Certification Authorities’ directory.
7.Restart your machine.

Mock Testing

Image taken from http://zeroturnaround.com/rebellabs/how-to-mock-up-your-unit-test-environment-to-create-alternate-realities/

Mock Testing explained:

Concise Example of the EasyMock testing framework:

Reflection in Java

Six years of programming with Java and I’ve never had to use reflection. I don’t know if that a good or a bad thing but below is the best, most concise explanation of Java Reflection which I have found. The commentator confuses himself at times but the core message and logic comes across well. Only 11 or so minutes long.

Advice on Technical Hiring from the Employers Perspective

The below is an extract from a chapter from the O’Reilly published 97 Tthings Every Software Architect Should Know:

 

Most people probably agree that finding top-notch developers requires thorough technical interviewing.  But what does thorough mean exactly?  It doesn’t mean requiring candidates to answer difficult questions about obscure technical details.  Screening for specific technical knowledge is definitely part of the process but turning an interview into a certification test will not guarantee success.  You are searching for developers with problem solving skills and passion.  The tools you use are sure to change; you need people who are good at attacking problems regardless of the technologies involved.  Proving someone has the ability to recite every method in an API tells you very little about their aptitude or passion for solving problems.

However, asking someone to explain their approach to diagnosing a performance problem gives you great insight into their methods for problem solving.  If you want to learn about developer’s ability to apply lessons learned, ask what they would change given the chance to start their most recent project anew. Good developers are passionate about their work.  Asking them about past experience will bring out that passion and tell you what correct answers to technical trivia questions cannot….

by Chad LaVigne
This work is licensed under a Creative Commons Attribution 3″

Security Issue for Java and MySQL or SQL

The most basic vulnerability is to leave the database operating on the default port of 3306 with the default user name and password. Ensure that this port is not open to the web.

SQL Injection Vulnerability

To protect against SQL Injection, it is necessary to avoid methods which take an argumenrt which is directly used in an SQL query.

The solution is a two setp process.

  1. First, validate the input argument against a regex or caught parse exception. Therefore you will know, if the method is supposed to accept a String containing a int, or an entire set of digits, you can be sure that this is the case. This ensures you are not using user input to directly query the database without validating it first.
  2. The second prevention step is not to use a direct SQL query. Instead use a prepared statement. This means that you are not using string concatenation or string replacement to query the database. If this were the case, an attacker can pass your method an SQL statement which will then be run against your database.

Hibernate Delete using HQL – QuerySyntaxException: Foo is not mapped

The entity name needs to be used in the query instead of the table name.

 

For example this causes the QuerySyntaxException as it uses the database table name in the query:

 

Query query = session.createQuery(“delete from product where venue_id = :venueID”);
query.setParameter(“venueID”, venueID);

The below query works as it uses the entity name:

Query query = session.createQuery(“delete from ProductEntity where venue_id = :venueID”);
query.setParameter(“venueID”, venueID);

Error 1723 cant unstall Java due to missing DLL

Download the Windows Installer Cleanup from here. Worked a treat.