Tuesday, August 24, 2010

How to find the Broken links in a website

Borken links identification in a website
As i have created a website live cricket scores, my interest gradually increased to maintain that to the perfect. In this jorney I have just came accross how to check the broken links for the website and what measures needs to be taken to prevent or eliminate that.
When I did my basic research I got the following stuff, which might be useful for every website moderator.

How to check the Broken Links in a website?

I used the following websites with which I hvae tested and got the list of broken links
  1. See LinkChecker for Firefox, some more info you can get at this link http://www.kevinfreitas.net/extensions/linkchecker/
  2. For Windows there is Xenu's Link Sleuth.
  3. For Mac, Integrity link Checker http://peacockmedia.co.uk/integrity/  (personally I have not used this,i dont know what to comment on this).
Other tools which gave me some stuff was
  1. W3C Link Checker.
  2. Even Google Webmaster will give you the crawl errors, you can try that.
There are times that i try to write my own spider to check this, the algorithm looks like following
// Alogorithm to recursively check for broken links  and log all errors at one file

// First get the Url of the page,
function check_links($page)
{
         $html = fetch_page($page);
         if(!$html)
        {
                   // Log page to failures log
                  ------------
                  ------------
        }
       else
       {
            // Find all html, img, etc links on page
            $links = find_links_on_page($html);

          foreach($links as $link) {
        
                    check_links($link);
         }
      }

}

If you are very eager to develop a own spider this algorithm will help you a bit.

Thats all about the link checker.

Thursday, July 1, 2010

Most common Security issues overlooked by developers during Software Development Life Cycle

This article why I am composing?
This article I have compiled based on my mistake in my programming mistake which I used to commit every for consecutively for 3 years in my experience, so thought of putting it down where my fellow programmers can prevent doing the same which I have done.
First and fore most
Remove the following thinking that “It never Happens in an application”, when you start developing an application.
The above statement will definitely solve almost 50% of the security issues.
Second Most Mistake
Dont assume the “User use the application as the developer developed”
When you develop an application, developer will always forget about one stuff that user is not educated about an application, due to which there are circumstance where will play around and unknown mistakes can arise and may the application.
Most applications are written from the default security perspective of "allow all". This means a programmer will start coding everything wide open and then (hopefully) will start to consider elements that need to be secured (these tactical suggestions which have already been made are terrific examples of that).
This happens across the board. Everything from operating systems to fat clients to web-based thin clients are constructed this way. That's a primary reason why every Tuesday Microsoft comes out with a set of patches. Vulnerabilities continue to be discovered and must be remediated in a never-ending stream of patches.
My strategic suggestion is this: start coding from a default perspective of "deny all". Every architectural element, every layer, every object, every method, every variable...construct them to be inaccessible to anything unless you expressly allow it. This will slow down your productivity a little (at least at first). However, once you become accustomed to thinking this way, your delivered code will be vastly more secure.

The below are the points I will recmmond for the developers to have a look when they start coding
• Avoid as much as data input validation using java script in the client side
• I would recommend the users to go through the Threat Model at the following link
• Using a third-party library hastily without properly investigating or understanding the consequences the use of some parts of such a library may or may not have---this usually happens when we are in dire need of some functionality and find a third-party library that provides it, and, having found it, are in a hurry to use it without actually spending ample time going through the complete docs for the library;
• Treating security as something to be added later, instead of designing it in at the start. For example, thinking that security is something that can bolted on at the end with encryption or a firewall, or a penetration test, rather than something that is part and parcel of the whole design and QA process.
• implementing your own authentication/encryption/random number generator rather than using a proven system

Tuesday, June 29, 2010

Inner joins and its usage with a Sample Query

When I was writing the query for my application, I used the following Formatted Query
SELECT JS.JobseekerID
, JS.FirstName
, JS.LastName
, JS.Currency
, JS.AccountRegDate
, JS.LastUpdated
, JS.NoticePeriod
, JS.Availability
, C.CountryName
, S.SalaryAmount
, DD.DisciplineName
, DT.DegreeLevel
FROM Jobseekers JS, Countries C, SalaryBracket S, DegreeDisciplines DD
, DegreeType DT
WHERE
JS.CountryID = C.CountryID
AND JS.MinSalaryID = S.SalaryID
AND JS.DegreeDisciplineID = DD.DisciplineID
AND JS.DegreeTypeID = DT.DegreeTypeID
AND JS.ShowCV = 'Yes'

In corner of my mind I was not satisfied with the above and was trying to make it better with the other ways of writing query, when I met our Database tester, She gave me the following idea to write, It was very effective way of writing that Query
SELECT JS.JobseekerID
, JS.FirstName
, JS.LastName
, JS.Currency
, JS.AccountRegDate
, JS.LastUpdated
, JS.NoticePeriod
, JS.Availability
, C.CountryName
, S.SalaryAmount
, DD.DisciplineName
, DT.DegreeLevel
FROM Jobseekers JS
INNER
JOIN Countries C
ON JS.CountryID = C.CountryID
INNER
JOIN SalaryBracket S
ON JS.MinSalaryID = S.SalaryID
INNER
JOIN DegreeDisciplines DD
ON JS.DegreeDisciplineID = DD.DisciplineID
INNER
JOIN DegreeType DT
ON JS.DegreeTypeID = DT.DegreeTypeID
WHERE
JS.ShowCV = 'Yes'

I hope this will help to understand How you can use the inner joins in the queries

Wednesday, April 28, 2010

Jar - War- Ear Files for J2ee Development

JAR – Java ARchive

It’s a file format based on the ZIP file format and similar to ZIP format this is also used for aggregating many files (many be of different types) into one aggregate file. This aggregate file will have (.jar) extension. Application development using Java uses JAR files for many useful purposes. One of the most common use is to package all the .class files, image files, and other files required by an Applet into a JAR file, so that the download of a single file will have all the components downloaded at the client machine. Otherwise, we would require those many HTTP Connections to individually download each of the components and this will of course be a very tedious and time-consuming effort. Another popular usage is to bundle all the .class files, and other required component files of a typical subsystem into a JAR file and include that JAR file into the CLASSPATH of another Java application which requires the services of that subsystem. The maintenance and deployment becomes very easier in this case.

This archive file format is platform-independent format which has been fully written in Java. This format is capable of handling audio and image files in addition to the .class files. It’s an open standard and fully extendable. JAR file consist of a ZIP archive and an optional Manifest file, which contains package and extension related data. The Manifest file will have the name ‘MANIFEST.MF‘. This manifest file belongs to the optional directtory named ‘META-INF‘. This directory is used to store package and extension configuration data, security related data, versioning related data, services related data, etc.

A JAR file can be created by using the ‘jar‘ command line utility OR if you wish to create JAR files programatically then you may use java.util.jar package for required APIs.


WAR – Web ARchive

As the name suggests this file format is used to package all the components of a Web Application. It may contain JARs, JSPs, Servlets, HTMLs, GIFs, etc. The purpose of this archive format is same as that of the JAR – to make the deployment, shipping, and in turn the maintenance process easier. This will have an XML file named web.xml as the Deployment Descriptor. This Deployment Descriptor is used by the Web Container to deploy the web application correctly.

EAR – Enterprise ARchive

An enterprise application may be composed of several Web Applications and other independent JARs. This archive file format is used in those cases to bundle all the components of an enterprise application into a single file. Again the purpose is same – making deployment, shipping, and hence the maintenance easier. Since, an enterprise application may have several Web Applications as its components, hence an EAR file may contain WARs and JARs. An EAR also contains an XML-based Deployement Descriptor, which is used by the Application Server to deploy the enterprise application correctly.

Saturday, February 20, 2010

Log4j vs java.util.logging

Are your Java programs littered with a multitude of randomly placed System.out.println statements and stack traces? When you add debugging messages to a class in a project, are the outputs of your messages interleaved among dozens of messages from other developers, making your messages difficult to read? Do you use a simple, hand-rolled logging API, and fear that it may not provide the flexibility and power that you need once your applications are in production? If you answered yes to any of the above questions, it's time for you to pick an industrial-strength logging API and start using it.

This article will help you choose a logging API by evaluating two of the most widely used Java logging libraries: the Apache Group's Log4j and the java.util.logging package (referred to as "JUL"). This article examines how each library approaches logging, evaluates their differences and similarities, and offers a few simple guidelines that will help you decide which library to choose.

Introduction to Log4j
Log4j is an open source logging library developed as a subproject of the Apache Software Foundation's Logging Services Project. Based on a logging library developed at IBM in the late 1990s, its first versions appeared in 1999. Log4j is widely used in the open source community, including by some big name projects such as JBoss and Hibernate.

Log4j's architecture is built around three main concepts: loggers, appenders, and layouts. These concepts allow developers to log messages according to their type and priority, and to control where messages end up and how they look when they get there. Loggers are objects that your applications first call on to initiate the logging of a message. When given a message to log, loggers generate Logging-Event objects to wrap the given message. The loggers then hand off the LoggingEvents to their associated appenders. Appenders send the information contained by the LoggingEvents to specified output destinations - for example, a ConsoleAppender will write the information to System.out, or a FileApppender will append it to a log file. Before sending LoggingEvent information to its final output target, some appenders use layouts to create a text representation of the information in a desired format. For example, Log4j includes an XMLLayout class that can be used to format LoggingEvents as strings of XML.

In Log4j, LoggingEvents are assigned a level that indicates their priority. The default levels in Log4j are (ordered from highest to lowest): OFF, FATAL, ERROR, WARN, INFO, DEBUG, and ALL. Loggers and appenders are also assigned a level, and will only execute logging requests that have a level that is equal to or greater than their own. For example, if an appender whose level is ERROR is asked to write out a LoggingEvent that has a level of WARN, the appender will not write out the given LogEvent.

All loggers in Log4j have a name. Log4j organizes logger instances in a tree structure according to their names the same way packages are organized in the Java language. As Log4j's documentation succinctly states: "A logger is said to be an ancestor of another logger if its name followed by a dot is a prefix of the descendant logger name. A logger is said to be a parent of a child logger if there are no ancestors between itself and the descendant logger." For example, a logger named "org.nrdc" is said to be the child of the "org" logger. The "org.nrdc.logging" logger is the child of the "org.nrdc" logger and the grandchild of the "org" logger. If a logger is not explicitly assigned a level, it uses the level of its closest ancestor that has been assigned a level. Loggers inherit appenders from their ancestors, although they can also be configured to use only appenders that are directly assigned to them.

When a logger is asked to log a message, it first checks that the level of the request is greater than or equal to its effective level. If so, it creates a LoggingEvent from the given message and passes the LoggingEvent to its appenders, which format it and send it to its output destinations.

Introduction to JUL
The java.util.logging package, which Sun introduced in 2002 with Java SDK version 1.4, came about as a result of JSR 47, Logging API Specification. JUL is extremely similar to Log4j - it more or less uses exactly the same concepts, but renames some of them. For example, appenders are "handlers," layouts are "formatters," and LoggingEvents are "LogRecords." Figure 1 summarizes Log4j and JUL names and concepts. JUL uses levels the same way that Log4J uses levels, although JUL has nine default levels instead of seven. JUL organizes loggers in a hierarchy the same way Log4j organizes its loggers, and JUL loggers inherit properties from their parent loggers in more or less the same way that Log4j loggers inherit properties from their parents. Concepts pretty much map one-to-one from Log4j to JUL; though the two libraries are different in subtle ways, any developer familiar with Log4j needs only to adjust his or her vocabulary to generally understand JUL.

Functionality Differences
While Log4j and JUL are almost conceptually identical, they do differ in terms of functionality. Their difference can be summarized as, "Whatever JUL can do, Log4j can also do - and more." They differ most in the areas of useful appender/handler implementations, useful formatter/layout implementations, and configuration flexibility.

JUL contains four concrete handler implementations, while Log4j includes over a dozen appender implementations. JUL's handlers are adequate for basic logging - they allow you to write to a buffer, to a console, to a socket, and to a file. Log4j's appenders, on the other hand, probably cover every logging output destination that you could think of. They can write to an NT event log or a Unix syslog, or even send e-mail. Figure 2 provides a summary of JUL's handlers and Log4j's appenders.

JUL contains two formatter classes: the XMLFormatter and SimpleFormatter. Log4j includes the corresponding layouts: the XMLLayout and SimpleLayout. Log4j also offers the TTCCLayout, which formats LoggingEvents into content-rich strings, and the HTMLLayout, which formats LoggingEvents as an HTML table.

While the TTCCLayout and HTMLLayout are useful, Log4j really pulls ahead of JUL in the formatter/handler arena because of the PatternLayout. PatternLayout instances can be configured with an enormous amount of flexibility via string conversion patterns, similar to the conversion patterns used by the printf function in C. In PatternLayout conversion patterns, special conversion characters are used to specify the information included in layout's formatted output. For example, "%t" is used to specify the name of the thread that started the logging of the message; "%C" is used to specify the name of the class of the object that started the logging of the message; and "%m" specifies the message. "%t: %m" would result in output such as "main thread: This is my message." "%C - %t: %m" would result in output such as "org.nrdc.My-Class - main thread: This is my message." The Pattern-Layout is extremely useful, and JUL's two formatter classes don't come anywhere near to matching its versatility. It's not uncommon for JUL users to write their own custom formatter class, whereas most Log4j users generally need to just learn how to use PatternLayout conversion patterns.

While both Log4j and JUL can be configured with configuration files, Log4j allows for a broader range of configuration possibilities through configuration files than JUL does. JUL can be configured with .properties files, but until J2SE 5.0 the configuration of handlers was only on a per-class rather than a per-instance basis. This means that if you are going to be using a pre-Tiger SDK, you'll miss out on useful configuration options, such as the ability to set up different FileHandler instances to send their output to different files.

It's important to note that pre-Tiger JUL can easily be configured to write to multiple output files in code, just not through its default configuration mechanism. Log4j can be configured with .properties and/or XML files, and appenders can be configured on a per-instance basis. Also, Log4j allows developers to associate layout instances with appender instances, and configure layouts on a per-instance basis. This includes PatternLayout instances - you can set the conversion pattern each uses in the configuration file. During development, it usually isn't a problem to recompile an application to adjust its logging configuration; after deployment, however, you may want to be able to tweak or even completely reconfigure your application's logging without recompiling. In that case, Log4j offers more flexibility, especially pre-Tiger.

Log4j provides a lot of functionality that JUL lacks, although JUL is catching up. JUL could definitely be extended to do what Log4j does - you could write more handlers, reimplement the PatternLayout for JUL, and upgrade JUL's configuration mechanism, all without extreme difficulty. But why do that when Log4j has had those features for years?

Which Library Do You Choose?
Important decisions such as these typically make project leaders lose sleep and go prematurely gray. Luckily, this decision can be made very easily by examining the answers to three simple questions.

Question One
Do you anticipate a need for any of the clever handlers that Log4j has that JUL does not have, such as the SMTPHandler, NTEventLogHandler, or any of the very convenient FileHandlers?

Question Two
Do you see yourself wanting to frequently switch the format of your logging output? Will you need an easy, flexible way to do so? In other words, do you need Log4j's PatternLayout?

Question Three
Do you anticipate a definite need for the ability to change complex logging configurations in your applications, after they are compiled and deployed in a production environment? Does your configuration sound something like, "Severe messages from this class get sent via e-mail to the support guy; severe messages from a subset of classes get logged to a syslog deamon on our server; warning messages from another subset of classes get logged to a file on network drive A; and then all messages from everywhere get logged to a file on network drive B"? And do you see yourself tweaking it every couple of days?

If you can answer yes to any of the above questions, go with Log4j. If you answer a definite no to all of them, JUL will be more than adequate and it's conveniently already included in the SDK.

Conclusion
Log4j and JUL are very similar APIs. They differ conceptually only in small details, and in the end do more or less the same thing, except Log4j has more features that you may or may not need.

Keep in mind as you migrate to your chosen logging library that logging may affect the performance of your application. Make its impact as light as possible by reusing references to loggers; keep a static or instance pointer to loggers that you use, rather than calling Logger.getLogger("loggerName") every time you need a logger. Use common sense in your placement of log statements - do not place them in tight, heavily iterated loops.

Tuesday, February 16, 2010

Java Strings -- Immutable

The above diagram explains us why the Java strings are immutable?

Java Programmer Study Notes — Very Important Points

1. Variables defined in try block are not visible in catch block.
2. You cannot pass parameters when you implement an interface by an anonymous class.
3. Constructors cannot return anything. Not even void.

4. Every enum has a values() method that returns an array of all the values in that enum in the order they are defined.
5. System.out.println(0×10 + 10 + 010); Hexadecimal values can be denoted by prefixing with 0x ( Zero and upper or lower case ‘x ‘) so 0×10 is equivalent to 16 decimal. Octal values can be denoted by prefixing with 0 ( Zero ) so 010 is equivalent to 8 decimal. The whole expression will be evaluated to 34 ( 16+10+8).
6. Variables cannot be declared synchronized. Only methods can be declared synchronized.
7. Any class can be declared abstract.
8. Non static methods can access static as well as non static methods of a class.
9. Only one public class can be defined in a file.
10. To construct a Base class, it’s super class needs to be constructed first. So some constructor of the super class has to be called. Either you explicitly call it or the compiler will add super() (ie. no args constructor) as the first line of the sub class constructor. Now, if the super class does not have a no-args constructor, the call super() will fail. Instead of calling super(…) you can also call another constructor of the base class in the first line.
11. Unlike methods, a constructor cannot be abstract, static, final, native, or synchronized. A constructor is not inherited, so there is no need to declare it final and an abstract constructor could never be implemented. A constructor is always invoked with respect to an object, so it makes no sense for a constructor to be static. There is no practical need for a constructor to be synchronized, because it would lock the object under construction, which is normally not made available to other threads until all constructors for the object have completed their work. The lack of native constructors is an arbitrary language design choice that makes it easy for an implementation of the Java Virtual Machine to verify that superclass constructors are always properly invoked during object creation.
12. The construct ‘{ }’ is a compound statement. The compound statement can contain zero or more arbitrary statements. Thus, { { } }, which is a compound statement containing one statement which is a compound statement containing no statement, is legal.
13. ’static’ and ‘final’ are valid modifiers for both ‘variable’ and ‘method’ declarations within a class.
14. ‘transient’ and ‘volatile’ modifiers are only valid for ‘variables’.
15. ‘abstract’ and ‘native’ are only valid for ‘methods’.
16. Note: a class can have only have ‘final’, ‘abstract’ and ‘public’ as modifiers.
17. A class can be extended unless it is declared final. While declaring a method, static usually implies that it is also final, this is not true for classes.
18. An inner class can be declared static and still be extended. Notice the distinction. For classes, final means it cannot be extended, while for methods, final means it cannot be overridden in a subclass.
19. The native keyword can only be used on methods, not on classes and instance variables.