Cross-Site Scripting vulnerability

When comparing data that may be locale-dependent, an appropriate locale should be specified in code and that’s how Cross-Site Scripting vulnerability could be avoided.

import java.util.Locale;
...
public String anyMethodName(String dataSet){
	if(dataSet.toUpperCase(Locale.ENGLISH).equals("ANY_DATA_VALUE")){
	return null;
}
...
Advertisements

Data Binding in Angular

Data Binding is one of the most powerful and important features in any software development language. It allows us to define communication between the component and view.

Types of Data Binding in Angular

1. String Interpolation: It’s a one-way data binding where text is between a set of curly braces often uses the name of a component property. Angular replaces that name with the string value of the corresponding component property. The syntax of string interpolation is to use double curly braces {{ angular_code }}.

2. Property Binding: It allows us to bind the view of the template expression. Property binding in simple term is defined as updating the value of a certain variable in component (model) and displaying it in view (presentation layer). This is a one-way mechanism, thus it allows you to change the value whenever you want but only at the component level. Example:- You can achieve property binding using square brackets for the src tag, and also putting component value in quotes.

3. Event Binding: It is defined as the updating/sending of the value/information of a certain variable from the presentation layer (view) to the component (model)

4. Two-Way Data Binding: It’s a combination of both Property and Event binding and it is a continuous synchronization of a data from view to the component and component to the view, i.e. changes made in the component’s data should sync to the view and should immediately update the model into the corresponding component with view data.

Singleton class @ Java

Here, are the basic steps for implementing a Java Singleton class.

(1) There should be only one instance of that class can be created.
(2) Constructor of class has to be made private to avoid instantiation from external classes.
(3) Declare a static variable to store the instance for that class.
(4) Declare a method that returns the instance of that class.

With the above basic rules, we can classify Java Singleton implementation into the following categories:-
(1) Eager Initialization

	public class EagerInitialization {
		private static final EagerInitialization instance = new EagerInitialization();
		private EagerInitialization(){}
		public static EagerInitialization getInstance(){
			return instance;
		}
	}

(2) Static Block Initialization

	public class StaticBlockInitialization { 
		private static StaticBlockInitialization singletonInstance;     
		private StaticBlockInitialization(){}     
		static{
			try{
				singletonInstance = new StaticBlockInitialization();
			}catch(Exception e){
				throw new RuntimeException("Exception occured while creating the singleton instance");
			}
		}     
		public static StaticBlockInitialization getInstance(){
			return singletonInstance;
		}
	}

(3) Lazy Initialization

	public class Main {
		public static void main(String args[]) {
			Singleton singleton = Singleton.getInstance();
			System.out.println("Value 1 : " + singleton.getValue());
			singleton.setValue(20);
			Singleton singleton2 = Singleton.getInstance();
			System.out.println("Value 2: " + singleton2.getValue());
		}
	}

	class Singleton {
		private Singleton() {}
		private static Singleton singleton;
		private int value = 10;
		public static Singleton getInstance() {
			if (singleton == null) {
				singleton = new Singleton();
			}
			return singleton;
		}
		public int getValue() {
			return value;
		}
		public void setValue(int value) {
			this.value = value;
		}	
	}

(4) Thread Safe Singleton

	public class ThreadSafeInstance { 
		private static ThreadSafeInstance singletonInstance;
		private ThreadSafeInstance(){}
		public static synchronized ThreadSafeInstance getInstance(){
			if(singletonInstance == null){
				singletonInstance = new ThreadSafeInstance();
			}
			return singletonInstance;
		}
	}

How to use Telnet to test SMTP communication

When you run the commands, replace these values with ones for your SMTP server, sourceDomain, etc.

Destination SMTP server: mail.smtpserver.com
Source domain: dev.prodDomain
Sender’s e-mail address: vinaychauhan@orgName.com
Recipient’s e-mail address: vipinchauhan@anotherOrgName.com
Message subject: Test Mail
Message body: This is a test message

(1) Open a Command Prompt window, type telnet, and then press Enter. This command opens the Telnet session.
(2) Type set localecho, and then press Enter. This optional command lets you view the characters as you type them, and it might be required for some SMTP servers.
(3) Type set logfile <filename>, and then press Enter.This optional command enables logging and specifies the log file for the Telnet session. If you only specify a file name, the log file is located in the current folder. If you specify a path and file name, the path needs to be on the local computer, and you might need to enter the path and file name in the Windows DOS 8.3 format (short name with no spaces). The path needs to exist, but the log file is created automatically.
(4) Type OPEN mail.smtpserver.com 25 and then press Enter.
(5) Type EHLO dev.prodDomain, and then press Enter.
(6) Type MAIL FROM:<vinaychauhan@orgName.com>, and then press Enter.
(7) Type RCPT TO:<vipinchauhan@anotherOrgName.com> NOTIFY=success,failure, and then press Enter. The optional NOTIFY command specifies the particular delivery status notification (DSN) messages (also known as bounce messages, nondelivery reports, or NDRs) that the SMTP is required to provide. In this example, you’re requesting a DSN message for successful or failed message delivery.
(8) Type DATA, and then press Enter.
(9) Type Subject: Test Mail, and then press Enter.
(10) Type This is a test message, and then press Enter.
(11) Type a period ( . ), and then press Enter.
(12) To disconnect from the SMTP server, type QUIT, and then press Enter.
(13) To close the Telnet session, type quit, and then press Enter.

Here’s what a successful session output using the steps above looks like:

C:\> telnet
Microsoft Telnet> set localecho
Microsoft Telnet> set logfile c:\TelnetLog.txt
Microsoft Telnet> OPEN mail.smtpserver.com 25
EHLO dev.prodDomain
250-mail.smtpserver.com Hello [172.16.0.5], pleased to meet you
250-SIZE 37748736
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250 XRDST
MAIL FROM: vinaychauhan@orgName.com
250 2.1.0 Sender OK
RCPT TO: <vipinchauhan@anotherOrgName.com> NOTIFY=success,failure
250 2.1.5 Recipient OK
DATA
354 Start mail input; end with <CRLF>.<CRLF>
Subject: Test Mail

This is a test message.
.
250 2.6.0 <c89b4fcc-3ad1-4758-a1ab-1e820065d622@mail.smtpserver.com> [InternalId=5111011082268, Hostname=mail.smtpserver.com] Queued mail for delivery
QUIT
221 2.0.0 Service closing transmission channel

How to enable Garbage Collector Logs

The garbage collector provides automatic memory management. It keeps track of all objects instantiated within a JVM and removes the ones that are no longer used. That is a highly complex task, and there are several different garbage collector implementations available.

In general, the garbage collection process in Java is very efficient. It’s so efficient that there are lots of applications that use the default implementation with its standard configuration. But if your application has to handle the high load or uses lots of complex object structures, the performance of your application might decrease over time. That often happens when the garbage collector needs to spend more and more time to manage the available memory. The garbage collector log provides you with the necessary information to analyze all garbage collector activities.

The garbage collector log is deactivated by default. You need to activate it with a set of command line properties.

If you’re using JDK 8 or earlier, you can do that using the following properties:
-XX:+PrintGCDetails -Xloggc:

Starting with JDK 9, you need to use the following properties instead:
class=”prettyprint”-Xlog:gc*:file=<gc-log-file-path>

After you started your application with these command line properties, your garbage collector will write detailed information about all operations. Unfortunately, the content and format of the generated garbage collector log depend on the vendor and version of your JVM and the garbage collection algorithm.

How to implement Bootstrap Responsive Video

A responsive video automatically adapts to the screen size of the user. In Bootstrap, the video could be placed in one of two ways with an aspect ratio of 16:9 or 4:3. The code for this is given below:

Aspect Ratio with 16:9

<div class="embed-responsive embed-responsive-16by9"> 
    <video width="320" height="240" controls>
        <source src="\path\anyVideo.mp4" type="video/mp4">
    </video>
</div> 

Aspect Ratio with 4:3

<div class="embed-responsive embed-responsive-4by3">
    <video width="320" height="240" controls>
        <source src="\path\anyVideo.mp4" type="video/mp4">
    </video>
</div>

We can also use the video reference from YouTube by clicking the “Share” button then click on “embed” button to copy the embed code of the video. Now, simply paste this embed code into your web page, and that’s all. This video will now show up on the web page.

How to handle ‘&’ while working in SQL

Inserting values into a table with ‘&’ could be tricky therefore given below approaches could be used for resolution.

SET DEFINE OFF;
create table test_table (name varchar2(50));
insert into  test_table values ('Tom & Jerry');

or

SET SCAN OFF;
create table  test_table (name varchar2(50));
insert into  test_table values ('Tom & Jerry');

or

create table  test_table (name varchar2(50));
insert into test_table values ('Tom '|| chr(38) ||' Jerry');