JWT

JWT benefits and drawbacks

Where to store local storage or cookies?

Local storage is easy to compromise.

Use cookies and ensure XSS and CSRF protections are implemented.

Comments

Post a Comment

Popular posts from this blog

Java InetAddress isReachable ICMP (Ping)

It doesn't do ICMP on Windows, it opens TCP echo on port 7. On linux/unix you have to set the suid bit on Java executables to allow it to use ICMP. So that article didn't clearly explain the whole story. When the executable bit is set if a user has permissions to run the program the executable runs at permissions of the owner. If like mine, your java was owned by account with non-root privileges, it still won't be able to access ICMP. You have to set suid bit after changing ownership as the latter clears the suid bit. sudo chown -R root:root sudo chmod 4755 /bin/java Never did get this to work because once the suid bit was set, encountered the following error: libjli.so file not found. I believe this might have to do with suid bit not being set on LD_LIBRARY_PATH references and/or shared libs because it might present a security issue. After discussing with associates realized going this route is probably a bad idea. This would cause all Java programs to run as root presenti...
Read more

Oracle JDBC ReadTimeout QueryTimeout

If a query exceeds the oracle.jdbc.ReadTimeout without receiving any data, an exception is thrown and the connection is terminated by the Oracle driver on the client. Unfortunately the session will still be queued on the database and continue to wait for locks, hold any current locks, and complete any DML/PL*SQL procedures that are pending on the server-side of the orphaned connection. If an application, on a another connection, due to ReadTimeout exception, retries DML/PL*SQL  which requires locks, those queries will queue behind the initial DML/PL*SQL. This will increase the workload exacerbating the situation. On applications with retries, this can be observed by querying the v$session table  or gv$session on RAC and noting new sessions started periodically based on the ReadTimeout interval. The sessions may often have the same SQL_ID and/or SQL_HASH_VALUE. If stmt.setQueryTimeout(Seconds) is issued and the statement exceeds the timeout, it will atte...
Read more

Locks held on Oracle for hours after sessions abnormally terminated by node failure

If a session holds db locks and is abnormally terminated (no fin/ack), the locks will persist until the db session is closed, typically around 2 hours and 12 minutes with default network tcp_keepalive settings. Abnormally terminated does not include CTRL C or kill -9. The ojdbc6 driver apparently has a shutdown hook thread that closes the connections in graceful shutdowns. The OS apparently closes the connections when processes are killed. Abnormally terminated might include power failure, firewall failures, Out Of Memory, OS/kernel crash, network connection failure, JBoss or other server node failure, etc. This was easily reproduced by creating a  process that connected to the db and updated a record but did not commit. While the first process was waiting, a second process with a contending update was started which blocked on the first update. The first clients network cable was then disconnected. The second clients transaction waited for approximately 2 hours until the databa...
Read more