Archive for April, 2011

in a component, you can link to a specific page by using $PAGE_LINK[name of page].
for example $PAGE_LINK[help/howto] will link to the current site help/howto.page.

Using $URL_PREFIX works in a similar way so that area relative paths can be used,e.g. $URL_PREFIX/images/icons/favicon.png.

Security Incident

Posted: 14 April 2011 in Uncategorized

Security is key. I usually generate random passwords and use sites password reminder functionality when I need to log in. I also use firefox’ password manager to remember my passwords for me. No 2 sites have the same password…

From: "no-reply>
Date: 13 April 2011 21:44:41 GMT+01:00
To: @
Subject: [New post] Security Incident

Security Incident

Matt | April 13, 2011 at 4:46 pm | Tags: security | URL: http://wp.me/pf2B5-1LC

Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.

Based on what we’ve found, we don’t have any specific suggestions for our users beyond reiterating these security fundamentals:

  • Use a strong password, meaning something random with numbers and punctuation.
  • Use different passwords for different sites.
  • If you have used the same password on different sites, switch it to something more secure.

(Tools like 1Password, LastPass, and KeePass make it easy to keep track of different unique logins.)

Our investigation into this matter is ongoing and will take time to complete. As I said above, we’ve taken comprehensive steps to prevent an incident like this from occurring again. If you have any questions or concerns, please leave a comment below or contact our support.

Add a comment to this post

WordPress WordPress.com | Thanks for flying with WordPress!
Manage Subscriptions | Unsubscribe | Publish text, photos, music, and videos by email using our Post by Email feature.

Trouble clicking? Copy and paste this URL into your browser: http://subscribe.wordpress.com

jsp EL memento

Posted: 12 April 2011 in Uncategorized

(this is a memento extract from http://download.oracle.com/javaee/1.4/tutorial/doc/JSPIntro7.html)
The JSP expression language defines a set of implicit objects:

  • pageContext: The context for the JSP page. Provides access to various objects including:
  • servletContext: The context for the JSP page’s servlet and any web components contained in the same application.
  • session: The session object for the client.
  • request: The request triggering the execution of the JSP page.
  • response: The response returned by the JSP page.

In addition, several implicit objects are available that allow easy access to the following objects:

  • param: Maps a request parameter name to a single value
  • paramValues: Maps a request parameter name to an array of values
  • header: Maps a request header name to a single value
  • headerValues: Maps a request header name to an array of values
  • cookie: Maps a cookie name to a single cookie
  • initParam: Maps a context initialization parameter name to a single value

Finally, there are objects that allow access to the various scoped variables

  • pageScope: Maps page-scoped variable names to their values
  • requestScope: Maps request-scoped variable names to their values
  • sessionScope: Maps session-scoped variable names to their values
  • applicationScope: Maps application-scoped variable names to their values

Brighton Marathon 2012?

Posted: 12 April 2011 in Uncategorized

Oh no! What have I done!?

Brighton%20Marathon%20-%20logo%20small.jpg

Dear runner,

Many thanks for entering the Brighton Marathon 2012. You are IN! You may click on the link below to view your detailed registration record. Don’t forget to visit our website www.brightonmarathon.co.uk for all the information you will need in the coming months while you prepare for April 15th 2012.

Best wishes,

The Brighton Marathon Team

Brighton Marathon 2012
Date: 15th April, 2012

I’ve been using a datasource and somehow lost some of my settings which meant that it stopped working. In order to get my configuration back, I did the following:

In server.xml (tomcat/conf/server.xml), I declared the following datasource (in the GlobalNamingResources section):

 <Resource name="jdbc/mydb"
 type="javax.sql.DataSource"
 auth="Container"
 driverClassName="com.mysql.jdbc.Driver"
 maxActive="20"
 maxIdle="10"
 maxWait="10000"
 username="myuser"
 password="****"
 url="jdbc:mysql://localhost:3306/mydb"
 />

in context.xml (src/main/webapp/META-INF/context.xml), I declared the following resource link:

  <ResourceLink
 name="jdbc/mydb"
 global="jdbc/mydb"
 type="javax.sql.DataSource"
 />

in web.xml (src/main/webapp/WEB-INF/web.xml), I use the following resource reference:

 <resource-ref>
 <res-ref-name>jdbc/mydb</res-ref-name>
 <res-type>javax.sql.DataSource</res-type>
 <res-auth>Container</res-auth>
 <res-sharing-scope>Shareable</res-sharing-scope>
 </resource-ref>

in persistence.xml, I use the following:

<persistence version="1.0" 
        xmlns="http://java.sun.com/xml/ns/persistence" 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">
 <persistence-unit name="mydbPU" transaction-type="RESOURCE_LOCAL">
 <provider>org.hibernate.jpa.HibernatePersistenceProvider</provider>
 <non-jta-data-source>java:/comp/env/jdbc/mydb</non-jta-data-source>
 <exclude-unlisted-classes>false</exclude-unlisted-classes>
 <properties>
 <property name="hibernate.dialect" value="org.hibernate.dialect.MySQLDialect"/>
 <property name="hibernate.cache.provider_class" value="org.hibernate.cache.NoCacheProvider"/>
 </properties>
 </persistence-unit>
</persistence>

If you do not configure the data source correctly, you will get some strange errors of the likes:

  • Illegal access: this web application instance has been stopped already. Could not load com.mysql.jdbc.SQLError.
  • Could not find datasource: java:/comp/env/jdbc/xxxx
  • javax.naming.NameNotFoundException: Name jdbc is not bound in this Context
  • java.sql.SQLException: No suitable driver
  • org.hibernate.HibernateException: Hibernate Dialect must be explicitly set
  • java.sql.SQLException: Cannot create JDBC driver of class ” for connect URL ‘null’
  • Context [/xxxx] startup failed due to previous errors