What is the SQL Injection?
SQL injection is a trick that can exploits the Security Vulnerablity occurring in the DB layer of the system.
Vulnerability means when user input is either incorrectly filtered for string literals,Escape Characters like < ,>,",',\,&. embedded in Sql statements.
The SQL injection occurs when user input is not filtered for Escape Characters like < ,>,",',\,& and these Escape Character are passed into a Sql statement. This results in the manipulation of the statements performed on the database by the end user .
Example:
Sql Statement
"SELECT * FROM userimfromation WHERE name = '" + userName + "';"
this Statement Work against to get the username
if the User will provide s' or 'm'='m as the Usename
then new statement from is
"SELECT * FROM userimfromation WHERE name = ' s' or 'm'='m ' ;
so by this statement we are applying condition if any one condition is true it ll excute the Statement
Wednesday, October 24, 2007
Tuesday, October 16, 2007
Why The Green Thread model is Implemented in java by SunMicrosystems?
Why The Green Thread model is Implemented in java by SunMicrosystems?
the thread scheduling is managed by virtual machine ie JVM. as compare to the Native Thread model, the thread scheduling is managed by the OS.In Green Theard Model the Green threads supports multithreaded environment without depending on native Operating System . The Green Threads run code in user space those are manages and schedules threads; SunMicrosystem wrote green thread model to provide the Freature of green threads can be used in java.So Java can work in environment that do not have native thread support.
In the Green Thread model, the OS doesn't know anything about the threads used in the JVM. It's up to the JVM that how to handle all the details.
Green threads can't take advantage of multiple CPUs, but they have the advantage of lighter weight for context switching.
the thread scheduling is managed by virtual machine ie JVM. as compare to the Native Thread model, the thread scheduling is managed by the OS.In Green Theard Model the Green threads supports multithreaded environment without depending on native Operating System . The Green Threads run code in user space those are manages and schedules threads; SunMicrosystem wrote green thread model to provide the Freature of green threads can be used in java.So Java can work in environment that do not have native thread support.
In the Green Thread model, the OS doesn't know anything about the threads used in the JVM. It's up to the JVM that how to handle all the details.
Green threads can't take advantage of multiple CPUs, but they have the advantage of lighter weight for context switching.
Monday, October 15, 2007
Use Test Scripts to Help Understand the Requirements
Use Test Scripts to Help Understand the Requirements
With greater distance, you need to put more ceremony into communicating requirements. We've been able
to do that while still sticking to many of the techniques that we use in single-site development.
Increasingly I've found that more mature XP teams use acceptance tests as ways of communicating
requirements. Such teams get test scripts written out before the start of an iteration to help clarify the
requirements and give the development team a concrete target to aim at. One style that's worked well is for
a US based customer to write a short narrative (a couple of pages) to flesh out a feature (story in XP lingo).
An Indian based analyst/tester then creates test scripts for this story. This can be done either for automated
or manual testing, although we very much prefer automated tests. As the scripts are developed the US and
Indian analysts coordinate by email and IM as well as regular (2-3 times a week) conference calls to review
the test scripts.
We've found that this has very much helped both the Indian analyst and the US customer really understand
the requirements. Writing out the tests forces the Indian analyst to really understand what's needed and to
ask questions of the US customer as questions turn up. The developers find it easier to ask questions of the
Indian analyst rather than dig through the test scripts, so having an Indian analyst/tester is still important.
Search engines are good, but humans are often easier to work with.
how can this help me in understanding my requirement through Tests
With greater distance, you need to put more ceremony into communicating requirements. We've been able
to do that while still sticking to many of the techniques that we use in single-site development.
Increasingly I've found that more mature XP teams use acceptance tests as ways of communicating
requirements. Such teams get test scripts written out before the start of an iteration to help clarify the
requirements and give the development team a concrete target to aim at. One style that's worked well is for
a US based customer to write a short narrative (a couple of pages) to flesh out a feature (story in XP lingo).
An Indian based analyst/tester then creates test scripts for this story. This can be done either for automated
or manual testing, although we very much prefer automated tests. As the scripts are developed the US and
Indian analysts coordinate by email and IM as well as regular (2-3 times a week) conference calls to review
the test scripts.
We've found that this has very much helped both the Indian analyst and the US customer really understand
the requirements. Writing out the tests forces the Indian analyst to really understand what's needed and to
ask questions of the US customer as questions turn up. The developers find it easier to ask questions of the
Indian analyst rather than dig through the test scripts, so having an Indian analyst/tester is still important.
Search engines are good, but humans are often easier to work with.
how can this help me in understanding my requirement through Tests
Subscribe to:
Posts (Atom)