10 December 2013
In this blog post I will explain how to configure your browser to use the OWASP ZAP Proxy to click through a web application running on local host. Also I will explain its various findings and how to solve them.
02 September 2013
Can you handle JSON natively in Java? The very short answer: no. It is possible to get a near-native JSON handling experience, for example with EasyGson. There is a price to pay, though. You will have to forgo standard Java best practices and accept that the JSON itself can be the master data source in your domain.
13 August 2013
The discussion on start (-Xms) and maximum (-Xmx) heap memory in Java is and old one. The consensus among admins is that both settings are best set to equal values in order to prevent internal Java reorganizations when heap changes are required. Before you follow this advice, you best understand that the starting heap is not fully claimed at the OS level and also that some garbage collection runs may not be triggered at all in your application.
11 June 2013
20 May 2013
First there is the password. It is passed as a parameter to the TPS driver. Oddly enough it is called the 'owner' parameter. With the password a key is generated which is used to encrypt and decrypt the data. The effect is pretty dramatic.
07 May 2013
29 April 2013
16 April 2013
09 April 2013
26 March 2013
The easy to use Databinding of Spring MVC will, unconfigured, bind any property in the incoming POST to your domain model, including those not present in the form. To make matters worse, it is also possible to navigate property paths and modify other objects in the domain model. They will get saved too if you have a transaction because of Hibernate's automatic dirty checking. If you use Spring Roo with Hibernate and Spring MVC this is the default behavior.
In this blogpost, I will demonstrate this feature and show you how to fix it.