Zhixiong Pan

Hi Ranchers,

I tried to cross site scripting attack my application deployed on the Sun One server.
The attacking code is as following. And my browser is FireFox.
vBsCrIpT%3aMsgBox(83665)%20
I received alert message of "Firefox doesn't know how to open this address, because the protocol (vbscript) isn't associated with my program". However I expected alert message of 83665.

Thanks.

My application structure will be exposed by the following url. The Audit required a fixing to that web vulnerability. I am not sure if the url redirect can fix that? And how to fix that. Should I create a servlet to redirect that url or there is some other simple way? Thanks.

https://personmaintenance.pp.gm.com/images/

Hi ranchers,

Can I take 310-503 directly? Thanks.

310-052 Sun Certified Enterprise Architect for J2EE 5
310-053 Sun Certified Enterprise Architect, Java, EE5 Upgrade Exam

1) Integration and Messaging
My score is 33%
2) Applicability of Java EE Technology
My score is 11%
3) Security
My score is 12%

Thank you all.

Thanks very much, David.

Hi ranchers,

In my application, many jsp files include the header.jsp to display the head.
There are two ways, both static include and dynamic include.
The static include is <%@ include file="/jsp/header.jsp" %>.
The dynamic include is <jsp:include page="/jsp/header.jsp" flush="true">.
There was a requirement to update the header.jsp and every page that includes the header needs to display the new header.
It seems that I just need to deploy the updated header.jsp. But that doesn't work due the web container setting.
I also need to re-deploy all those includer jsp files to make sure their time stampt is more recent then the header.jsp.
That caused a big maintenance problem.
I am not very sure if the web container is Sun iPlanet.
Do you have any comments for the sustain?
Thanks.

Cong!!

I am so upset since I just failed to pass today.

My score on each objectives are as:
The Servlet Technology Model ----33%
The Structure and Deployment of Web Applications -----37%
The Web Container Model ----57%
Session Management ----57%
Web Application Security ----66%
The JavaServer Pages (JSP) Technology Model ----57%
Building JSP Pages Using the Expression Language (EL) -----60%
Building JSP Pages Using Standard Actions ----75%
Building JSP Pages Using Tag Libraries ----37%
Building a Custom Tag Library ----80%
J2EE Patterns ----83%

That chart actually reflected my weak part in heading a Web Developer. My embarrassment is that my job can hardly contribute knowledge or experience to such a cert.
Some MOCK exams had been taken are from the JavaRanch free ones. Before I decide to take a next trying, I have two questions:
1) I have heard some change about the SCWCD since this July because of the Sun merging into the Oracle. Is that correct?
2) Are those non-free MOCK exam going to provide more simulated quizes?

Thank you!

Which design pattern does the following description best match?


"One of the main drivers for this pattern is to minimize network traffic. It does this by providing a local representation of a remote object. This pattern is associated with the idea of a cache, i.e. an area where frequently accessed data can be stored for rapid access."

A. Transfer Object
B. Model-View-Controller
C. Business Delegate
D. Service Locator

My original answer is C, because that pattern use a local cacher for Transfer Object, but the provided answer is A. Do you think if that is a bit confusing?

That is from examulator/ ► SCWCD/ ► Quizzes/ ► Design Patterns Quiz/ ► Attempt 1, http://www.examulator.com/moodle/mod/quiz

Thanks Frits, can I understand your meaning as the following example?
Department A can access the Dept A web resource. ---- That is Authorization.
Department B can't access the Dept A web resource. ---- That is Confidential.

You may find the question from http://www.cafe4java.com/mockexams/scwcd/mock1/q5.php

An organisation hosts a web application and assigns individual username/ password to all its employees, together with a set of access rights so that users of a particular department are unable to access data related to any other department. Which security mechanism is employed by this organisation? (select one correct answer)
A) Data Integrity
B) Confidentiality
C) Authentication
D) Authorization
E) Only A and B options
F) Only B and C
G) Only C and D
H) Only B, C and D
E) A, B, C and D

hi ranchers,

The correct answer is H, but I am confused why the "Confidentiality" is also used here.

Thanks.

I am wondering why the JSP would still like to employee the Tag file after it has already had the Custom Tag class and EL function.
I am still poor in the Tag file part of the objectives while heading SCWCD.

hi,

I recieved the same exception.
com.example.CompressionResponseWrapper.getGZIPOutputStream(CompressionResponseWrapper.java:99) com.example.CompressionFilter.doFilter(CompressionFilter.java:61)

Could anyone kindly point out why so many people were blocked there.

Thanks.

Hi all,

Please check my understanding as below:

The "BASIC" will pop up a login dialog, just like the Tomcat Manager. The you need to enter the password and id. In my case, I am using Tomcat, so the role definition is in tomcat-users.xml.

web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>Sensitive</web-resource-name> <url-pattern>/sensitive/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>administrator</role-name> <role-name>executive</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Roles Demonstration</realm-name> </login-config>

tomcat-users.xml:
<tomcat-users> <user name="admin" password="test" roles="administrator"/> </tomcat-users> .

However I am still not understanding the other three types of secirty, CLIENT-CERT, FORM, DIGEST. How much do I have to understand to pass the exam?

Thanks very much.

Hi all,

My exception jsp is like:
<%@page errorPage="/ErrorPage.jsp" %> <% int i = 1; if(i>0) { throw new Exception("I am a big ERROR!"); } %> . And I also created the ErrorPage.jsp like:
<%@page isErrorPage="true" contentType="text/html; charset=UTF-8"%> <HTML> <HEAD> <TITLE>Page Error</TITLE> <META http-equiv="Content-Type" content="text/html;charset=gb2312"> </HEAD> <BODY> Error: <font color=red><%=exception%></font> </BODY> </HTML> .
When I tried to run the exception jsp, I just received the HTTP 500 issue, but not be navigated to the ErrorPage.jsp.
If I remove the <%@page isErrorPage="true" contentType="text/html; charset=UTF-8"%> from the ErrorPage.jsp and also remove the <%=exception%>, then the exception jsp can be navigated to the ErrorPage.jsp.
Could you please advice?