Ian McGarry

Greenhorn
+ Follow
since Mar 09, 2006
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Ian McGarry

I also came across this interesting whitepaper about Firewalls and Java.

It might be of interest....

http://www.xtradyne.com/documents/whitepapers/J2EESecurity-with-the-Xtradyne-I-DBC.pdf
Hi Narendra,

Thanks for the feedback. For some strange reason I had totally forgotten about the idea of using a DMZ! I must be looking at this stuff for too long!

I like the idea of using the DMZ with servers in the DMZ hardened as much as possible. I think it will definitely provide better security than a single firewall.

Cheers,
Ian
Hi all,

I posted a similar topic yesterday but it was too specific about the assignment. I don't think I got any replies so hopefully too much was not given away... Sorry about that I didn't mean to break the rules!

Hopefully this is more general.

When designing a J2EE system can we assume that devices inside a firewall are trustworthy? We could have a set-up where an application server is talking to many other servers such as a DB server, webserver, SMTP server etc etc. Would you typically want to encrypt all communication links between these devices?

My opinion, is to do that would be overkill. But I have read that most companies now feel that most network attacks come from inside the network, so maybe it is necessary? I'd appreciated any comments or opinions on this. Has any one here had any real world experience of securing an enterprise system, if so what issues did you encounter?

If this question is still too close to the bone, feel free to delete it.

Cheers,
Ian
Hi all,

I am working on part two of the SCEA.

I am assuming that all the servers in FBNs network will be within a Firewall.

Performance is one of the key requirements that we need to meet so to keep things as quick as possible I'd like to use secure/encrypted communicated between servers only where needed.

Can we assume that traffic sent between servers inside the firewall (i.e. between E450s and E10,000 server) will be safe and extra security is not needed?

I'm not that familar with all the possible attacks that could happen to a J2EE system so any comments would be welcome!

Thanks,
Ian
Hi all,

A quick question about SCEA version 1!

I have passed part 1, am nearly finished part 2 and have provisionally booked part 3 for a date in mid March.

I can't remember how I paid for part two of the exam. So if I was able to download the assignment from http://www.certmanager.net/sun_assignment/assignment.html does this mean I had purchased part 2 or is the voucher for part 2 only requested when the assignment is uploaded?

I need to know if I need to purchase another voucher as after Feb 29th I won't be able to get them anymore.

Thanks,
Ian
Thanks for the feedback Cameron! Sat the exam on Friday and passed with 85%, so happy days!

I found the 288 questions questions very helpful...
Hi all,

I'm hoping to sit part 1 of the exam in the next week or so. For those people who have passed part 1 of the SCEA how similar were the exam questions to the sample questions on this website:

288 questions

Thanks in advance,
Ian
Hi Sam,

Thanks for your reply. I'd like to get part one complete asap so I think I will stick with the current exam. When I get to part 2 I can then use all the latest J2EE 5 stuff.

Thanks,
Ian
Hi guys,

I am planning to start studying for the SCEA part 1. It will probably take me a month or two to get ready for the exam. Considering the current exam is extremely outdated and a new exam is coming soon do you think it is worthwhile spending time studying such an old curriculum or should I study towards the new beta exam.

I know the free Beta tests are running up until Dec 26th 2007 ( Free: Scea Beta ) but how quickly after that can we expect the Beta exam to go live?

Thanks in advance,
Ian
Hi Ed,

There are loads of discussions on the board about using RMI Factories. Here is only one:
RMI Factory Post

You could also look at:
Applying the Factory Pattern to RMI

Andrew also covers it in his book.

But the basic idea is that you create a new instance of the Data class for each connected client. The Data class in then passed into your lock method and used to identify the owner of the lock.

Cheers,
Ian

PS: not sure why my posts are appearing twice! Maybe something dodgy going on with the network here in work...
Hi Orico,

Thanks for the speedy reply! I am already using an RMI Factory pattern which allows me identify the owners of the locks. So I think I should be fine!

Thanks for the help,
Ian
Hi Orico,

Thanks for the speedy reply! I am already using an RMI Factory pattern which allows me identify the owners of the locks. So I think I should be fine!

Thanks for the help,
Ian
Hi Oricio,

Thanks for the advice!

Just so I understand what you are saying, am I correct in saying that the update(), create() and delete() methods in Data.java should only check if the record is locked but not actually try to lock it as I suggested?

Cheers,
Ian
Hi Oricio,

Thanks for the advice!

Just so I understand what you are saying, am I correct in saying that the update(), create() and delete() methods in Data.java should only check if the record is locked but not actually try to lock it as I suggested?

Cheers,
Ian
Hi all,

I am working on the B&S 2.3.2 project and I am starting to get confused about where I need to have record locking (I'm probably just looking at it for too long!!)

I have the Sun provided DBMain.java interface which is implemented in Data.java. I have decided implement a "thin client" i.e. the GUI will only be able to call Book() and Search() methods. These business methods are in a class called DBServerImpl.java.

In pseudo code one of the business methods would be similar to:


So far everything is fine!

My question is do we need to provide a similar level of record locking in the Data.java class? For example do we need to be concerned about other programs who might not use the business methods in DBServerImpl (i.e. Sun Test Harness, B&S legacy application etc) and would call methods randomly in Data.java? So would we need the following in Data.java?



Or is it enough presume that we only need to be worried about record locking in the DBServerImpl.java class above and Data.java is simply a wrapper to the Database, as follows:



I hope my question makes sense!

Thanks in advance,
Ian