paul nisset

That's a good point.
thanks.

Thanks Scott.
That is my situation . I work on a legacy system that gets more dated by the day.
There has been a reluctance by management to update it.

Hi,

My Java skills are several versions out of date. How appropriate is this book for someone who wants to just get up to date with the latest Java ?
I noticed you mentioned that you combined two Java 11 OCP books into one. Awesome!
thanks,
Paul

Thanks Phillip.
That is useful information.

Thanks Phillip .
My web site is a pretty traditional Java MVC site . Not service based.
The external links on the site are to a report server and to a relational database.
How/where should I define the url variables to the external servers ?

What steps should I take to prevent XSS and XSF ?
thank you,
Paul

Hi Phillip,

What is the biggest risk for  an end user of my web site (browser based) from malicious websites that could then compromise my website ?
15 years ago ,there was an axiom of "disable javascript" . These days that makes browsing the web unusable despite  javascript being a lot more powerful.

thank you,
Paul

@Raju
Thanks for the clarification . That makes sense.

@Raju

when you push or pull, Git traces the commit graph

That's something don't know about but maybe a reason for reading the book.
I thought that when I did a checkout ,git just over wrote my local copy with the entire file(s) that I checked out.

Thanks Marco.
That is a good point about the type of Repo making a difference.

Hi Raju,
Thanks for sharing your knowledge. Storing in blobs and tracking meta data is interesting. I can see how that would be more efficient.
Especially if you have a lot of people checking out files but not pushing changes that often.
-Paul

Hi,
Your article was interesting . I would have thought the second commit would have just stored changed lines .
What happens if the disk storing the repo runs out of space?

thanks,
Paul

Hi,
Thanks for your perspective.

I still believe storing passwords/access tokens on every machine is a stupid idea.
If one of my machines gets compromised, the gate has been opened and the horses are gone before I know about it.
Changing the locks/revoking the token after after someone has stolen my code is pretty useless at that point.
The fact that only one token or 5 has been compromised doesn't matter.

One scenario that having multiple tokens and keeping them on different machines makes sense is a team/group development environment where only one person/admin/owner can create tokens. That should have been an optional choice, not a forced one. For single code maintainer's, Github's change just created security holes and made access more of a pain than it needs to be.

In terms of storing them I use :
"git config credential.helper store" rather than the OS password manager mainly because I'm not sure how git interacts with external password managers.

I find credential.helper a useful feature and if it is built in to the product why not use that.


-Paul

Hi,
Last year GitHub forced everyone to use what they call Tokens to access their own repositories. To me, it seems like all they did was force me to update my own Github repository password with a very long one that Github generated . It being long and unmemorizable doesn't make it a token .It just makes it a long unmemorizable password that now has to copied and stored everywhere I use Github.

The outcome of this forced password  change is now there is a physical copy of this password on every computer I use to access my Github repositories. This is not more secure from my perspective.

I'm still prompted to manually enter (copy and paste) this long password whenever I need to access a Repository using Git's own command line tools.

What I thought was extra special was that ,in order to implement this forced change, I had to log into Github itself with  my own password.

Did I miss something with this process or was this as stupid as it appears to be?

thanks,
Paul

Hi,
There have been a lot of Java releases in the last few years.
What feature(s) are you most excited about in Java 17 ?

thanks,
Paul

In short, what do I need to improve so that I can only use postman without a view, send a request and get a response and write a back end?

You need to create servlet.
Have it running on a web server .
Have it handle request and response parameters.

Configure the request in Postman .
Call the request in Postman.
Look at the response .

-----------------------------------------------

In your servlet ,you will likely call another java object/class to package request in one or more model objects, validate the request (model object(s)) ,do any processing ,and then forward the java model data object(s) to the data access layer. The data access layer then persists the data.

Most people use framework like Spring to handle these actions.

Hope this helps.
Paul