paul nisset

Thanks Tim.
It is a bit of a chicken and the  egg syndrome .
I haven't worked anywhere that has adequately addressed it.

This is  why I thought Cornelia's suggestions of using Amazon Parameter Store or an external configuration server was interesting .
Maybe use a cert  to have the web server authenticate to the external configuration server.


You are right ,if you have a bad actor with access to the web server ,you are in a world of hurt anyway but ( hopefully ) you can minimize it by making it harder to access stored data .

JNDI and context.xml are excellent for general information like DB server paths etc. But I wouldn't want to put passwords in them.  
It doesn't really resolve the security of issue  having passwords readily accessible to anyone who has access to the web server having the keys to the kingdom all in one convenient place.

I've seen people put DB passwords in web.xml (luckily not often). It's quite shocking.    

Thank you for sharing your experiences Tim .

Your previous situation is exactly what we have.

Property files were being bundled up in the jar

We are in the process of migrating some of our web apps to Amazon so Parameter Store is a great tip!  

Cheers,
Paul

Thanks Cornelia.
The concept of a configuration server is interesting . We were recently asked to provide an alternative to properties files on our systems . There was a concern with the security in using them and all the database credentials for a web app being in a single plain text file. I didn't think hardcoding them was a good alternative or even that more secure in the case of reverse engineering.

The book sounds like it has some excellent practical advice.
-Paul

Hi,
What are the mistakes people make when developing a web app that will be hosted on the cloud?
thanks,
Paul

Hi,

I'm used to thinking of reactive programming more on the front end of apps with Javascript,css ,etc..
From the info on the book's site, it seems Reactive Spring is more focused on back end performance.

What does it do/add  in addition to  more general techniques like Thread Pooling?

Thanks,
Paul

Hi,

Is there an advantage to using Go over another language for some common data structures or algorithms?

thank you,
Paul

Thanks Marco .
This sounds useful. As both Spring and Hibernate handle jdbc transactions, it is good to know how they interact when both are used.
Presumably ,developers should only use only one or the other.

-Paul

Hi ,
Does the book go to  what happens with jdbc transactions when they are configured in an app with both  Hibernate  and Spring ?

For example what happens when using the Spring  @Transactional annotation and then in the code there is session.beginTransaction() (where 'session' is a Hibernate Session) .    

thanks,
Paul

Thanks Randy.
Your point about the hyper scale companies is interesting.

Hi,
After reading a description of Apache Thrift , I am wondering when it would be used ?
In terms of web services ,it seems like it is covering existing ground.

Is it primarily to convert non web service applications into web services ? Reading the description, makes me think of technologies like CORBA .

thanks,
Paul

Thanks David.
The book sounds interesting.

Hi,
I was wondering does Python lend itself to solutions of certain types of problems better than other languages?
ie. best tool for the job ....

thanks,
Paul

There are plenty of good articles that discuss the environmental impacts of BItcoin

Hi Kalle,

I'll check out the articles you posted . I agree traditional metal mining does an incredible amount of environmental damage.
Your points about Bitcoin solving some problems like runaway inflation are good. That is also the rationale behind gold mining. The value of any type of monetary instrument is very subjective. It's worth something if enough people agree its worth something .

cheers,
Paul

Joining a mining pool definitely makes senses.It's an interesting idea .
Whether it's a good use of natural resources/vast amounts of energy to produce a concept of money is another thing.
Thanks .