This week's book giveaway is in the Java in General forum.
We're giving away four copies of Event Streams in Action and have Alexander Dean & Valentin Crettaz on-line!
See this thread for details.
Win a copy of Event Streams in Action this week in the Java in General forum!

paul nisset

Ranch Hand
+ Follow
since May 13, 2009
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
18
Received in last 30 days
1
Total given
4
Given in last 30 days
1
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by paul nisset

Thanks Tim.
It is a bit of a chicken and the  egg syndrome .
I haven't worked anywhere that has adequately addressed it.

This is  why I thought Cornelia's suggestions of using Amazon Parameter Store or an external configuration server was interesting .
Maybe use a cert  to have the web server authenticate to the external configuration server.


You are right ,if you have a bad actor with access to the web server ,you are in a world of hurt anyway but ( hopefully ) you can minimize it by making it harder to access stored data .
JNDI and context.xml are excellent for general information like DB server paths etc. But I wouldn't want to put passwords in them.  
It doesn't really resolve the security of issue  having passwords readily accessible to anyone who has access to the web server having the keys to the kingdom all in one convenient place.

I've seen people put DB passwords in web.xml (luckily not often). It's quite shocking.    
Thank you for sharing your experiences Tim .

Your previous situation is exactly what we have.

Property files were being bundled up in the jar


We are in the process of migrating some of our web apps to Amazon so Parameter Store is a great tip!  

Cheers,
Paul
Thanks Cornelia.
The concept of a configuration server is interesting . We were recently asked to provide an alternative to properties files on our systems . There was a concern with the security in using them and all the database credentials for a web app being in a single plain text file. I didn't think hardcoding them was a good alternative or even that more secure in the case of reverse engineering.

The book sounds like it has some excellent practical advice.
-Paul
Hi,
What are the mistakes people make when developing a web app that will be hosted on the cloud?
thanks,
Paul
Hi,

I'm used to thinking of reactive programming more on the front end of apps with Javascript,css ,etc..
From the info on the book's site, it seems Reactive Spring is more focused on back end performance.

What does it do/add  in addition to  more general techniques like Thread Pooling?

Thanks,
Paul
3 weeks ago
Hi,

Is there an advantage to using Go over another language for some common data structures or algorithms?

thank you,
Paul
1 month ago
Go

Thanks Marco .
This sounds useful. As both Spring and Hibernate handle jdbc transactions, it is good to know how they interact when both are used.
Presumably ,developers should only use only one or the other.

-Paul

Hi ,
Does the book go to  what happens with jdbc transactions when they are configured in an app with both  Hibernate  and Spring ?

For example what happens when using the Spring  @Transactional annotation and then in the code there is session.beginTransaction() (where 'session' is a Hibernate Session) .    

thanks,
Paul
Thanks Randy.
Your point about the hyper scale companies is interesting.
Hi,
After reading a description of Apache Thrift , I am wondering when it would be used ?
In terms of web services ,it seems like it is covering existing ground.

Is it primarily to convert non web service applications into web services ? Reading the description, makes me think of technologies like CORBA .

thanks,
Paul
Hi,
I was wondering does Python lend itself to solutions of certain types of problems better than other languages?
ie. best tool for the job ....

thanks,
Paul
2 months ago


There are plenty of good articles that discuss the environmental impacts of BItcoin


Hi Kalle,

I'll check out the articles you posted . I agree traditional metal mining does an incredible amount of environmental damage.
Your points about Bitcoin solving some problems like runaway inflation are good. That is also the rationale behind gold mining. The value of any type of monetary instrument is very subjective. It's worth something if enough people agree its worth something .

cheers,
Paul
2 months ago
Joining a mining pool definitely makes senses.It's an interesting idea .
Whether it's a good use of natural resources/vast amounts of energy to produce a concept of money is another thing.
Thanks .
2 months ago