Nilesh Pat

Ranch Hand
+ Follow
since Mar 01, 2010
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Nilesh Pat

Hi Abhay/Bear,
Thanks for your replay.

Abhay, it's a good solution you gave, by putting filter on WEB-INF value it will work for WEB-INF folder. But basically the whole 'webroot' folder comes under attack.
And is it not we want to download a file present in WEB-INF folder. It is like an hacker or attacker can access the file if we won't put the filter or validation on request.

Bear, exampleAction is just an struct action. it's just an example. there are many actions for login, registration, report generation etc.
11 years ago
Hi,
I need to restrict one attack on my server.

Attack Used: Submit=Download&all=/WEB-INF/web.xml

if someone append following string to my action URL it opens the file from the system.


For eg.
http://localhost:7001/tp/web/exampleAction.action?Submit=Download&all=/WEB-INF/web.xml

This will load web.xml in the browser.
Same with .jar or other files in webroot folder.

Many of my forms are sending data via GET so can't restrict out this all at once. Any idea?

Thanks in advance.
11 years ago

fred rosenberger wrote:if you know the order they have to be returned in, why sort it at all? just search through it for the 'next' one you want to return each time, and then return it.

Personally, I'd use a map.




It's like list from host will contain more of less than the known order list. we need to order it.
i can do it playing with arraylist like, creating 3rd list and insert values in it comparing both lists.

I want to know, can we achieve via comparator or any other java functionality?
11 years ago
I have made the properties file as my own for arranging, as a requirement we got one ordered list saying, list coming from host should be displayed in this order. Which is not alphabetical.
So i saved that list in .properties file giving it's order as key.
11 years ago

Campbell Ritchie wrote:What does it say in the properties file?



properties file will have order in which we need to arrange the list.
For eg.

0=pritam
1=vishal
2=nikhil
3=nilesh
4=prasanna
5=vijay

list from host will come in any order, it may have more names or less. but we need to order it in as given in this file. extra name will be listed at the end.
11 years ago
I need to arrange my arraylist in a predefined order (Not alphabetical).
i have a list coming from backend and i have set it in order as defined in .properties file.

Can we do it using Comparator?
If so, how? Do any one have an example?
11 years ago

Ulf Dittmer wrote:

Nilesh Pat wrote:Now i need more security not only for equal password but for similar password also.


That was my question: why do you think disallowing similar passwords provides more security? No password that is allowed should be trivially guessable or trivially crackable, so why would a password similar to a previous one be less secure?



It's a requirement from client,
Password history controls have been put in place to prevent disclosure of password through familiarity. Allowing users to bypass this control may allow a malicious user that is in close proximity of the user to eventually obtain the password little by little.
11 years ago
I am checking if user is using old password from history. Now i need more security not only for equal password but for similar password also.
I think

"Levenshtein function"

will work..

But as Jelle said, I am storing password in encode format in Database. Luckily it's not hashed so i think it will work using

"Levenshtein function"

.

Can anyone help me find out and explain code for it.

I have checked,
http://stackoverflow.com/questions/955110/similarity-string-comparison-in-java
11 years ago
I need to develop logic to check for similar password with it's history.

My application stores users last 5 passwords so that user is not allowed to use them again. But now i need to disallow him to use similar passwords also like,
Original Password: P@ssword1
First Password Change: P@ssword2
Second Password Change: P@ssword3

basically it's like calculating two string similarity. Can anyone suggest good logic to find out around more than 90% similarity in two strings.
11 years ago

robert walker wrote:one way to accomplish this is to use constructor expression in your JPQL, so for example, you could do a



in this example, example.EmpMenu class does not have to be an entity, it can be just a pojo, it must have proper constructor to match the constructor expression
in the JPQL.



Can you please expalin your logic?
Hi,

I have view created on two keys(composite kyes) like




How to use it as <id> in hbm.xml?
What is the primary key here?
i.e.
<id name="item_code" column="ITEM_CODE" type="string"></id>

i can't able to use criteria on such view. Getting duplicate values in criteria.list()

Please help

Ramesh Pramuditha Rathnayake wrote:



Thanks a lot Ramesh,
It worked without using Pattern and Matcher
11 years ago

fred rosenberger wrote:Does it have to be done in a single regex?



not necessarily. But if 1st regex remove # then it is difficult to rgain it for 2nd regex
11 years ago

Nilesh Pat wrote:Thank you for your replay.

Can you please suggest me Pattern which i can use to achieve this?



I need &# to be kept in my string. I want to clear single occurrence of # only
11 years ago
Thank you for your replay.

Can you please suggest me Pattern which i can use to achieve this?
11 years ago