This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Hands On Software Engineering with Python and have Brian Allbey on-line!
See this thread for details.
Win a copy of Hands On Software Engineering with Python this week in the Jython/Python forum!

ridaen fiefur

+ Follow
since Aug 25, 2014
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by ridaen fiefur

Your right :-) I will do that. Thank Paul for all !
Thank again Paul,

Yes it's for only XXE in exploitation security.
So I understand that shema xml validation doesn't take in account in XXE, right ? There are different things ?

Yes I think for the moment, don't disable schema, because you really use it in our application
Thank Paul, That's what I thought.
but I don't try to make a project, because I for the end of the week for my deadline.

however, do you think I need to switch to false the the XML validation content during parse. with isValidating(), for example on SAXParserFactory.
For it doesn't have impact on XXE subject ?

thank again
no sorry it's the same link that I gave above, it's doesn't take all XML libraries in account.
Hello all,

according this article:

I search a mean to disable all XXE functionalities for all parser without acting on each instantiation...

I have tried to define a in under $JAVA_HOME/lib/


it works correctly for DocumentBuilderFactory. I'm not sure for DocumentBuilderFactory, SAXParserFactory and DOM4J,  XPathFactory, TransformerFactory, SAXTransformerFactory ... all possible

Do you have an idea ?

Great thank & best regards.

Hello all, I search a tool or framework which can provide a functionnality to handle this following use case:

I have a database in version N-1 of my software. Each client who is bought my software can customise and update the metadatas, tables ... to suit their needs.
For the next version of my software, I updated the model. For version N-1 to current N version at th customer, I search a means which allow to export the last database model and the current model
(at the moment I compare 2 xml files, the last and the newer) and allow the client to apply new database model update without loosing its customization.

Do you have an idea ?

Great thank and best regards
Hello all,

I have a web application, where a user can download 2 successive applets. Because of these applets 2, 2 sucessive authorization popup were asked (from the web browser).
Users are annoyed by this double authentication requests. Do you know a way to avoid this double authentication request, and keep the first authentication applet for the second ?

Thank all and best regarde.

3 years ago
Yes its differs between JVMs and Servers, but I don't know how to include OSGI into my webapp ... for the reason is very simple: several of ours client have already jar in WEB-INF/lib and don't want to have several classes under WEB-INF/classes, them prefer to have another jar included all modified classes (which can be already present under default ljars WEB-INF/lib)

The really question is, if a mechanism of class loading order can be know ? Like my webapp have to jar /myapp/WEB-INF/lib/myjar1.jar and /myapp/WEB-INF/lib/myjar2.jar (with the same classes) into the search path of URLs for loading classes and resources, how we can know if the classes will be loaded from myjar1 or myjar2 ? Alphabetical order ?
4 years ago
Hello all,

I want to know how a JVM behavior have for jar classloading. For exemple if I have one class com.mypackage.myclass.class in a first jar like myjar1.jar and another version of this class in myjar2.jar how I can knowtry for force the second jar (myjar2.jar) class loading (overriding the first version in myjar1.jar). In what order jar are loaded into the JVM ?

I the myjar1.jar is loaded first and myjar2.jar is loaded in second, what the class version will be loaded ? The version in the first loaded jar myjar1.jar or myjar2.jar ?

Because, for example in a webapplication, several version of the same classes which can be present in differents jar, I want to force loading of specific versions of a jar that I know and where is present the last good version of classes.

Also, do you know is that possible or I need to override classloading ? And obviously how can I put this mechanism in place on different server (tomcat, jboss, websphere ...)

Great thanks and best regards,

4 years ago
Yes I have try tje 8859-15 version, but not really supported by all platform, so that, I have choosen UTF-8 :-)
4 years ago
Hello all,

i have a problem with € symbol ... an application write a String content on the file system with following code:

It's correctry wrote on the file system:
TT;Pierre-H€enri;;Orange Grove;zefezfezfez, Directeur Juridique;TT;;azdaz;01 53 33 56 87;ezfezfez;01 53 33 51 59;.....&ée&ée;;;;;;132;CORDIAL;aaa

But when the application try to read the previous file with following code:

the application isn't able to properly read the symbol ... and return following line, without "€":
TT;Pierre-Henri;;Orange Grove;zefezfezfez, Directeur Juridique;TT;;azdaz;01 53 33 56 87;ezfezfez;01 53 33 51 59;.....&ée&ée;;;;;;132;CORDIAL;aaa

Do you know a solution ?

great thank
4 years ago