ridaen fiefur

Greenhorn
+ Follow
since Aug 25, 2014
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by ridaen fiefur

Your right :-) I will do that. Thank Paul for all !
Thank again Paul,

Yes it's for only XXE in exploitation security.
So I understand that shema xml validation doesn't take in account in XXE, right ? There are different things ?

Yes I think for the moment, don't disable schema, because you really use it in our application
Thank Paul, That's what I thought.
but I don't try to make a project, because I for the end of the week for my deadline.

however, do you think I need to switch to false the the XML validation content during parse. with isValidating(), for example on SAXParserFactory.
For it doesn't have impact on XXE subject ?

thank again
no sorry it's the same link that I gave above, it's doesn't take all XML libraries in account.
Hello all,

according this article:

https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Prevention_Cheat_Sheet#Java

I search a mean to disable all XXE functionalities for all parser without acting on each instantiation...

I have tried to define a jaxp.properties in under $JAVA_HOME/lib/jaxp.properties:

javax.xml.accessExternalStylesheet=""
javax.xml.accessExternalDTD=""
javax.xml.accessExternalSchema=""

it works correctly for DocumentBuilderFactory. I'm not sure for DocumentBuilderFactory, SAXParserFactory and DOM4J,  XPathFactory, TransformerFactory, SAXTransformerFactory ... all possible


Do you have an idea ?

Great thank & best regards.

Adrien
Hello all, I search a tool or framework which can provide a functionnality to handle this following use case:

I have a database in version N-1 of my software. Each client who is bought my software can customise and update the metadatas, tables ... to suit their needs.
For the next version of my software, I updated the model. For version N-1 to current N version at th customer, I search a means which allow to export the last database model and the current model
(at the moment I compare 2 xml files, the last and the newer) and allow the client to apply new database model update without loosing its customization.

Do you have an idea ?

Great thank and best regards
Hello all,

I have a web application, where a user can download 2 successive applets. Because of these applets 2, 2 sucessive authorization popup were asked (from the web browser).
Users are annoyed by this double authentication requests. Do you know a way to avoid this double authentication request, and keep the first authentication applet for the second ?

Thank all and best regarde.

Adryen
3 years ago
Yes its differs between JVMs and Servers, but I don't know how to include OSGI into my webapp ... for the reason is very simple: several of ours client have already jar in WEB-INF/lib and don't want to have several classes under WEB-INF/classes, them prefer to have another jar included all modified classes (which can be already present under default ljars WEB-INF/lib)

The really question is, if a mechanism of class loading order can be know ? Like my webapp have to jar /myapp/WEB-INF/lib/myjar1.jar and /myapp/WEB-INF/lib/myjar2.jar (with the same classes) into the search path of URLs for loading classes and resources, how we can know if the classes will be loaded from myjar1 or myjar2 ? Alphabetical order ?
3 years ago
Hello all,

I want to know how a JVM behavior have for jar classloading. For exemple if I have one class com.mypackage.myclass.class in a first jar like myjar1.jar and another version of this class in myjar2.jar how I can knowtry for force the second jar (myjar2.jar) class loading (overriding the first version in myjar1.jar). In what order jar are loaded into the JVM ?

I the myjar1.jar is loaded first and myjar2.jar is loaded in second, what the class version will be loaded ? The version in the first loaded jar myjar1.jar or myjar2.jar ?

Because, for example in a webapplication, several version of the same classes which can be present in differents jar, I want to force loading of specific versions of a jar that I know and where is present the last good version of classes.

Also, do you know is that possible or I need to override classloading ? And obviously how can I put this mechanism in place on different server (tomcat, jboss, websphere ...)

Great thanks and best regards,

Adrien
3 years ago
Yes I have try tje 8859-15 version, but not really supported by all platform, so that, I have choosen UTF-8 :-)
4 years ago
Hello all,

i have a problem with € symbol ... an application write a String content on the file system with following code:



It's correctry wrote on the file system:
TT;Pierre-H€enri;;Orange Grove;zefezfezfez, Directeur Juridique;TT;;azdaz;01 53 33 56 87;ezfezfez;01 53 33 51 59;.....&ée&ée;;;;;;132;CORDIAL;aaa

But when the application try to read the previous file with following code:



the application isn't able to properly read the symbol ... and return following line, without "€":
TT;Pierre-Henri;;Orange Grove;zefezfezfez, Directeur Juridique;TT;;azdaz;01 53 33 56 87;ezfezfez;01 53 33 51 59;.....&ée&ée;;;;;;132;CORDIAL;aaa

Do you know a solution ?

great thank
4 years ago