Monday, September 29, 2014

Why DAO layer is implemented through an interface

WHY IS DAO is  implemented through an inteface  :
Here are some short facts i was able to have together :

When i first saw the DAO layer in my project , i was like what man why should in make in entry in DAO interface for accessing the database.
And i thought : what the hell, just make an entry and let it be.
Today i got some time to research and see why should i really want it.
The points which i was able to gather is

1) It' s easy to create test. You can create new implementation for test case and use them
2) You can check for authorization before giving access to DAO LAYER.
3) It affects the Junit test case to run faster.
5) Its like separating your logic from the service layer and its easy for understanding for new developer.
6) You can use polymorphism to store the implementation detail in the parent object and be the king here.
7) The basic use of interface to define a contract is well used in DAO pattern. Just define a interface and be the king of jungle.
8) You can use generics in DAO layer to become the the king of the kings of the jungle
9) The DAO pattern allows clean separation of concerns.
10) for using the names queries always set the parameters in DAO implementation and shoot it.

That's all i was able to gather. Lets see if i get more i will let you know.

But in the end don't use the DAO pattern if your application is not that complex. Just do simple things instead.

As said : If you have a doubt in mind, always go simply.

Saturday, September 27, 2014

LOGGING : A Historic Debate

Here i am again to tell you about my new learning that is : why should i use LOGGING in my project.

Does using any logging framework help in my project and what are its features and why is it famous and what is the need and in which case i should i use which feature.
First of all what is logging framework.Its like we make videos of our sweet memories in our life. In other word record some activity.
And to record the sweet memories(BUGS AND MANY MORE) in our development life logging framework is an option.

You would say : That said but whats wrong in using those console or alerts or println statements.
I say : Well, lets have a laugh on that. haha.


Lets explain now ,how is it a BOON:

1) The println statements will only be available to the console while The output from Log4j can go to the console,
 but it can also go to an email server, a database table, a log file, or various other destinations.

2) There are various trace levels which you can set while using the logging like : TRACE, DEBUG, INFO, WARN, ERROR, and FATAL.
So when you set a level for logging logging will be done for all levels for all levels above it. So while development the level should be debug.
and while deployment the level should be INFO or higher.

3) You should always log decision making statements so that its easy for you to get the flow.

4)
I think its cool to debugging, and troubleshooting with log4j and when some error occur in production and in case your luck is bad and its not reproducible in
development environment. So logging to the rescue here. This point has saved me a lot of times. I am sure you will agree on this.

5) And another point to debugging is when you have an error. Then you have to generate the whole test case which can take quite a lot of time on your local.
And if you will see the logging files for the testing server or the sandbox then it will be easy or atleast help you in finding the error.

6)
It can also be used to trace application activity.

OR IS IT A CURSE :
Well, there is a some disadvantages also  that is when you log you do lots of IO operations which in turn decreases the performance.
But i don't think it will decrease that much amount of performance. You can also go for logging to log things when the debug mode is enabled.

Don't use logging too much also as you might not be able to figure what happened actually by so many log files. SO take care on that.
Rest enjoy learning!

Last thing which i got from  msdn.microsoft.com is The Logging Application Block formaters do not encrypt logging information, and trace listener destinations receive
 logging information as clear text. This means that attackers that can access a trace listener destination can read the information.

Results :
So in all its a good thing with some disadvantages. But if try to cover the disadvantages its a BOOM.

Tuesday, September 23, 2014

Security of Web Applications : Thoughts

Its been some time i was thinking of the ways on how to apply security in web application project
I don't have much of an knowledge here so i tried getting some ideas :
These are some points which i found  :

1) Encode passwords :
    a) So one way is to encode your password and store the Hash in the database and then get it whenever you want to access it.
        In this way what happens is you dont have to worry about any hack.
    b) Some time you might can store your passwords in a completely new place like LDAP is used so that if you passwords are compromised then whole database is not compromised.

2) This is the common one : Use stored procedures and prepared statements for the SQL injections.

3) Provide script exploits by providing HTML encoding to Strings.

4) All important resources which should not be accessed by URL should be kept in WEB- INF.

5) All git hub repository should be private

6) Spring security : Spring provides various things
    a) Have an authentication in the service layer that your role is authorized to access DAO layer or DB  before making access to DAO layer.
    b) Spring security :
The tagline is  :
    Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications.
    Spring security covers two things in a very good manner authorizations and authentication.It provides
    Protection against attacks like session fixation, clickjacking, cross site request forgery, etc . And you can integrate it with spring MVC also.

7) Securing your application or web server : This can be done by
    a) having seperate server for servers for testing , developement and production.
    b) Controlling permissions and privilages over the time.
    c) Doing Audits over certain periods of time and many more.


In the last   there are various tools online for web vulnerability and hacking like W3AF easy to  install and use.

There are many more thing i am still in the search for , i fill give you more fire in that.

Enjoy Coding!