Today's Question:  What does your personal desk look like?        GIVE A SHOUT

SEARCH KEYWORD -- code security

  Chrome to block mixed content downloads in version 86

Google has announced its plan to block mixed content downloads in Chrome in February 2020 and now the day to block mixed content downloads is coming soon as we are nearing October when Chrome 86 is supposed to be released. What is mixed content downloads? According to Google, it is non-HTTPS downloads started on secure pages. For example, if you access a page called https://example.com/download, and in this page, there is a download link to http://download.example.com/something, ...

   CHROME,MIXED CONTENT DOWNLOADS     2020-09-18 21:10:53

  Using Java keytool programmatically

Java provides a command line tool to access and operate different keystore which store keys and certificates. This tool is named keytool and is located at \bin.  On command line, you can issue below command to generate a keystore named mytest.jks which contains a private key and certificate chain. keytool -genkeypair -alias mykey -keyalg RSA -sigalg SHA256withRSA -dname CN=Java -storetype JKS -keypass password -keystore mytest.jks -storepass password Sometimes, in testing purpose, w...

   JAVA,KEYTOOL     2016-01-09 06:28:07

  Web Security: In-Depth Explanation of X-XSS-Protection

What is X-XSS-Protection X-XSS-Protection is an HTTP response header designed to enable or configure built-in cross-site scripting (XSS) filters in certain versions of Internet Explorer, Chrome, and Safari. The purpose of these filters is to detect reflected XSS attacks in the response and prevent the loading of pages, thereby protecting users from such attacks. The X-XSS-Protection response header was initially introduced by Microsoft in Internet Explorer 8 to control the browser's XSS filter. ...

   X-XSS-PROTECTION,WEB SECURITY,CONTENT SECURITY POLICY,XSS,CSP     2023-11-29 01:48:40

  Arrays.equals() vs MessageDigest.isEqual()

Both Arrays.equals() and MessageDigest.isEqual() are used to compare the equality of two arrays. They can be interchangeably in many cases. However, they do have some differences which lead to different use cases in real applications. One difference is that the arrays passed to MessageDigest.isEqual() cannot be null while it's ok for Arrays.equals(). The one major difference between these two methods is that Arrays.equals() is not time-constant while MessageDigest.isEqual() is time-constant. Thi...

   Arrays.equal(),MessageDigest.isEqual(),Java,Security     2015-05-14 22:03:29

  Access control in Java -- doPrivileged

Previously we have introduced how Java performs permission check to protect resource access. What if sometimes we need to give some class the temporary access to some resource which it initially doesn't have? AccessController provides six doPrivileged methods to fulfill this requirement. These six methods have below signatures : static T doPrivileged(PrivilegedAction action)static T doPrivileged(PrivilegedAction action, AccessControlContext context)static T doPrivileged(PrivilegedExceptionA...

   JAVA,SECURITY,DOPRIVILEGED     2016-03-08 05:46:42

  Create wireless hotspot on your smartphone

It's now very common that you may not get Internet connection in first few days when you move to a new place. And you may have some important things to handle or you may just want to connect to Internet and share with others your new place. If you have a smartphone which has enough mobile data package, then you are on the way to enjoy Internet. Today we will introduce how to create a wireless hotspot on your smartphone with Samsung Galaxy S3 i9300. Step 1 Go to Settings -> More Settings ->...

   Wireless hotspot, Smartphone, Samsung     2013-01-12 23:08:39

  Create temp file in Bash using mktemp and trap

When working on Linux Bash, sometimes there is need to create temporary file. A common way of creating temp file on Linux is creating some file in /tmp directory. However there is security risk when creating temp file in /tmp directory. This post will show how to securely create temp file in Linux Bash. When creating file in /tmp directory, there are some security risks. This directory can be accessed by any user on the system, any user can write data into this directory as well. The files creat...

   LINUX,MKTEMP,TRAP,TEMP FILE     2019-12-30 23:28:23

  Simple Strategies to Boost Your Android Phone Security

Android is one of the safest operating systems for smartphones and tablets if used correctly. Unfortunately, only a third of Android users use the latest version, and older versions are far more vulnerable than newer ones. Not to mention that many manufacturers take their time when it comes to downloading the latest security patches. A news blog Android Authority ranked the fastest manufacturers in downloading system updates. Here are the results: LG - 78 days Motorola - 88 days HTC - 95 days S...

   ANDROID,DATA SECURITY     2019-02-19 07:36:46

  Different types of keystore in Java -- DKS

Domain KeyStore(DKS) is a keystore of keystore. It abstracts a collection of keystores that are presented as a single logical keystore. Itself is actually not a keystore. This new keystore type is introduced in Java 8. There is a new class DomainLoadStoreParameter which closely relates to DKS. To load different keystores into the single logical keystore, some configuration is needed. Here is the format of the configuration for grouping different keystores. domain [ ...] { keystore [ ....

   Java,keystore,DKS,tutorial     2015-01-20 02:27:27

  Google open sources its Collaborative IDE

July 9, 2012 news, Google engineer Scott Blum published an article on Google+ which revealed that Google would open source the Collaborative IDE. The project was named "Collide" (collaborative IDE), which is a Web collaborative code editor. Google hopes that Collide can serve as a catalyst for improving the state of web-based IDEs.Caution Collide does not have any proper auth, SSL support, or user account management just yet. Please consider that fact when running instances that expose important...

   Google,Open source,Collide IDE     2012-07-09 10:55:20

RECENT