itech9

Collections characteristics:

• synchronized (hashtable-yes, hashmap-no, vector-yes, arraylist-no)
• directionality (iterators)
• allow null values (hashtable-no, hashmap-yes)
• preserve insert order
• duplicates (set-no, list-yes)

Notes:

• Collections interfaces: Collection, Set, List and Map.
• To synchronize HashMap:

  Map m = Collections.synchronizeMap(hashMap);

• Some implementations: HashSet, HashMap, ArrayList, LinkedList, TreeSet and TreeMap.
• An ArrayList is resizable, where as, an array is not.
• Hashmap overrides?

  The methods to override are equals() and hashCode().

• Difference between Enumeration and Iterator?

  Enumeration is read-only. Iterator provides remove and add methods
  and it is fail-fast in multi-threaded configurations.

using System.Drawing;
using System.Drawing.Imaging;

// apt-get install libgdiplus

class CGTest1 {

    public static void Main() {

        /* Image bmpImageToConvert =
           System.Drawing.Image.FromFile(
           Server.MapPath(strUploadImagePath));
         */

        Image bmpImageToConvert = Image.FromFile("images/sample3.jpg");
        Image bmpNewImage = new Bitmap(bmpImageToConvert.Width,
                                       bmpImageToConvert.Height);
        Graphics gfxNewImage = Graphics.FromImage(bmpNewImage);
        gfxNewImage.DrawImage(bmpImageToConvert,
                              new Rectangle(0, 0, bmpNewImage.Width,
                                            bmpNewImage.Height),
                              0, 0,
                              bmpImageToConvert.
                              Width,bmpImageToConvert.Height,
                              GraphicsUnit.Pixel);
        gfxNewImage.Dispose();
        bmpImageToConvert.Dispose();

        /*bmpNewImage.Save(Server.MapPath("userData/" &
          Request.QueryString("ID") & "/" & e.Item.Cells(2).Text &
          ".jpg"),ImageFormat.Jpeg)
         */

        bmpNewImage.Save("images/sample3t.png", ImageFormat.Png);
    }
}

Thanks to :

http://www.codeverge.net/ng.asp-net-forum.getting_started/converting-a-png-or-gif-to-a-jpeg

From: CISSP Training Guide by Roberta Bragg

Confidentiality – Disclosure
Integrity – Alteration
Availability – Destruction

CIA: Confidentiality, Integrity, Availability
DAD: Disclosure, Alteration, Destruction (Denial)

Access control is the collection of mechanisms that permits managers of a system to exercise a directing or restraining influence over the behavior, use, and content of a system.

In most cases, you want to give the user the least amount of access he needs to do his job and nothing else. This concept is often referred to as the principle of least privilege. It gives you the power of combining authentication with access control.

The biggest problem with accountability is shared accounts.

Common access control techniques (types of access control)

• Discretionary access control
• Mandatory access control
• Lattice-Based access control
• Rule-Based access control
• Role-Based access control
• The use of access control lists

Discretionary access control
 Essentially based on human decisions.

Mandatory access control
 Based on using subject classification levels

Lattice-Based access control
 Based on graphs, partial order: reflexive, anti-symetric and transitive.

Rule-Based access control
 ACLs – a formalized rule-based control mechanism.

Role-Based access control
 Bell-LaPadula (BLP).
 .. confidentiality: is to prevent, detect, and deter unauthorized access to information..
 Simple security rule: Read Up No, Read Down Yes or RUN-RDY
 Star (or *) property: Write Up Yes, Write Down No or WUY-WDN
 Biba Model
 Deals with integrity ; opposite to BLP:
 Simple security: Read UP Yes, Read DOWN NO
 Star property: Write DOWN YES, Write UP Yes

The use of access control lists

Access Control Methodologies

 Centralized, Decentralized

Intrusion Detection (IDS)

 Methods and tools for monitoring networks and hosts and looking for attacks.

 IDS method types:

• Host/Network
• Passive/Active (listening, observing/collecting, scanning)
• Known/Unknown (types of attacks)

Types of attacks

• Monitoring
• Spamming
• Active
• Passive

A key motto of security (again) is: “prevention is ideal, but detection is a must.”

IDS technique types

• Signature matching
• Anomaly Detection

Most systems are based on signature detection with some anomaly detection.

Common tools: Nessus and nmap.

From: http://rcsg-gsir.imsb-dsgi.nrc-cnrc.gc.ca/documents/internet/node31.html

ssh-keygen is used to generate that key pair for you. Here is a session where your own personal
private/public key pair is created:

cantin@sodium:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/cantin/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <– press Enter…
Enter same passphrase again: <– press Enter again ..
Your identification has been saved in /home/cantin/.ssh/id_rsa.
Your public key has been saved in /home/cantin/.ssh/id_rsa.pub.
The key fingerprint is:
f6:61:a8:27:35:cf:4c:6d:13:22:70:cf:4c:c8:a0:23 cantin@sodium

The command ssh-keygen -t rsa initiated the creation of the key pair.

No passphrase was entered (Enter key was pressed instead).

The private key was saved in .ssh/id_rsa. This file is read-only and only for you. No one else must see
the content of that file, as it is used to decrypt all correspondence encrypted with the public key.

The public key is save in .ssh/id_rsa.pub.

In this case, the content of file id_rsa.pub is

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArkwv9X8eTVK4F7pMlSt45pWoiakFkZMw
G9BjydOJPGH0RFNAy1QqIWBGWv7vS5K2tr+EEO+F8WL2Y/jK4ZkUoQgoi+n7DWQVOHsR
ijcS3LvtO+50Np4yjXYWJKh29JL6GHcp8o7+YKEyVUMB2CSDOP99eF9g5Q0d+1U2WVdB
WQM= cantin@sodium

It is one line in length.

Its content is then copied in file .ssh/authorized_keys of the system you wish to SSH to without being
prompted for a password.

The example shown here generated keys on sodium by user cantin. If the public key generated,
file .ssh/id_rsa.pub, was copied to your account, file .ssh/authorized_keys on nickel.sao.nrc.ca, then
user cantin@sodium is allowed to SSH into your own account on nickel.sao.nrc.ca without the use of
a password.

To summarize, a personal private/public key pair is generated using the ssh-keygen command.
The public key is then copied onto a remote systems’ .ssh/authorized_keys file. And you can
now SSH to the remote systems’s account without the use of a password.

Good info on setting up Eclipse TPTP (Tracing and Profiling Tools Project) with Tomcat.

http://www.symentis.com/w-howTo/Eclipse-TPTP-Tomcat-HowTo.pdf

• — Basic network read pattern:

  Socket socket = new Socket("someserver.com", 5000);
  InputStreamReader isr = new InputStreamReader(socket.getInputStream());
  BufferedReader reader = new BufferedReader(isr);
  String message = reader.readLine();
  

  — Basic network write pattern:

  Socket socket = new Socket("someserver.com", 5000);
  PrintWriter writer = new PrintWriter(socket.getOutputStream());
  writer.println("message to send");
  

• — Basic thread pattern

  public class RunnableJob implements Runnable {
    public void run() {
      ...
    }
  }
  
  RunnableJob rj = new RunnableJob();
  Thread thread = new Thread(rj);
  thread.start();

• — Thread data access synchronization
  — If we synchronize two static methods in a single
  class, a thread will need the class lock to enter either
  of the methods.
• — Collections
  — ArrayList
  — TreeSet – elements sorted, no duplicates.
  — HashMap – name/value pairs.
  — LinkedList – better performance for insert and delete of elements.
  (better for large data sets)
  — HashSet – no duplicates, fast search by key.
  — LinkedHashMap – same as HashMap plus preserves order of addition.
• — Basic sorting pattern:

  ArrayList slist = new ArrayList();
  slist.add("a string");
  slist.add("...");
  Collections.sort(slist);
  

  New classes to be used with ArrayList must implement
  “Comparable” (self compare).

  See the use of a comparator (call it MyCompare) which
  implements the compare(MyObject, MyObject)
  method, like this:

  Collections.sort(theList, new MyCompare());
  

• — Collection types summary:
  — List – sequence.
  — Set – uniqueness.
  — Map – key search.
• — HashSet duplicate check methods:
  hashCode(), equals().
• — Control on polymorphic ‘collection type’ usage..

  public void takeAnimals(ArrayList<? extends Animal> animals) {
    ...
    animals.add(someAnimal); // <-- add is forbidden by the '?' wildcard
  }
  

• -- Static nested classes have access to static variables
  of the enclosing class.

  -- Anonymous nested classes have peculiar syntax capabilities:

  button.addActionListener(new ActionListener() {
    public void actionPerformed() {
      System.exit(0);
    }
  }
  );
  

  ActionListener is not a class, is an interface but in
  this context the 'new' instruction means 'create an
  anonymous class and implement the ActionListener
  interface'.

• -- Access levels and modifiers:
  -- public - access by anybody.
  -- protected - same package + subclasses in or out of
  the same package.
  -- default - same package only.
  -- private - same class only.
• -- Enumerations - a set of constant values that
  represent the only valid values for a variable.

  public enum Members { JERRY, BOBBY, PHIL };
  public Members bandMember;
  ...
  if (bandMember == Members.JERRY) {
   ...
  }
  

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!
(backdated from 2008/06/14)