3/20/2005

Working With XML In Java Using DOM

Filed under: — Aviran Mordo

XML technology is very popular with software development. One of the most common ways to work with XML files is using the ch is part of Java API for XML Processing. Although DOM gives you the basic functionality to work with XML files, simple operation it can be tedious if you don’t have several utility classes to work with DOM objects.
In this article we’ll write some useful utility methods that you should have in your arsenal when working with DOM objects.

The first method we’ll need in our arsenal is one to load an XML file and create a DOM object. In order to be as generic as we can we’ll use InputSource as our input.
Note in this method we’ll be using a default EntityResolver which is a good idea to have one. I’ll leave the implementation of getDTDResolver() and your own EntityResolver to you.


/**
* Creates and returns a Document from the given input source.
* @param inputSource the source of the document
* @param validating true if the parser should validate
* @param namespaceAware true if the parser should be namespaceAware
* @param errorHandler errorHandler for the DocumentBuilder
* @param coalescing true if the parser produced will convert CDATA
* nodes to Text nodes and append it to the adjacent (if any) text node; false otherwise.
* @param entityResolver the entity resolver
* @return the parsed and loaded DOM document.
* @exception XMLException if an error was encountered loading and parsing the file
*/
public static Document fromInputSource(InputSource inputSource, boolean validating, boolean namespaceAware, ErrorHandler errorHandler, boolean coalescing, EntityResolver entityResolver) throws XMLException
{
   DocumentBuilderFactory dbFact;
   Document doc;
   try
   {
     dbFact = DocumentBuilderFactory.newInstance();
     dbFact.setNamespaceAware(namespaceAware);
     dbFact.setValidating(validating);
     dbFact.setCoalescing(coalescing);
     DocumentBuilder db = dbFact.newDocumentBuilder();
     if (errorHandler != null)
     {
       db.setErrorHandler(errorHandler);
     }
     if (entityResolver != null)
     {
       db.setEntityResolver(new EntityResolverDelegate( new EntityResolver[] { entityResolver, getDTDResolver() }));
     }
     else
     {
       db.setEntityResolver(getDTDResolver());
     }
     doc = db.parse(inputSource);
   }
   catch (IOException e)
   {
     throw new XMLException("An error in parsing the input source", e);
   }
     catch (ParserConfigurationException e)
   {
     throw new XMLException("An error in parsing the input source", e);
   }
   catch (SAXException e)
   {
     throw new XMLException("An error in parsing the input source", e);
   }
   return doc;
}

Next it is a good idea to have some convenience methods to load your XML file such as fromInputSource, fromFile and fromString, in these methods just call the fromInputSource method we created.

3/7/2005

The Ultimate Portable Media Player

Filed under: — Aviran Mordo

Imagine a new portable device that can play mp3, display pictures, record and display video (PVR), surf the internet, write and receive emails, have a calendar, notes and a phone book. A device that you can play games with it, has a 40GB drive and you can install any other application that you want. All that at a price range of $300-$400.

(more…)

11/15/2004

Blogs - Spam’s next battleground

Filed under: — Aviran Mordo

Spam
It seems like spammers have set a goal to their selves to invade and ruin every good aspect of the internet.

Spam has started with email, sending millions of email messages every day; spam mail is responsible for most of the email traffic in the world. But spam email is not the only form of spam.

Spamming instant messages networks is growing strong and increasing from day to day, but most instant messages software have the ability to block messages from people who are not in your buddy list.

Crackdowns on spammers has just begun with companies like America Online, EarthLink, Yahoo and Microsoft suing spammers trying to reduce the amount of spam, causing damages of millions of dollars in lost time, bandwidth and server expenses.
The increate in popularity of anti spam software, and anti spam systems integrated in the mail servers forced the spammers to find new ways to infect the internet with unwanted ads.

In the recent months another and new form of spam is getting more popular with spammers.

With the increase in popularity of Blogs, and content sites enabling comments and talk back sections, spammers found a new ground for polluting the internet. Zombie machines, infected with malware are posting spam messages to the comments sections on websites, usually containing links to or drugs, gambling or porn web sites.

10/12/2004

Using RSA encryption with Java

Filed under: — Aviran Mordo

With the increase awareness to security the demand for securing data is rising. Fortunately Java provides pretty good tools that can help developers encrypt and decrypt data.

One of the most popular encryption is called RSA encryption. Named after its inventors, Ron Rivest, Adi Shamir and Leonard Adleman, RSA encryption transforms the number “char” into the number “cipher” with the formula

cipher = char^e (mod n)

The numbers e and n are the two numbers you create and publish. They are your “public key.” The number char can be simply the digital value of a block of ASCII characters. The formula says: multiply the number char by itself e times, then divide the result by the number n and save only the remainder. The remainder that we have called cipher is the encrypted representation of char.

Using the two numbers you have published, anyone can scramble a message and send it to you. You are the only one who can unscramble it; not even the sender of the message can decrypt the ciphertext.

Standard Java 2 distribution includes security provider support for generation of RSA digital signatures, but does NOT contain a provider implementation for generating RSA encrypted data. An extra provider must be added to obtain this capability from standard Java 2, such as the Bouncy Castle Provider.

Since I couldn’t find any good examples that use Java with RSA, we’ll build a nice RSAEncryptUtil class that you can use as a reference for using RSA encryption (you can download the full source code here).

The first thing we need to do is to define the algorithm that we want to use.


protected static final String ALGORITHM = "RSA";

Then as stated before we’ll need to add Bouncy Castle as our RSA provider. In order to do that we’ll write an Init method for our class

    /**
    * Init java security to add BouncyCastle as an RSA provider
    */
    public static void init()
    {
    Security.addProvider(new BouncyCastleProvider());

}

To generate what is called private and public keys, Java provides us with a simple to use KeyPairGenerator class. The java.security.KeyPairGenerator generates the two keys that are returned in a java.security.KeyPair object.


/**
* Generate key which contains a pair of privae and public key using 1024 bytes
* @return key pair
* @throws NoSuchAlgorithmException
*/
public static KeyPair generateKey() throws NoSuchAlgorithmException
{

    KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM);
    keyGen.initialize(1024);
    KeyPair key = keyGen.generateKeyPair();
    return key;

}


10/7/2004

The most secure browser

Filed under: — Aviran Mordo

There are many discussions about who is the most secure browser. In the last few month people are more aware to the fact that the browser we use can be dangerous, due to recent security flaws discovered and highly publicized in both Internet Explorer and in Mozilla.
With the rollout of Windows XP service pack 2 Microsoft claims that windows and Internet Explorer are more secure then ever before. But recent discoveries show otherwise and although Internet Explorer is still the most popular browser in the world, the wind of change started to blow with the release of Mozilla’s FireFox 1.0PR, and for the first time in many years IE market share started to drop, as many users migrated to the new kid in the block, FireFox.

In the browser market there are three major players. Microsoft with IE, Mozilla based browsers and the fast and lean Opera.
So who is the safest browser?
To answer this question we first need to point out one fact. Most hackers will use well known vulnerabilities in your browser to hack in to your system. Having said that, in order to determine who is the most secure browser we’ll take a look at known vulnerabilities in each browser, and see how their respective developer handled those flaws.
In this review we’ll try to answer the question which browser has less vulnerabilities and how long it takes to fix new security flaws. In order to come to a conclusion we’ll take a look at the 2003-2004 period and compare Internet Explorer, FireFox and Opera browsers. The data is taken from Secunia.com which is one of the leading provider of IT-security services.


Internet Explorer 6.


As of October 2004, Internet Explorer 6 holds 69.8% of the browsers marker share.
According to Secunia.com 44 security advisories where issued for Internet Explorer 6 during the period 2003-2004. Out of the 44 advisories, 16 remain unpatched (36%). 27 of the 44 advisories are ranked as “Highly critical” and “Extremely critical” flaws (ranks 4 and 5 of 5), out of which, 5 still remain unpatched. The oldest unpatched flaw dates 2003-03-13.

IE advisories
Internet Explorer Advisories (source)


Mozilla – FireFox


Mozilla based browsers holds 17.0% of the market share as of October 2004
In the time period of 2003-2004 FireFox issued 14 advisories. Out of the 14 advisories, only 2 remain unpatched, and both ranked as “Less critical” (rank 2 of 5). 2 of the 14 advisories where ranked as “Highly critical” (4 of 5) flaws, none was ranked as “Extrmrly critical”. The oldest unpatched flaw dates 2004-08-30.

FireFox Advisories
FireFox Advisories (source)

Article continues (more…)

Powered by WordPress