Earl Douglas

Whenever I install Eclipse or SpringSource Tool Suite in Ubuntu 9.10, I tend to forget about a little bug in Eclipse which, when paired with GTK+ 2.18 and later, causes certain behavioral oddities such as unresponsive buttons, missing selection options, etc.

The workaround for this is to set the GDK_NATIVE_WINDOWS environment variable to true. This is most easily done by creating a startup script for eclipse:

eclipse.sh:

File encryption and decryption is very easy with OpenSSL, which is installed on most any Linux system. Consider the following commands:

Encryption:

This will prompt for a password to use as an encryption key. The -a switch uses Base64 encoding for the encrypted output, which is handy for representing encrypted data as text.

Decryption:

An embedded Jetty server provides a quick and easy means of testing web applications. In this example I expand on A Secure RESTful Web Service, which requires manual steps of building and deploying a web application to an existing and configured application server. I introduce an embedded Jetty server which is started as part of testing, and enables tests to run without the manual steps of building and deploying the web application. It also eliminates the need to have a discrete application server available for testing.

I thought it would be fun to see if I could create a completely self-contained runnable web application that wasn't bound to the traditional application server plus WAR file pattern. After playing with embedded Jetty, and Maven's jar, dependency, and assembly plugins, I came up with a working solution.

Data at rest encryption is a commonly important pattern in any enterprise application within which certain information must be protected when placed in a persisted state. Among the difficulties of building applications that support data at rest encryption are distinguishing encrypted data from unencrypted data at the application layer, and the algorithms needed to handle translating from one to the other. An application which is aware that at some points its data may be encrypted and at other points it may not violates the practice of separation of concern.

Many coffee shops and book stores provide both a seemingly limitless supply of legal addictive stimulants and wireless Internet access. The two in combination yield a great opportunity to do some coding. The problem is that usually the wireless connection is unencrypted, leaving you vulnerable to anyone who wants to come along and sniff your traffic. To solve this problem, I once again reach into my bag of tools and pull out SSH, the oft overlooked Swiss Army Knife of secure communications.

REST-style architecture lends a comfortable aspect of familiarity to web services by enforcing a somewhat strict architectural style with which we have become accustomed to in our daily use of the web. It eliminates the unpredictable and sometimes obtuse web services definitions created in analogy to arbitrary verbs. It limits the types of actions taken by a web service to those of CRUD, and the resources on which to perform such actions to those identifiable by URLs.

SSH tunneling is a simple but powerful way to secure a communications channel for an otherwise unsecured protocol.

Imagine an environment with two servers: ServerA and ServerB. ServerB hosts a MySQL database on the conventional port 3306, and ServerA maintains a JDBC connection to it. This connection is wide open to packet sniffing and other man-in-the-middle attacks, and is especially vulnerable when ServerA and ServerB reside in physically separate networks.

Contract-first web services epitomise the pattern of loose coupling as applied to distributed web-based systems. The methodology is founded on the establishment of a service contract, which both client and server entities agree to implement. With the service contract in place, client and server entities have the freedom to implement it in any way they like, with all functionality abstracted from one another behind the service contract.

I'm a big fan of Krypto, and have a habit of writing an implementation of it on any programmable device I get my hands on. Here's an implementation I wrote in JavaScript.