Is application developed by servlet more secure than jsp?

Similar Messages

• Should I upgrade to Macericks now from 10.6.8 on my i-Mac(mid 2007, core 2 duo?). Will Mavericks be more secure than 10.6.8 ? 10.6.8 has been great, it runs great with all my apps but am concerned about future supportibility?

  Should I upgrade to Mavericks now from 10.6.8 (i-Mac, mid 2007, core 2 duo)? Will Mavericks be more secure than 10.6.8 ?  I have the latest version of 10.6.8 and have upgraded my memory to 4GB. This could be one reason for me to make the move now.
  10.6.8 has been great, it runs great with all my apps but am concerned about lack of support now. I know my PC apps will not work but maybe some apps that work now will "walk away" from 10.6.8 and then there's the security question of above.
  I am also concerned about iPhoto 9 transition to i-Photo 11 and compatibility of my Time Machine WD Passport HD (format: Mac OS Extended (Journaled) based on several questions in applicable forums.
  Thanks for your help in this important decision!

  If I were you I would stick with Snow Leopard. It's much better suited to your old hardware. That said:
  Upgrading from Snow Leopard to Lion or Mavericks
  To upgrade to Mavericks you must have Snow Leopard 10.6.8, Lion, or Mountain Lion installed. Purchase and download Mavericks (Free) from the App Store. Sign in using your Apple ID. The file is quite large, over 5 GBs, so allow some time to download. It would be preferable to use Ethernet because it is nearly four times faster than wireless.
       OS X Mavericks- System Requirements
         Macs that can be upgraded to OS X Mavericks
           1. iMac (Mid 2007 or newer) — Model Identifier 7,1 or later
           2. MacBook (Late 2008 Aluminum, or Early 2009 or newer) —
               Model Identifier 5,1 or later
           3. MacBook Pro (Mid/Late 2007 or newer) — Model Identifier 3,1 or later
           4. MacBook Air (Late 2008 or newer) — Model Identifier 2,1 or later
           5. Mac mini (Early 2009 or newer) — Model Identifier 3,1 or later
           6. Mac Pro (Early 2008 or newer) — Model Identifier 3,1 or later
           7. Xserve (Early 2009) — Model Identifier 3,1 or later
  To find the model identifier open System Profiler in the Utilities folder. It's displayed in the panel on the right.
  Are my applications compatible?
           See App Compatibility Table — RoaringApps.
  Upgrading to Lion
  If your computer does not meet the requirements to install Mavericks, it may still meet the requirements to install Lion.
  You can purchase Lion at the Online Apple Store. The cost is $19.99 (as it was before) plus tax.  It's a download. You will get an email containing a redemption code that you then use at the Mac App Store to download Lion. Save a copy of that installer to your Downloads folder because the installer deletes itself at the end of the installation.
       Lion System Requirements
         1. Mac computer with an Intel Core 2 Duo, Core i3, Core i5, Core i7,
             or Xeon processor
         2. 2GB of memory
         3. OS X v10.6.6 or later (v10.6.8 recommended)
         4. 7GB of available space
         5. Some features require an Apple ID; terms apply.

• Is Arch's future more secure than Gentoo's present???

  I just took a look at distrowatch and read this article:
  http://distrowatch.com/weekly.php?issue=20070312#future
  So I just thought by myself "What the **** is going on with Gentoo?"...
  The next thought was "What would the Arch community do if there would ever be some situation like that???".
  And now here I am, looking for an answer.
  I mean up to now the Arch developers and the community around them are the most friendly ones I have ever seen. But I was also worried how things would develop in future. I mean as mentioned in this article Gentoo was once the fastest growing Disto known to mankind and now according to this article they're messing up with all the potential the have had.
  So since I think that Archlinux has the potential to be even better than Gentoo I was wondering how the people behind Arch will prevent situations like this? I mean compared to Gentoo Arch currently is rather small (like Gentoo also was in the beginning), but who knows what will happen in the future? And with more people there will be more different opinions. So besides the KISS philosophy is there anything else written down to secure the future of Arch so Gentoo's current problems won't happen?
  Anyway, I was just thinking about that and wanted to ask the people in here and mainly the developers what they think about it? Does there exist something to prevent the problems Gentoo currently has?
  Thanks for every answer!

  cactus wrote:
  haven't watched it yet..but it sounds interesting...
  http://video.google.nl/videoplay?docid= … 1522818645
  EDIT: Watched it. Turned out..it was pretty awesome.
  Thanks for that link. I watched the video and tried to understand all of it, minding the fact, that I am actually not a open source developer - but in the end it turned out to be eligible for each and every type of community (also including the scarce ones where I either am or was in charge of a moderator title). It might be a bit offtopic, but I indeed have to be grateful to have access to material just like that. These are real professionals, which are still down-to-earth (no wonder, if one takes a closer look on what their work is like), sharing their knowledge for free. I have no problem with Google having a copyright on this material, as long as it is accessible for each and everyone and it is for free. In the end it turned out to change my point of view a bit, about what the open source community is really like and how to improve the climate of a community, minding its targets. I will definitely take a closer look at additional material on video.google.com, as this resource seems to be promising.
  Thanks for your attention anyhow. Just in case this posting was inappropiate, I would like a TU/moderator to delete it for the community's sake.
  Last edited by chaosgeisterchen (2007-03-13 21:44:51)

• Is firefox ACTUALLY more secure than Internet Explorer 8?

  Hello Mozilla forum members. I am currently a Firefox user. An NSSLabs test claims Internet Explorer 8 is the most secure web browser. Some other sources also agree. Can anyone tell me if this is true? Thanks!
  Here is the link: http://nsslabs.com/test-reports/NSSLabs_Q12010_BrowserSEM_Summ_FINAL.pdf
  == I was browsing through the Microsoft site and the NSSLabs site.

  Depends on how much you want to trust a company that has a history of accepting vendor funding, like from M$.
  http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8
  http://www.networkworld.com/news/2009/091009-nss-labs-independent-testing.html
  And you need to question why they were testing Firefox 3.5.7 in January 2010 when the very stable beta 4 of Firefox 3.6 was available at that time. I was using 3.6b4 and <u>'''never'''</u> had a problem.
  AND......'''~~red:they were not testing the browsers~~'''. <u>'''What, you say?'''</u>
  Look at footnote 1 on page 3 of the full report ( http://nsslabs.com/test-reports/NSSLabs_Q12010_GTRBrowserSEM_FINAL.pdf ):
  '''''Note: This study does not evaluate browser security related to vulnerabilities in plug-ins or the browsers themselves.'''''
  So what was NSS Labs testing? Section 1 (pages 5-6) explains that. Reading Section 1.2, they were testing the ability of Google Safe-Browsing (in the case of Firefox) and the protection that it affords in keeping users from even getting onto malicious sites. I do not know what the other tested browsers use for comparable protection. Do you? I would not depend on Google Safe Browsing or any other such service for my full protection. Would you?
  Moving on, read Section 2.1.1 carefully...."''1,756 potentially malicious sites''" pared down to 562 sites, but their methodology in choosing the 562 sites is not explained. What if the other 1,194 sites had been included? Would it have changed the results or conclusions reached? You should be saying "Hmmmmmmmm" at this point.
  Do yourself a favor:
  -Read such reports carefully and <u>'''in full'''</u> (not just the summary) with your brain "in-gear".
  -Keep all of your system defenses up-to-date, firewall, AV/AS, scan regularly with multiple scanners (none is 100% correct, 100% of the time). IMPORTANT: Never run over-lapping security applications (i.e., 2 firewalls, 2 anti-virus/anti-spyware) at the same time. Two is NOT better than one in this case.
  -Do you know what '''services''' and '''processes''' are running on your system, why they are running and what the function of each might be? Do you '''actively''' monitor incoming and outgoing connections? Do you log connections and review them?
  -Don't visit questionable sites (porn, warez, less than legal music and video download sites, etc.)
  -Base part of your judgement on your own experience; have you experienced any security related problems with what you are using? If so, then make a change <u>'''NOW'''</u>!
  Good luck.

• UAG DirectAccess more secure than 2012 DirectAccess in edge scenario by default ?

  I installed 2012 DirectAccess in Edge configuration, first interface connected to intranet and second interface connected to internet.
  When I did port scanning from internet, to my suprise there is about 1000 port open to internet. 85% are high ports, and rest are well-know ports.
  Ports like tcp 3389, tcp 135, tcp 445 are open to everybody by default.
  Isn't this enormous security issue ? At least it should be mentioned somewhere ?
  So options are, you manually configure windows firewall rules or you put your DirectAccess server behind edge firewall, or you build you DirectAccess with NAT.
  With UAG DirectAccess you really did not have this problem, you opened to internet only the few ports that were needed for DirectAccess. UAG DirectAccess was easily built
  without an edge firewall.
  Thanks,
  -oraat

  Hi, Although technically Windows has a very good firewall a DirectAccess Server is an Edge device that should always be located behind a front-end firewall. And optionally in front of a back-end firewall. Maybe the following post I have answered provides
  you a bit more information:
  UAG to 2012 R2 - Edge Device concern
  https://social.technet.microsoft.com/Forums/forefront/en-US/bf3a5e9a-6f06-4e72-a907-67df1672224e/uag-to-2012-r2-edge-device-concerns?forum=forefrontedgeiag
  Boudewijn Plomp, BPMi Infrastructure & Security
  Please remember, if you see a post that helped you please click "Vote as Helpful" and if it answered your question, please click "Mark as Answer".

• Anything more secure than a password protected .img created in disk utility

  subject says all.
  Message was edited by: dnaginzter

  256-bit encryption is what SSL certificates use (the "lock" symbol you see when you go to a banking website). They're highly regarded in the industry as pretty much the pinnacle of practical encryption.
  Again, the password is usually the weak spot. Even with 256-bit encryption, if your password is "password" or "12345", a cracker will be able to access your files pretty quickly.
  As usual, there's an xkcd page for this situation.
  Matt

• Is Firefox x64 more secure against Malware attacks than Firefox x32?

  I have a Windows 7 Home Premium SP1 x64 computer. It is my understanding that Windows 7 HP SP1 x64 is more secure against Malware-Virus attacks then Window 7 HP SP1 x32.
  I am using Firefox 6.0B2 x32 and just started also using Firefox 8.0A1 x64. Both are working fine.
  Is the x64 version of Firefox more secure than the x32 version against Malware-Virus attacks on a Windows 7 SP1 x64 computer simply because it is x64.

  No, it isn't.

• IPhone 4 - More secure restrictions passcode

  Hello All,
  We're just about to equip our 16 year old with an iPhone 4 ... I've gone through and setup certain restrictions on the phone, assigned the required passcode ... however, is there any way at all to enable something more secure than just a 4 digit code?  In the end, a 16-year old and enough banging away on it and sooner or later they'll crack it, given only 4 digits.
  Appreciate all advise and guidance.
  Ken

  I don't believe so. If you have that little trust for your 16 year old, perhaps you should not be giving them a smartphone to begin with.

• SOA Application development & Security Standards document template

  Hi,
  I need to create documents on SOA Application development standards and SAO Application Security standards.
  Please share document templates if anyone have them.
  Thank you

  Hmm, interesting comments. Is it really a Standard that you're after? Not wishing to ask if you like salt with your eggs but I assume we know the differences between Standard, Policy, Procedure? You'd be surprised with the number of so called Security experts /Consultants that can't articulate this. I have seen big 4 people who are meant to be delivering Policy but actually documenting a Standard, even Procedures
  So are you looking at delivering a Standard per Application? You should also have a Generic App Security Standard.
  Standard - you're looking to no more than 10-20 pages.
  SAP hooks into several other documents so you should be explicitly referencing O/S and Database Standards.
  Authenticating against SAP - that should be covered in Access Control Policy /Standard.
  Encryption ....? Your encryption doc's and so on. 
  SAP sits on an O/S, so if you're an IBM house then you're looking at AIX. SAP would assume this as a pre-req. Database? You've got Oracle and if again you're an IBM house you follow DB2.
  DB2 inherits numerous priv's from the underlying O/S. So if AIX is poorly configured, then DB2 inherits this. Of course there's a bunch of stuff that you can do from SYS* parameters etc.
  I've just put together a bunch of stuff for an Org. The actual SAP piece is actually not that hard. The Procedure is a little more specific e.g. specific Install Accounts /Passwords that need to be changed, how you secure external interfaces.
  Please let me know if you need anything further.
  Cheers, N

• My ipod touch 4g just updates today on itunes and the update caused more trouble than good. My ipod will no longer show me the battery percentage in the top right hand corner and also I am not allowed to drag other applications to the bottom panel.

  My ipod touch 4g just updates today on itunes and the update caused more trouble than good for me. My ipod will no longer show me the battery percentage in the top right hand corner and I am not allowed to drag other applications to the bottom panel. Also my itunes doesn't allow "enable disk use" anymore. Can anyone help? My ipod now says that it's the 4.3.4 version

  - Unjailbroken iPod never showed % battery.  Just the icon.
  - Unjailbroken iPod Touches never had a disk mode.
  - What happens when you try to drag a wiggling app to a empty space in the bottom? Does it move and snap back?

• Does anyone know of a simple home accounting application? iBank does not seem to be that user friendly and has more features than I need. I would like something that will connect to my bank and will allow the creation of a budget that is simple.

  I am looking for a very simple home accounting application. iBank seems to not be very intuitive and it has more features than I need. I am looking for the ability to create a budget and keep a bank register with the ability to connect to my bank and do updates.

  I have a small business, I chose Quickbooks because anything else cost much more. That triggered the hiring of a bookkeeper who knew how to use it. It was not the cheapest choice after all.

• Hi i  insttalled the free trial 3O days MacScan on OsX10.5 is it normal that for full scaning it takes so long time more even than one day?! on the other hand this application hasn't any uninstaller on image disc ,so how can i uninstal it from my hard?

  Hi i  insttalled the free trial 3O days MacScan on OsX10.5 is it normal that for full scaning it takes so long time more even than one day?! on the other hand this application hasn't any uninstaller on image disc ,so how can i uninstal it from my hard?Thanks

  Get rid of the tracking cookies. They are used to profile and track your browsing history. While they are privacy invading, by calling them spyware, MacScan is being a little dramatic in trying to sell you its crap. And in the future, for whatever browser you use, don't allow third-party cookies.
  To prevent tracking, get Ghostery. In addition to having Ghostery and forbidding third-party cookies, I clear out all cookies from one browsing session to another. If you always do that, you won't have any tracking cookies to worry about, so you won't need MacScan to find them for you. Btw, MacScan finds the tracking cookies in the first few minutes of scanning; if you want to use it for that, then that's all the time you need to run it for. But, as I said, you won't have any tracking cookies around if you just remove all cookies and don't allow third-party cookies. As soon as you visit a site that needs them, you'll just get new ones. No problem.
  Read all about cookies here.
  http://en.wikipedia.org/wiki/HTTP_cookie

• I want application name can display more than 13 character.  Could you tell me how to fix this problem?

  I want application name can display more than 13 character.
  Could you tell me how to fix this problem?

  Backup and restore your software via iTunes. If the problem continues, restore as a NEW device. If this solves it, that means there is some corruption in your backup file. If the problem is still there, you should take it to the Genius Bar at an Apple Store for evaluation.

• 7 Things every Adobe AIR Developer should know about Security

  7 Things every Adobe AIR Developer should know about Security
  1. Your AIR files are really just zip files.
  Don't believe me? Change the .air extension to zip and unzip
  it with your favorite compression program.
  What does this mean for you the developer? What this means is
  that if you thought AIR was a compiled protected format, alas it is
  not.
  2. All your content is easily accessible in the AIR file.
  Since we now that the AIR file is really just a zip file,
  unzip it and see what's inside. If you have added any content
  references when you published the AIR file, voila, there it all is.
  What does this mean for you the developer? Well, you content
  is sitting there ripe for the picking, and so is everything else
  including you Application descriptor file, images etc.
  3. Code signing your Air app does nothing as far as security
  for you.
  All code signing your app does is verify to the end user that
  someone published the app. I does nothing as far as encryption and
  does nothing to project your content.
  What does this mean for you the developer? We'll you should
  still do it, because getting publisher "unknown" is worse. It also
  means that joe hacker would not be able decompile your entire app
  and republish it with the same certificate, unless they
  somehow got a hold of that too.
  4. All your AIR SWF content is easily decompilable.
  Nothing new here, it's always been this way. Type flash
  decompiler into google and you'll find a variety of decompilers for
  under $100 that will take your AIR content swf and expose all your
  source code and content in no time.
  What does this mean for you the developer? All you content,
  code, urls and intellectual property is publicly available to
  anyone with a decompiler, unless you do some extra work and encrypt
  your swf content files, which is not currently a feature of AIR,
  but can be done if you do your homework.
  5. Your SQLite databases are easy to get at.
  SQLite datatbases can be accessed from AIR or any other
  program on you computer that knows how to work with it. Unless you
  put your database in the local encrypted datastore, or encrypt your
  entire database it's pretty easy to get at, especially if you
  create it with a .db extension.
  What does this mean for you the developer? We'll SQLite is
  very useful, but just keep in mind that your data can be viewed and
  altered if you're not careful.
  6. The local encrypted datastore is useful, but....
  The local encrypted datastore is useful, but developers need
  a secure way of getting information into it. Storing usernames,
  passwords and urls in clear text is a bad idea, since as we
  discussed, you code is easy to decompile an read. By putting info
  into the local encrypted datastore, the data is encrypted and very
  difficult to get at. The problem is, how do you get it into there,
  without have to store any info that can be read in the air file and
  without the necessity of communicating with a web server? Even if
  you called a web service and pushed the returned values into the
  datastore, this is not ideal, since you may have encoded the urls
  to you web service into your code, or they intercept the results
  from the web service call.
  What does this mean for you the developer? Use the local
  datastore, and hope that we get some new ways of protecting content
  and data form Adobe in the next release of AIR.
  7. There are some things missing form the current version of
  AIR (1.1) that could really help ease the concerns of people trying
  to develop serious applications with AIR.
  Developers want more alternatives for the protection of local
  content and data. Some of us might want to protect our content and
  intellectual property, remember not all of us are building toys
  with AIR. Other than the local encrypted datastore there are not
  currently any built in options I'm aware of for encrypting other
  content in the AIR file, unless you roll your own.
  What does this mean for you the developer? We'll I've been
  told that Adobe takes security very seriously, so I'm optimistic
  that we'll see some improvements in this area soon. If security is
  a concern for you as much as it is for me, let them know.

  Putting "secret data" as a clear text directly in your code
  is a broken concept in every environment, programing language.
  Every compiled code is reversible, especially strings are really
  easy to extract.
  There is no simple, straightforward way to include secret
  data directly with your app. This is a complicated subject, and if
  you really need to do this, you'll need to read up on it a bit.
  But in most cases this can be avoided or worked around
  without compromising security. One of the best ways is to provide
  the user with a simple "secret key" alongside the app (best way is
  the good old login/password). The user installs the app, and
  provides his "secret key", that goes directly into
  EncryptedLocalStore, and then you use this "secret key" to access
  the "secret data" that's stored on your server. Then you can
  transfer the "secret data" directly into EncryptedLocalStore.
  As for the whole thread:
  Points 1-5 -> Those points do not concern AIR apps only.
  If you are developing an application in any language, you should
  follow those rules, meaning:
  - Code installed on users computer is easy accessible
  - Data stored locally is easy accessible, even if it
  encrypted using any symmetric-key encryption, because the
  encrypting algorithm and encryption key is in your source code (you
  could probably write a book on using public-key encryption so let's
  just leave it for now ;)
  Point 6 -> Is a valid one. All your app security should
  relay on the EncryptedLocalStore. But it is your job to get the
  data securely into the ELS, because there is no point to encrypt
  data that can be intercepted.

• Why PHP is better than JSP,Servlet(Java Web Apps) ?

  Well, my heart says JSP, Servlets are better but rent a coder and job market, demand-supply seems to be saying a different story... ? Why we should not learn PHP then ?

  dcminter wrote:
  You can develop web sites in PHP in two shakes of a lambs tail. But they aren't maintainable as they would be in .NET or J2EE and again the performance (which dicates what you can do as well as scalability) is between a scripted language with buggy runtime and a compiled language with an optimized runtime so you tell me. Yes, but rather like Spinoza's argument for the existence of God, an application that has existence is more perfect than one which exists only in the conception. Even if the conceptual one is faster.
  I don't denigrate languages like PHP that help novices get stuff done.
  To address the OP's complaint: If one language was objectively "best" then we would only need one language. In practice they all have strengths. The more you learn the more you'll know which to use for the task at hand. That said, to learn any language (even PHP) in profound depth will take the best part of ten years and maybe longer. Sometimes expediency leads us to use the language we understand better to solve a problem for which it is not ideally suited.Eloquent - well said.
  Bonus points for that Spinoza reference.
  %