Tải bản đầy đủ - 0 (trang)
timexhsqldb.xml: Bad Data Defect Fix

timexhsqldb.xml: Bad Data Defect Fix

Tải bản đầy đủ - 0trang

C.JavaCodeConventions

THEFOLLOWINGARESOMEOFTHEGUIDELINESIlikeanduse

fromtheCodeConventionsfortheJavaProgrammingLanguage

prescribedbySunonthejava.sun.comwebsite.(Note:There

aremanymoreconventionsrecommendedbySun,sobesure

tovisitthiswebsite.)

AllsourcefileswillhaveabeginningJavadoccomment.

Thefirstlineofcodeinthesourcefilewillbethepackage

statementfollowedbyanyimportstatements.

Packagenamesshouldbeginwithalowercasetop-level

domainname(forexample,com.oredu.).

Classandinterfacenamesshouldbenounsandshoulduse

amixedcasewitheachwordbeingcapitalized(forexample,

EmployeeHours).

Allclassfilesshouldhavethefollowingintheorderlisted

here:

HaveaJavadocfortheclass.

Listvariablesasfollows:staticvariables,instance

variables(public,protected,noaccessspecified,and

thenprivate).

Listmethodsasfollows:constructorsandthenmethods

(methodsshouldbegroupedbyfunctionality,not

scope).



Methodnamesshouldbeverbsandshoulduseamixed

casewitheachwordbeingcapitalized,exceptthatthefirst

letterislowercase(forexample,getHoursWorked).

Variablenamesshouldbeverbsandshoulduseamixed

casewitheachwordbeingcapitalized,exceptthatthefirst

letterislowercase(forexample,hoursWorked).Variables

shouldstartwithalphabets.One-charactervariables(for

example,i,j,ork)shouldbeavoidedandusedonlyfor

temporaryvariables(forexample,inaforstatement).

Trytomakeallclassvariablesnonpublicandaccessibleonly

viamethods.

Constantsshouldbealluppercase,withwordsseparatedby

anunderscore(forexampleMAX_WORK_HOURS).

Trytousenumericvaluesasconstants(forexample,int

MAX_WORK_HOURS=24;).

Trytoinitializelocalvariableswheretheyaredeclared.

Avoidlineslongerthan80characters.

Eachlineshouldcontainonlyonestatement.

If-else,for,while,do,andswitchstatementsshouldalways

usebraces.







D.SecuringWebApplications

THEFOLLOWINGAREAFEWGUIDELINESonhowtosecure

webapplications.Forfurtherreadingonthissubject,visitthe

owasp.orgwebsite.

Validatebrowserinput(parameters,specialcharacters,SQL

injections)ontheserverside,notjusttheclientside(that

is,JavaScript).IfyouareworkingdirectlywithJDBC,

considerusingjava.sql.PreparedStatementversusajava.sql.

Statement.

Don'tuseashell(Runtime.exec)inyourweb-relatedcode;

thisisalmostcertainlyanopeninvitationtohackers.

Donotstoresensitivedataanywhere(databases,files,and

soon).Ifyouabsolutelymuststorethisinformation,store

itinencryptedform.

Don'tallowdirectaccesstoanysystemresourcefor

example,files,databases,classes,orprograms.Turnoff

directorybrowsingonallwebservers.Don'tusereal

filenamesand/ordirectories(forexample,hideJSPfiles

underWEB-INF).

UseHTTPSversusHTTPforsensitivedatasuchas

username,password,financialdata,healthinformation,and

securegovernmentinformation.

Requirestronguseridsandpasswords(forexample,six-to

eight-characterminimum,specialcharactersinpassword,

andsoon).



HiddenHTMLfieldsarenothidden;anyonecanviewthe

HTMLcodeinthebrowser,sokeepthismind.

Disableaccounts,eithertemporarilyorpermanently,after

threefailedattempts.

Donotstoreclear-textpasswords(forexample,app

id/passwordinconfigfiles).

Logalloronlysuspiciousactivity.

Useindustrystandard,well-testedsecurityprotocolsovera

custom,home-grownsolution.

POSTisslightlybetterthanGETtohidesensitivedata(for

example,thebrowser'saddressbar,accesslogs).

Suggestion:ConductsecuritytestingwithFirefoxTamper

Dataextension.

Havesourcecodereviews.Yourcolleaguesmightbeableto

seesomethingyouhavemissed.

Bewareofcross-sitescripting(XSS);ahackercanusethis

techniquetohijackpersonalinformationaboutyourusers.

Last,butnotleast,beparanoid!Therereallyarepeopleout

theretryingtoguesspasswords,hack,andsoon;always

remainvigilantaboutsecurity!Thinklikeahacker;assume

thehackerknowsasmuchormorethanyou,andhave

regularsecurityaudits.Remember,youcannotentirely

avoidsecuritythreats;however,youcanmanageand

controlthem.Moreimportantly,thereareautomated

crawlerslookingforsecurityholes.Whenaholeisfound,a

humancanmoveinforthekill.



E.SampleDevelopmentProcessCheat

Sheet

THISFOLLOWINGISASAMPLE(andsimple)development

processcheatsheet.Fordetails,youcaneitherrefertoChapter

2,"TheSampleApplication:AnOnlineTimesheetSystem,"or

Chapter3,"XPandAMDD-BasedArchitectureandDesign

Modeling,"inthisbook,orreviewtheextensivematerial

providedontheextremeprogramming.orgoragilemodeling.com

websites.







ProjectInitiation

Informalbusinessneed/problemdiscussions

Projectkickoff

Defineproblemstatement(forexample,essentialusecases

orshallstatements)







Tài liệu bạn tìm kiếm đã sẵn sàng tải về

timexhsqldb.xml: Bad Data Defect Fix

Tải bản đầy đủ ngay(0 tr)

×