Posts Tagged ‘security’

English: Logo of Русский: Логотип Apache Tomcat

Setting the JAVA_HOME , CATALINA_HOME Environment Variable on Windows

One can do using command prompt
1. set JAVA_HOME=C:\”top level directory of your java install”
2. set CATALINA_HOME=C:\”top level directory of your Tomcat install”
3. set PATH=%PATH%;%JAVA_HOME%\bin;%CATALINA_HOME%\bin

Or you can do the same

  1. Go to system properties.
  2. Go to environment variables and add a new variable with the name  JAVA_HOME and provide variable value as C:\”top level directory of your java install”.
  3. Go to environment variables and add a new variable with the name  CATALINA_HOME and provide variable value as C:\”top level directory of your Tomcat install”.
  4. In path variable add a new variable value as ;%CATALINA_HOME%\bin;

and write startup.bat on command Prompt and press enter tomcat will start up and for shutdown u just write shutdown.bat        once you start the tomcat you can access it like that http://localhost:8080     and access Application Manager using login and password …. if you dont know username and password you can  follow below instructions ….

User and password for Tomcat

By default, Tomcat does not enable admin or manager access. To enable it, you have to edit the “%TOMCAT_FOLDER%/conf/tomcat-users.xml” manually.

File : tomcat-users.xml (before update) , initially, Tomcat comments all users and roles like above.



<!--
  
  <role rolename="role1"/>
  
  
  
-->

File : tomcat-users.xml (after updated)

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
  <role rolename="manager"/>
  <role rolename="admin"/>
  <user username="admin" password="admin" roles="admin,manager"/>
</tomcat-users>

To enable admin access, just update the content like above. Saved it and restart Tomcat, now you can access Tomcat admin or manger pages with user = “admin” and password = “admin“.

Different Types of MalwareMalware is a collective term used to represent virus, worms, spyware and other malicious programs out there on the Internet. In simple words, any software program that is intended to cause direct or indirect harm to the computer system is referred to as a malware.

Some malware programs cause serious problems such as destroying the system files, causing disruption to the computer operation or gathering sensitive information while others may only have a light impact such as redirecting websites to pornographic content or annoying the users with pop-ups and banners.

In the normal routine, we have often seen every malicious program being referred to as a virus, but this is not correct! In fact, as mentioned earlier, there exists several malicious programs where virus is one among them. Now, many of you may be wondering to know what’s the difference between them. Well, this article gives a detailed information on different types of malware that exist, how they work and how they differ from each other:

Computer Virus:

As we all know, this is the type of malware that has become highly popular and is one of the most widely discussed topic in the field of computer security. A virus is just a computer program that is designed to take unauthorized control of the infected computer so as to cause harm to the system’s data or degrade its performance.

Mode of operation:

Computer viruses operates by attaching themselves to an already existing file or program and replicates itself to spread from one computer to another. In most cases, they tend to infect executable files that are parts of legitimate programs. So, whenever the infected file is executed on a new computer, the virus gets activated and begins to operate by further replication or causing the intended damage to the system.

A virus cannot perform its task of harming and replication unless it is allowed to execute. This is the reason why viruses often choose an executable file as its host and get attached to them. Viruses are mainly classified into two types:

Non-Resident Viruses: This kind of virus will execute along with its host, perform the needful action of finding and infecting the other possible files and eventually transfers the control back to the main program (host). The operation of the virus will terminate along with that of its host.

Resident Viruses: In case of resident viruses, whenever the infected program is run by the user, the virus gets activated, loads its replication module into the memory and then transfers the control back to the main program. In this case, the virus still remains active in the memory waiting for an opportunity to find and infect other files even after the main program (host) has been terminated.

Damages caused:

Viruses are known to cause destruction of data and software programs. In some cases, a virus may do nothing other than just replicating itself. However, they are responsible for using a large portion of the system resources such as CPU and memory which results in the performance degradation of the computer.

In order to stay protected from a virus infection, you may refer my other post on 12 tips to maintain a virus free computer.

Trojan horse:

A Trojan horse or simply called as Trojan is a type of malicious program that disguises itself as something that is legitimate or useful. The main purpose of a trojan is to gain the trust of the user from the front end, so that it gets the permission to be installed. But, from the back end, it is designed to grant unauthorized control of the computer to the hacker.

Mode of operation:

A Trojan horse do not depend on the host to carry out its operation. So, unlike a computer virus, it does not tend to attach itself to other files. Trojans are often disguised as video codecs, software cracks, keygens and other similar programs downloaded from untrusted sources. So, one has to be careful about those untrusted websites that offer free downloads.

One of the most poplar example is the DNSChanger trojan that was designed to hijack the DNS servers of the victimized computers. It was distributed by some of the rogue pornographic websites as a video codec needed to view online content.

Damages caused:

Trojan horses are known to cause a wide variety of damages such as stealing passwords and login details, electronic money theft, logging keystrokes, modify/delete files, monitor user activity etc.

Worms:

Worms are standalone computer programs with a malicious intent that spread from one computer to another. Unlike viruses, worms have the ability to operate independently and hence do not attach themselves to another program.

Mode of operation:

Worms often use a computer network to spread itself by exploiting the security vulnerabilities that exist inside the individual computers. In most cases, worms are designed only to spread without causing any serious change to the computer system.

Damage caused:

Unlike viruses, worms do not cause damage to the system files and other important programs. However, they are responsible for consuming the bandwidth thereby degrading the performance of the network.

Spyware:

Spyware is a type of malicious software that can collect information about the activities of the target computer without the knowledge of its users. Spywares such as keyloggers are often installed by the owner or administrator of the computer in order to monitor the activities of the users. This can be a parent trying to monitor his child, a company owner trying to monitor his employee or someone trying to spy on his/her spouse.

Mode of operation:

Spywares are designed to operate in a totally stealth mode so that its presence is completely hidden from the users of the computer. Once installed, they silently monitor all the activities on the computer such as keystrokes, web activity, IM logs etc. These logs are stored secretly for later access or uploaded online so that the installer of the spyware program can have access to them.

Damage caused:

Apart from monitoring, spywares do not cause any damage to the computer. However, in some cases the affected computer may experience degradation in its performance.

Adware:

Adware is a software program that automatically renders advertisements to the users without their consent. Most common examples are pop-ups, pop-unders and other annoying banner ads. The prime reason behind the design of adware is to generate revenue for its author.

Mode of operation:

Adwares are are often bundled up with some of the free utilities such as a browser toolbars, video downloaders etc. When such programs are installed, the adware may take over and distract user activity by displaying annoying advertisements.

Damage caused:

Adware is harmless in most of the occasions. However, some are known to contain spywares that are used to monitor the surfing habits of users. This may pose a threat to the privacy of the users.

Web Services – Web Services Tutorials

Posted: January 12, 2012 in Random Posts
Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

In this section of the Web Services tutorial you will be familiarized with the Web Services.

Introduction

The next generation of distributed computing has arrived. A Web service is a unit of managed code that can be remotely invoked using HTTP, that is, it can be activated using HTTP requests.

Historically speaking, remote access to binary units required platform-specific and sometimes language-specific protocols. For example, DCOM clients access remote COM types using tightly coupled RPC calls. CORBA requires the use of tightly coupled protocol referred to as Internet Inter-ORB Protocol (IIOP), to activate remote types. Enterprise JavaBeans (EJBs) requires a Remote Method Invocation (RMI) Protocol and by and large a specific language (Java). Thus each of these remote invocation architectures needs proprietary protocols, which typically require a tight connection to the remote source.

One can access Web services using nothing but HTTP. Of all the protocols in existence today, HTTP is the one specific wire protocol that all platforms tend to agree on. Thus , using Web services, a Web service developer can use any language he wish and a Web service consumer can use standard HTTP to invoke methods a Web service provides. The bottom line is that we have true language and platform integration . Simple Object Access Protocol (SOAP) and XML are also two key pieces of the Web services architecture.

What is a Web Service

Web services constitute a distributed computer architecture made up of many different computers trying to communicate over the network to form one system. They consist of a set of standards that allow developers to implement distributed applications – using radically different tools provided by many different vendors – to create applications that use a combination of software modules called from systems in disparate departments or from other companies.

A Web service contains some number of classes, interfaces, enumerations and structures that provide black box functionality to remote clients. Web services typically define business objects that execute a unit of work (e.g., perform a calculation, read a data source, etc.) for the consumer and wait for the next request. Web service consumer does not necessarily need to be a browser-based client. Console-baed and Windows Forms-based clients can consume a Web service. In each case, the client indirectly interacts with the Web service through an intervening proxy. The proxy looks and feels like the real remote type and exposes the same set of methods. Under the hood, the proxy code really forwards the request to the Web service using standard HTTP or optionally SOAP messages.

Web Service Standards

Web services are registered and announced using the following services and protocols. Many of these and other standards are being worked out by the UDDI project, a group of industry leaders that is spearheading the early creation and design efforts.

Universal Description, Discovery, and Integration (UDDI) is a protocol for describing available Web services components. This standard allows businesses to register with an Internet directory that will help them advertise their services, so companies can find one another and conduct transactions over the Web. This registration and lookup task is done using XML and HTTP(S)-based mechanisms.

Simple Object Access Protocol (SOAP) is a protocol for initiating conversations with a UDDI Service. SOAP makes object access simple by allowing applications to invoke object methods or functions, residing on remote servers. A SOAP application creates a request block in XML, supplying the data needed by the remote method as well as the location of the remote object itself.

Web Service Description Language (WSDL), the proposed standard for how a Web service is described, is an XML-based service IDL (Interface Definitition Language) that defines the service interface and its implementation characteristics. WSDL is referenced by UDDI entries and describes the SOAP messages that define a particular Web service.

ebXML (e-business XML) defines core components, business processes, registry and repository, messaging services, trading partner agreements, and security.

Implementing Web Services

Here comes a brief step-by-step on how a Web service is implemented.

  • A service provider creates a Web service
  • The service provider uses WSDL to describe the service to a UDDI registry
  • The service provider registers the service in a UDDI registry and/or ebXML registry/repository.
  • Another service or consumer locates and requests the registered service by querying UDDI and/or ebXML registries.
  • The requesting service or user writes an application to bind the registered service using SOAP in the case of UDDI and/or ebXML
  • Data and messages are exchanged as XML over HTTP

Web Service Infrastructure

Even though Web services are being built using existing infrastructure, there exists a strong necessity for a number of innovative infrastructures. The core architectural foundation of Web services are XML, XML namespaces, and XML schema. UDDI, SOAP, WSDL, ebXML and security standards are being developed in parallel by different vendors

Web Services Technologies and Tools

There are a number of mechanisms for constructing Web services. Microsoft has come out with a new object-oriented language C# as the development language for Web services and .NET framework. Microsoft has an exciting tool called Visual Studio .NET in this regard. The back end database can be Microsoft SQL Server 2000 in Windows 2000 Professional.

Sun Microsystems has its own set of technologies and tools for facilitating Web services development. Java Servlets, Java Server Pages (JSPs), Enterprise JavaBeans (EJB) architecture and other Java 2 Enterprise Edition (J2EE) technologies play a very critical role in developing Web services.

There are a number of tools for developing Web services. They are Forte Java IDE, Oracle JDeveloper, and WebGain Studio.

Sun Microsystems has taken an initiative called Sun ONE (Open Network Environment) and is planning to push Java forward as a platform for Web services. It is developing Java APIs for XML-based remote procedure calls and for looking up services in XML registries – two more JAX family APIs: JAX/RPC (Java API for XML Remote Procedure Calls) and JAXR (Java API for XML Registries). These will wrap up implementations of Web services standards, such as SOAP and UDDI.

IBM also for its part has already developed a suite of early-access tools for Web services development. They are Web Services Toolkit (WSTK), WSDL Toolkit, and Web Services Development Environment (WSDE).

Apache Axis is an implementation of the SOAP (“Simple Object Access Protocol”) submission to W3C.

From the draft W3C specification:

SOAP is a lightweight protocol for exchanging structured information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses.

Apache Axis is an Open Source SOAP server and client. SOAP is a mechanism for inter-application communication between systems written in arbitrary languages, across the Internet. SOAP usually exchanges messages over HTTP: the client POSTs a SOAP request, and receives either an HTTP success code and a SOAP response or an HTTP error code. Open Source means that you get the source, but that there is no formal support organization to help you when things go wrong.

Conclusion

For the last few years, XML has enabled heterogeneous computing environments to share information over the Web. It now offers a simplified means by which to share process as well. From a technical perspective, the advent of Web services is not a revolution in distributed computing. It is instead a natural evolution of XML application from structured representation of information to structured representation of inter-application messaging.

Prior to the advent of Web services, enterprise application integration (EAI) was very difficult due to differences in programming languages and middleware used within organizations. This led to the situation where interoperability was cumbersome and painful. With the arrival of Web services, any application can be integrated as long as it is Internet-enabled.

It is difficult to avoid the popularity and hype that is surrounding Web services. Each software vendor has some initiative concerning Web services and there is always great speculation about the future of the market for them. Whichever way it turns out, Web service architectures provide a very different way of thinking about software development. From client-server to n-tier systems, to distributed computing, Web service applications represent the culmination of each of these architectures in combination with the Internet.