blog.kdgregory.com

Showing posts with label security. Show all posts
Showing posts with label security. Show all posts
Saturday, December 18, 2021

My take on the Log4J 2.x vulnerability

›
A week ago, a lot of Java application developers learned that their applications harbored a severe vulnerability, courtesy of the Log4J 2.x...
Sunday, December 16, 2018

Database Connection Pools Need To Evolve

›
I never thought very deeply about connection pools, other than as a good example of how to use phantom references. Most of the projects th...
Friday, January 27, 2017

Trusting the Internet: Picking Third-Party Libraries

›
Many applications today are like the human body: * a relatively small proportion of “in-house” code, leveraged by dozens if not hundre...
Monday, November 23, 2015

Java Object Serialization and Untrusted Code Execution

›
This past week we had a mini-fire-drill at work, in response to a CERT vulnerability note titled “Apache Commons Collections Java library ...
Friday, July 24, 2015

Have I Been Hacked?

›
Twenty-five years later I can still remember how I felt, returning home that day. Being burgled is a surrealistic experience: you notic...
Monday, August 17, 2009

Designing a Wishlist Service: Security

›
Security is the red-headed stepchild of the web-service world. Sure, there's WS-Security , which may be useful if you're using SOAP...
›
Home
View web version
Powered by Blogger.