Saturday, August 29, 2009

ABC of Multibyte Characters….

So how many times you have seen some strange characters in any email or in any web site. How many times as a developer you have seen that your code/ content is getting converted to ‘?’ and users complained for you.

Previously internet was limited to english (ASCII )but as soon as it started going global, ASCII was not able to help…..

If you want to read ABC of multibyte characters, ABC of character sets…. read this article written by Joel, one of my favorite writer…

http://www.joelonsoftware.com/articles/Unicode.html

Sunday, April 19, 2009

Steal the Session…

As we all know HTTP is a stateless protocol so how your web application maintain the state of a user/client. You all know it – this thing is called as ‘Session’. Server initiates a session as soon as any client request him for something (HTTP Request).

So when I log in to any web application using my registered user id and password, server maintains a session which is basically a long unique alphanumeric id. Just think like a hacker, this long unique alphanumeric id is your KEY to log in to website. Believe me its not very easy but not very difficult also ;).

There is one technique under which people use lot of real data and analyze that to get the clue of the formula used for generating the session id.

I will share a very simple technique which can be called as session stealing but here comes a condition which should be fulfilled.

Normally people feel that when they log into a website using their user id and password only then a session gets created BUT as I said above, server generates a session as soon as client does its first HTTP Request. So when client/browser asks for the web page in which user had to enter his details, a session get created.

1 - Open any page which asks for your user id and password

2- Type in the address bar of the browser:: javascript:alert(document.cookie);

This will give your session id. Secure websites change the session id as you logs into the website but some foolish webmasters don’t do that. If you know any website like that:

1- Open the webpage which asks for your login details

2- Type in the address bar of the browser:: javascript:alert(document.cookie);

3- Note down this id and ask any of your friend to log into that website using his details. (Obviously through the same Login webpage)

4- Use any other PC and open that Login page and type in the address bar::   javascript:alert(document.cookie="XXX");

Replace XXX with the value which you noted earlier. (In the 3rd step)

Its done. You have successfully stolen your friend’s session. Now hit any internal URL of the website and it will not ask you for login ;)

Fix: Not difficult, just do not forget to change the session id after a user logs into your website/system.

Saturday, March 28, 2009

Online Office Suite

Remember the days, when MS Office was a must requirement for any Good office job. I salute to Microsoft for this whole Office idea. It gave some more time to government officials for gossiping about politics. It was one of the coolest research of that era.

Office suite (but not Microsoft Office) moved online. Kudos to some great work by Google Docs, Zoho, Thinkfree, now you can create your Document, Spread Sheet and Presentation online and can share them with your friends. You along with your friends can simultaneously work on a document or a presentation. This is termed as ‘collaboration’.

Actually this whole concept is known as SAAS (Software As A Service) because these SAAS vendors will let you use their software at some nice price. You use them without even installing them in your machine so there is no initial requirement of your processor or disk space to run this software which actually is a service.

I use Google Docs and Zoho. Both tools are ultimate and easy to use.

There is also a news of Microsoft entering into this field with its Online MS Office. Adobe has also bought Buzzword which in an online Document creation utility.  Apple has also entered in this market with its iBook which presently works for Apple users only.

So, is anyone left?? All biggies are competing here just to provide you an ultimate experience with their online office suite products.

Are you listening?? :P

Thursday, March 26, 2009

Google Profile

I always hate to fill a section which is very popularly known as ‘About Me’. How the hell I can type those 1024 or some random number characters, each and every time I visit a new site.

Believe me I really hate this and I very strongly feel that for most of you, this would be very irritating. When they can come up with ‘Open Id’ thing, WHY NOT no one thought about ‘About Me’ section…. After all this section is the next important thing after your user id and password.

Google thought about it and they have allowed a user to create a public profile which COULD BE used among all Google services. Presently it supports Google Maps and Google Reader but I feel its good if they integrate ‘Google profile’ with all the services.

For ‘introvert’ or ‘anonymous’ people, who love to vary their profile information from one site to another, Google can provide an option to ‘not to use Google profile’ but I really love this. This great thought has already helped me to save some of my time. How??

I have already created a Google Profile and love to use it wherever I can. At  least, now I can copy my  ‘About Me’  information and can paste it where ever it is required. For example, I have used the same information in my Blogger Profile and in one of my blogs.

Create yours or see if you have already one :)

SCJP 1.6 conquered!!!

I never wanted to write any technical stuff because I know how boring it is! But then I realized what if I can try to tell technical things in very very simplified way. I mean, how I understand technical things, how I realize them and how actually I execute them.

Let me start with my first official certification:

I cleared Sun Certified Java Developer 1.6 on 2nd Feb with 86% marks. I missed 90s and Its ok :).

I will suggest :

1:  Buy a Kathy Sierra/Bert Bates book which has been written for SCJP purpose only.

2: Play this game whenever you are free in your office. I bet you would be 60% of your time :). When you start scoring 100% in these games, you can THINK of being an SUN Certified.

http://www.javaranch.com/game.jsp

http://www.javaranch.com/game/game2.jsp

3: Keep on solving some mock exams and visiting java sites and forums. Mock exams show your grey areas and that is really important. I will suggest to visit JavaBlackBelt, JavaPassion, JavaRanch. Once go through these sites, you will fall in love with them.

http://faq.javaranch.com/java/ScjpMockTests

4:  Most important, do not forget to solve a dump. But try to know the reason behind the answers, know the answers. Dump is itself a mock test which you should not learn by heart, solve it. I wasted my few days with Samrat and solved a dump from epad. We both challenged each other for the questions and never allowed one to tell any answer without a genuine reason. Strategy worked out and we were quite familiar with Sun’s 1.6 newly added features. Thanks Som ;)

You can found Epad’s dump here.

Hope I’ve not tried to brag a lot which I love to do. I know you will say ‘obviously, not!!’ :)