aspose file tools*
The moose likes Developer Certification (SCJD/OCMJD) and the fly likes Cookie in data file Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Developer Certification (SCJD/OCMJD)
Bookmark "Cookie in data file" Watch "Cookie in data file" New topic
Author

Cookie in data file

Anayonkar Shivalkar
Bartender

Joined: Dec 08, 2010
Posts: 1510
    
    5

Hi,

As per the format of data file, first 2 bytes are reserved for cookie value.

So, while validating the data file, I'm reading first 2 bytes of the data file (provided from GUI) and checking its value with cookie in original file. If that value does not match, I'm exiting the application.

Is this approach valid for data file validation? Or anything else can be done?

Thanks in advance.


Regards,
Anayonkar Shivalkar (SCJP, SCWCD, OCMJD, OCEEJBD)
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5545
    
  13

I validated against a hard-coded value, no entry in the GUI


SCJA, SCJP (1.4 | 5.0 | 6.0), SCJD
http://www.javaroe.be/
Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

I validated against a hard coded value as well. I also validated the file based on other criteria.

But that is an interesting approach to allow the end user to specify the value.

I can't see anything wrong with your approach. The only thing that I would suggest is to include the value in your documentation.


SCJP (1.4 | 5.0), OCJP (6.0), OCMJD
Anayonkar Shivalkar
Bartender

Joined: Dec 08, 2010
Posts: 1510
    
    5

I think my statement
I'm reading first 2 bytes of the data file (provided from GUI)

created some confusion.

By above statement, I meant to say that data file will be provided from GUI (and not the cookie value)

I'm doing the same thing as Roel did (hard-coding the cookie value in code).

Thanks.
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5545
    
  13

Sean Keane wrote:But that is an interesting approach to allow the end user to specify the value.

I don't like it, simply because why would you bother the end user to enter some kind of strange (for him/her) value to be able to work with the application. That would be the same thing if you made some order in an online shop, you first have to enter the location (on their server) where to store the invoice of your order.

Glad to hear he just uses a hard-coded value to validate against
Roberto Perillo
Bartender

Joined: Dec 28, 2007
Posts: 2267
    
    3

Roel De Nijs wrote:I don't like it, simply because why would you bother the end user to enter some kind of strange (for him/her) value to be able to work with the application.


Agreed. Other than that, the cookie value is a kind of mechanism to provide some security, so only known data files are used. If you let the user provide the cookie value, then an unauthorized person could change the data file and use it successfully.


Cheers, Bob "John Lennon" Perillo
SCJP, SCWCD, SCJD, SCBCD - Daileon: A Tool for Enabling Domain Annotations
Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".

But for this assignment I think anything other than the simple approach of validating against a hard coded value would of no benefit.

Roberto Perillo
Bartender

Joined: Dec 28, 2007
Posts: 2267
    
    3

Sean Keane wrote:From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".


Well, I kindda' agree. But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5545
    
  13

Roberto Perillo wrote:But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.

Agreed!
Sean Keane
Ranch Hand

Joined: Nov 03, 2010
Posts: 581

Roberto Perillo wrote:
Sean Keane wrote:From the view point of the person starting the server, you could view the magic-cookie as a key which allows the admistrator to specify that they only want to start a database containing their known key e.g. "I only want to start databases containing my special key of 23".


Well, I kindda' agree. But I'd say that it would be better to place this kind of information in a .properties file. Because this is more of an infrastructure information.


This is all theoretical as I think we all agree that allowing the user to specify the magic cookie value wouldn't be the way to go for this assignment.

But whether it is infrastructure or not would depend on the requirement. Since each of us probably has our own idea of the non-existent requirement, then we'll have our own opinion .

It's conceivable that an admin user who is starting up the server may want to enter their "special key" through the user interface.

Either way, whether you hide the functionality to specify the magic cookie value in a properties file, or you make it more obvious in the GUI, the end result is the same in both scenarios. The core functionality is that you are allowing a user to pass the magic cookie value into the program.
Roel De Nijs
Bartender

Joined: Jul 19, 2004
Posts: 5545
    
  13

Sean Keane wrote:It's conceivable that an admin user who is starting up the server may want to enter their "special key" through the user interface.

I can see where you go in the network mode, but what about the standalone mode? It's a simple CSR who starts the application and then has to provide some special key.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Cookie in data file