how to include a trap door in my system

i m making a project for a company in that project i have to include a trap door for the debugging purpose how to do that does any one has any idea ?

What kind of application is this - desktop? web app? Something else? What is the hidden access supposed to accomplish? How does access control work in general for that app?

During the development phase, it is easy. Just turn on the debugger and do it. I still have to find a JVM-based system that I can't in one way or another attach a debugger to. Desktop, web or embedded.

On stage and production environments, we have a slightly more difficult situation. We can't just start the system in debug mode and step-debug since many users might use our application. We need to use another mechanisms. If it is memory or performance issues, you might use a Profiler, like YourKit or JVisualVM and attach to the production system. That will give you a hint on where to start looking.

However, that does not solve or help with logical bugs. For that, we need information about what the application is doing. For this, we use logs. Then what should you log? I would say "anything that might help you find the error". But then you need to have Trace and error strategy for your application. One rule could be to always log when an Exception is thrown/created and what the state was. Another is when it is catched. You could have a rule that every method should log whenever it is entered and with what parameters and when it exits and with what return value. That one is a tedious and time-consuming task for a programmer and I usually end up using AspectJ if I need this kind of logging. Another approach is to just do it on code that you think could be in need of debugging.

All this kind of debug logging statements be done under a log level that is not usually used. Like Log4J's DEBUG. All statements should be guarded with a check if the debug level is activated or not to avoid calling on the logger if not needed.

Then comes your $1.000.000 question: How to control it? You need a way to turn on and off the traces for different packages. I use a JMX-enabled controller for this (http://code.google.com/p/logging-jmx-service/). In some environments, I can't attach with JMX and then we use file based configurations that are read periodically.

I avoid talking about trapdoors with customers. They tend to start thinking about hackers. I use "maintainability measures".

Tim Moores wrote:What kind of application is this - desktop? web app? Something else? What is the hidden access supposed to accomplish? How does access control work in general for that app?

hi i m a engg. college student and i m developing a desktop app for a co. to meet their bussiness goals i have learned about trap doors ...and i want to develop one in my application
what i m planning is creating a connection module in that app and in that i will open port 5000 or any other port of the computer which is running my app and once my computer got connected to that remote computer i should be able to view and get access to the source code somehow
can i do this in this way or this is a wrong approach for a trap door thing ?
suggestions are most welcome ....i m always open to learn new new things and no matter what i learn couple of programming stuff every day !

Ove Lindström wrote:During the development phase, it is easy. Just turn on the debugger and do it. I still have to find a JVM-based system that I can't in one way or another attach a debugger to. Desktop, web or embedded.

On stage and production environments, we have a slightly more difficult situation. We can't just start the system in debug mode and step-debug since many users might use our application. We need to use another mechanisms. If it is memory or performance issues, you might use a Profiler, like YourKit or JVisualVM and attach to the production system. That will give you a hint on where to start looking.

However, that does not solve or help with logical bugs. For that, we need information about what the application is doing. For this, we use logs. Then what should you log? I would say "anything that might help you find the error". But then you need to have Trace and error strategy for your application. One rule could be to always log when an Exception is thrown/created and what the state was. Another is when it is catched. You could have a rule that every method should log whenever it is entered and with what parameters and when it exits and with what return value. That one is a tedious and time-consuming task for a programmer and I usually end up using AspectJ if I need this kind of logging. Another approach is to just do it on code that you think could be in need of debugging.

All this kind of debug logging statements be done under a log level that is not usually used. Like Log4J's DEBUG. All statements should be guarded with a check if the debug level is activated or not to avoid calling on the logger if not needed.

Then comes your $1.000.000 question: How to control it? You need a way to turn on and off the traces for different packages. I use a JMX-enabled controller for this (http://code.google.com/p/logging-jmx-service/). In some environments, I can't attach with JMX and then we use file based configurations that are read periodically.

I avoid talking about trapdoors with customers. They tend to start thinking about hackers. I use "maintainability measures".

yes ove you are right i m also feeling that asking about trap door gives a feel of hacking but after all it is all about programming practices and security right .

naved momin wrote:

Tim Moores wrote:What kind of application is this - desktop? web app? Something else? What is the hidden access supposed to accomplish? How does access control work in general for that app?

hi i m a engg. college student and i m developing a desktop app for a co. to meet their bussiness goals i have learned about trap doors ...and i want to develop one in my application
what i m planning is creating a connection module in that app and in that i will open port 5000 or any other port of the computer which is running my app and once my computer got connected to that remote computer i should be able to view and get access to the source code somehow
can i do this in this way or this is a wrong approach for a trap door thing ?
suggestions are most welcome ....i m always open to learn new new things and no matter what i learn couple of programming stuff every day !

This is what is called a debug agent. There are several already out there that are really good. Such as YourKit or the built-in java debugger from the JDK. The thing is that on that computer you most likely need to have the JDK installed.

naved momin wrote:yes ove you are right i m also feeling that asking about trap door gives a feel of hacking but after all it is all about programming practices and security right .

Correct. But what I am trying to say is "Do not re-invent the wheel". Using debug agents, JMX, loggers and other monitor tools that are already available out there would be much more beneficial to the company that you are working for than you coding one. If I require from a project that the application should log all their transactions into a database AND a file, I really don't expect the developers to start coding a logging framework. I expect them to use Log4J or any other suitable logger.



PS: Read https://coderanch.com/how-to/java/UseRealWords

Ove Lindström wrote:

naved momin wrote:

Tim Moores wrote:What kind of application is this - desktop? web app? Something else? What is the hidden access supposed to accomplish? How does access control work in general for that app?

hi i m a engg. college student and i m developing a desktop app for a co. to meet their bussiness goals i have learned about trap doors ...and i want to develop one in my application
what i m planning is creating a connection module in that app and in that i will open port 5000 or any other port of the computer which is running my app and once my computer got connected to that remote computer i should be able to view and get access to the source code somehow
can i do this in this way or this is a wrong approach for a trap door thing ?
suggestions are most welcome ....i m always open to learn new new things and no matter what i learn couple of programming stuff every day !

This is what is called a debug agent. There are several already out there that are really good. Such as YourKit or the built-in java debugger from the JDK. The thing is that on that computer you most likely need to have the JDK installed.

yes i can do that i can installed jdk on that system ..but here you are saying me that i have use a tool for a trap door ?
or i need to apply my logic for a trap door kind of thing ?
please explain

naved momin wrote:yes i can do that i can installed jdk on that system ..but here you are saying me that i have use a tool for a trap door ?
or i need to apply my logic for a trap door kind of thing ?
please explain

What I am saying is that this is one of the oldest issues when writing software and millions of man days have been used to try to solve it. So to keep you from using a lot of time to develop a "trap door" where you try to open a socket and attach to it using another developed program of yours, I am trying to point you into the direction of the already existing ways of doing it.

And there you have, in order off appearance:
- Logs and traces: make sure that you get a file that can show you what is happening when things goes bad. This one is easy. Use Log4J or any other logging framework.
- JMX: Can tell you the state of the application. Used by JVisualVM and other tools. This is most likely closest to what you have in mind for a "trap door".
- Debug agents: programs that are inserted into the JVM when it starts and that guards and reports what is happening so that you can create breakpoints for when things goes wrong.

So to follow up on my previous post:

Q: Have you used a logging framework like Log4J in your application to enable you to gain knowledge of that the application is doing?

Q: Have you ever tried to debug your application? I don't know if you use an IDE, but this is how it is done in Eclipse. http://www.ibm.com/developerworks/library/os-ecbug/

Ove Lindström wrote:So to follow up on my previous post:

Q: Have you used a logging framework like Log4J in your application to enable you to gain knowledge of that the application is doing?

Q: Have you ever tried to debug your application? I don't know if you use an IDE, but this is how it is done in Eclipse. http://www.ibm.com/developerworks/library/os-ecbug/

thanks for the explaining once again ove
the log file which you are telling i have already decide to use it in my application but thanks to you i have not known about the Log4J and all i was about to code the log manually by myself for each and every steps and start appending that to a log file
but know i will definately have a look on log4j and others for my application ...i was not knowing about such things
first i need to know what they are ? what they do ? and how to use them in a IDE like nb ? then i will come up a something
but anyways thanks again

naved momin wrote:thanks for the explaining once again ove
the log file which you are telling i have already decide to use it in my application but thanks to you i have not known about the Log4J and all i was about to code the log manually by myself for each and every steps and start appending that to a log file
but know i will definately have a look on log4j and others for my application ...i was not knowing about such things
first i need to know what they are ? what they do ? and how to use them in a IDE like nb ? then i will come up a something
but anyways thanks again

You are most welcome. This is why we dinosaurs are here. For you young mammals to drain our knowledge and avoid doing our mistakes over again.