satish bodas

Ranch Hand
+ Follow
since Jun 19, 2008
Merit badge: grant badges
For More
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by satish bodas

Thanks a bunch Bert for giving an insight

I dont know how much I can achieve - but will start giving it a thought and then some shot !

Thanks ,
14 years ago
Thanks James and Ilja for the details .

If one wanted to approach writing a chess game what would be the considerations .

Most rudimentary ( and probably impossible approach )
To take a stab ::

First move by white consists of following possibilities ::
16 Pawn moves
4 Knight moves ( 2 possible moves for each Knight)

So total possibilities = 20 for the first move by white

Now for each move the possibilities grow exponentially .

Obviously this is not the way to go .
Also rather than just brute force - there is also the need to make the best possible move

Just curious - how are such programs written ?

what is the approach used ?

how is the inteligence of choosing the best move written ?

Thanks ,
[ October 09, 2008: Message edited by: satish bodas ]
14 years ago
Hello ,

I was bitten with the sudoku bug and was an avid solver of the daily sudo in the newspaper.

Thought would go about developing a program that would solve the puzzle once you feed it the problem .

I thought of two posible approaches
- apply brute force
- apply logic

Went with the apply logic approach ::

what I did was whenever I could deduce a solution to one of the sqaures manually - I listed down the steps / rules used to deduce the solution

I then converted these steps / rules into programmatic logic

That way whatever puzzles my mind could solve I put them down into code

I was able to solve simple / medium level puzzles

since I myself am not able to solve complex / difficult sudoku puzzles ( my limitation ) - couldnt write the code .

what are your thoughts ?

just curious - is this approach even remotely close to AI ?

Looking forward to your comments !

Thanks ,
14 years ago
Hello ,
In current project I am supposed to be working on the architecture of the project .

To be honest I dont have a clue

Can somebody help me with ::
- what would be good books to read which are more practical than theory
- what is the realistic flow ? i.e req spec >> use cases >> architecture >> design >> implementation ?
- how does architecture differ from design ?

- what are the considerations in architecture

Our project is a web based application intended to take care of adminsitration of multiple products
( common user mgmt etc )

PS :: Head first ooad is what I am referring to

Thanks ,
Hello ,
Trying to understand seam and what I understand is ::
- acts like a glue to bind JSF and EJB

For this - why do I need a framework .

There is one more rant - but thats more for jsf - I find it difficult to grasp

Struts is so much more simpler !

Thanks ,
Hello ,
I am new to web services and have a question ::

Scenario ::
Need to invoke a web service that would store some information in db
also would need to myself write some data to a local db

So essentially have to perform two operations
will be using a sateless session bean ( ejb 3.0 )

If the order of operations is ::
1 >invoke web service
2 >write to local db

If there are errors while I try and write to local db - can the data in web service be reversed ?

one solution could be first write to local db .....

However I want to first invole web service

Thanks ,
14 years ago
hello ,
just wanted to know which is the best tool to use for profiling jboss ?

In eclipse I see a option >> start in profile mode but gives an error - no profiler set

is there any good profiler plugin for eclipse that will work well with jboss 4.2.2 ga ?

Thanks ,
14 years ago
hello ,
I start jboss in debug mode

However i am unable to start debugging

The error I get is "unable to connect"

I am sure this is related to the port no .

Question is how do I know the port no configured to run in debug mode when i do the same through eclipse

( normally I specify the same in jboss file :: run.bat )

Thanks ,
14 years ago
I had posted a few of my queries earlier regarding SSL and thanks to the forum members got a lot of concepts cleared / understood

I get a lot of crappy emails in mailbox related to phishing

"your account has irregularities ...... click here to login ...... etc etc"

I normally ignore / delete such emails

But after the refresher on security I wanted to test / play around .

So on one such received emails ( for a bank that I dont even have an account with ) - I clicked on their "click here" link

It opened up a browser and then a pop up came up regarding the certificate

What I found strange is ::

1 >The certificate was issued by a trusted certifying authority
2 >The certificate date is valid

The only place where the warning came up in IE was ::

Name on the security certificate is invalid or does not match the name of the site

I understand why this is happening .
In the browser the site is seen as ::
while the name in certificate is ::

Now what I find strange is if I was the one spoofing / creating such sites

lets say :: - than I would also get the certificate from any trusted ca with the name as

That way in IE there would be no warnings and the certificate would get accepted ?

am I missing something

PS :: my intent is not malicious - am trying to understand !

Thanks ,
[ September 18, 2008: Message edited by: satish bodas ]
14 years ago
thanks Pat , Ulf and Greg for clearing my concepts.

Thanks ,
14 years ago
Thanks Ulf for the detailed explanation .

(As an aside, make sure you understand the difference between an encoding and an encryption).

spot on - that should have been encryption / decryption rather than encode /decode . Thank you.

I am still confused with a few points though
To quote Greg in earlier post ::

However, SSL does not require authentication and provides the DH anonymous ciphersuites for unauthenticated connections. These ciphersuites are also implemented in the JSSE, and can be identified by the string 'DH_anon' in the SunJSSE provider documentation

Question A ::
So my understanding is - SSL can also be used without a "authenticating" certificate ?
This may be rarely used - but if so desired can be used without a certificate ?

To further quote ::

#2 and #3 - Those are the same (HTTPS always involves a certificate). ...

So Ulf believe you are referring to the most used and predominant usage of https ( with certificates ) ?

Question B ::
who is responsible for the encryption ?
( when we use ssl with certificates )
Is the encryption an inherent part of https or is it the certificate that specifies the encryption /decryption algorithm

but these days always every certificate uses 128 bit.....

From this statement of yours - i guess its the certificate that decides the algorithm for encryption / decryption

Question C ::
So if I create a certificate using keytool can I guarantee that it uses 128 bit ?
and if so than why should I spend a lot of money to buy a certificate from these companies .
If my certificate is as secure as theirs ( agreed their algorithms will be more complex ) - but as Ulf specified if keytool gives me 128 bit than thats a tought nut to crack right ?

Question D ::
Continuation of question C
So the value addition of a certifying authority is that they are "trusted"
I recently had read a KPMG pdf downloaded article regarding how certifying authorities are now also issuing certificates minus the authentication !
( agreed - end users customers may not trust a certificate posing as "satish bodas" not signed by Thawte / verisign etc )

Question E :: ( final question honest ! )
where can I get a good read / understanding about the public / private key ?

Thank you Greg , Pat and Ulf for enhancing my knowledge .

14 years ago
Thanks Greg and Pat for your replies .

what I meant by secure regarding ssl ( corrected as tls ! ) is what is it that guarantees its "secureness" ?

To postulate ::
If I were a hacker and lets say someone was posting his login credentials on a form ::

1 >Plain http :: How do I get to "sniff" this data ?
Is it at all possible
I want to know more as an education rather than any ill intent

2 >same as 1 but scenario with https

3 >same again + https + certificate

Regarding certificates - so all that the certificating authority does is
give out an encoding / decoding mechanism ?
( I have my beginner's questions regarding certificates ... which I will ask in a separate thread )

So all that these authorities are supposed to "authenticate" is to verify that I am really who I proclaim to be is that it ?

Scenario ::

I start a B to C business and want end users to buy stuff over the internet
To keep it safe decide to use https with certificates
( this is just a simple abstraction .... sure there will be much more involved )

Now I have two choices ::
1 >buy a certificate from a certificating authority ( thawte , verisign etc )
2 >Create my own certificate using jdk

Use this certificate on web server

Any client accessing the site is asked to either "accept / decline / " certificate .

From my personla experience ( and you can call me a fool ! ) I hardly bother reading any of the popo ups or ads .
If I am online and want to do a transaction - I just hit the website - if I get such certificate popup - simply accept and moce on

IN such scenarios ::

1 >How does someone else fake my certificate
2 >Even if we have a valid / false certificate - for people like me who blindly accept - it doesnt matter does it

Last question - for some sites like citibank on https - when I login I do not see this popup ?

is it because these certificates are by default accepted by bropwser ?

so if I purchase a certificate from thawte / verisign - than my site also wouldnt show this popup ?

long post and I agree it may not be very clear but as thoughts came to mind I put them down .

Thanks ,
14 years ago
hello ,
have been searching on java ranch and also jdk documentation regarding security .

( I am new to security ! )

My questions were ::
1 >If we use SSL we try and make the communication secure - how is it determined that the communication is secure

2 >Is it always necessary to have certificates when we use SSL ?

How is the encryption decryption happening between client and server ?

Thanks ,
14 years ago
Hello ,
I did try and do a search on this forum but am not able to successfully do what I want .

My understanding of a Virtual host :: On same Tomcat want to host two applications having their own urls ::
example :: &

With this understanding I tried to setup a virtual host ::
In "server.xml"

The portion in bold is the one that I wanted to add as a new host

Tried accessing the above using the URL ::

Nothing happened .
So I added following entry in my host ::

Now above URL works .

However I wastnt very sure if it "really" worked - so I commented out the "host" entry in "server.xml" and then retried the URL

Problem 1 ::
Browser still showed me the index page of ROOT application
So that means my new virtual host is NOT being used but "default host"

How do I ensure that my new Virtual host is used ?

Problem 2 ::
Under the "localhost" which is default I have a application supplied by Tomcat called ROOT
In this exists a JSP called index.jsp

Even if I make any changes to this file Tomcat still shows up the same page

Where is tomcat getting the details from ?

any help is appreciated
Thanks ,
14 years ago