phprpc,xml,json,hessian 协议？

2:connection是默认自动提交事务的，要实现类似begintransaction和endtransaction的逻辑，要在begintransaction里面setAutoCommit(false),在endtransaction里面setAutoCommit(true),提交使用commit,回滚使用rollback。记住，要是同一个connection。

3:不要想一个命令里执行多个语句，一个里面执行多条要看实际实现。推荐使用addBatch，或者是多个命令，每个命令只执行一条。

4：存在不能回滚的语句，例如在mysql中:

有些语句不能被回滚。通常，这些语句包括数据定义语言（DDL）语句，比如创建或取消数据库的语句，和创建、取消或更改表或存储的子程序的语句。

Continue reading JDBC基础

it-e-63 Concept of Graphics and Images

28 Jul 2011 in 英语 on english, it

Image or Graphic? Technically, neither.[1]If you really want to be strict, computer pictures
are files, the same way WORD documents or solitaire games are files. They're all a bunch of ones
and zeros all in a row. But we do have to communicate with one another so let's decide.
Image. We'll use "image". That seems to cover a wide enough topic range.
"Graphic" is more of an adjective, as in "graphic format." we denote images on the Internet
by their graphic format. GIF is not the name of the image. GIF is the compression factors used to
create the raster format set up by CompuServe.
So, they're all images unless you're talking about something specific.
The images produced in Drawing programs (CorelDraw, Illustrator, Freehand, Designer etc)
are called vectorised graphics. [2]That is, all of the objects shown on the computer monitor are
representations of points and their relationship to each other on the work area, each of which is
stored in the computer as simple values and mathematical equations depicting: the relationship
between each point and the next point referenced to it, and the position (vector) of each point
referenced to a starting corner of the work area.
Bitmap pictures are stored as a vertical and horizontal array of Pixels and stored information
represents the colour of each of these pixels. The resolution of a bitmap picture describes how
many of these pixels exist over a set distance, usually horizontally: ie pixels per inch or pixels per
centimetre. An unaltered bitmap picture of 300 pixels / inch enlarged by 1000% will therefore
still have the same number of pixels across the actual picture area but each represented pixel will
cover a larger area.
[3]At such an enlargement, the picture would be of little use for reproduction unless viewed
from quite a long distance.
Bitmap or Photo-retouching programs are correctly called PAINTING PROGRAMS.
Vectorised drawings on the other hand can be enlarged as much as desired because, although the
above mentioned points on a drawing would be further apart, the relationship of any described line between
the points would always be the same. A single company logo file produced in a Drawing program could be
used for a business card, any brochure or poster, or plotting out to a Screen Print stencil 3 metres (9 feet)
wide, where as bitmap files would have to be created for every size used if practicable.
What is raster, vector, metafile, PDL, VRML, and so forth?
These terms are used to classify the type of data a graphics file contains.
Raster files (also called bitmapped files) contain graphics information described as pixels,
such as photographic images. Vector files contain data described as mathematical equations and

are typically used to store line art and CAD information. Metafiles are formats that may contain
either raster or vector graphics data. Page Description Languages (PDL) are used to describe the
layout of a printed page of graphics and text.
Animation formats are usually collections of raster data that is displayed in a sequence.
Multi-dimensional object formats store graphics data as a collection of objects (data and the code
that manipulates it) that may be rendered (displayed) in a variety of perspectives. Virtual Reality
Modeling Language (VRML) is a 3D, object-oriented language used for describing "virtual
worlds" networked via the Internet and hyperlinked within the World Wide Web. Multimedia file
formats are capable of storing any of the previously mentioned types of data, including sound and
video information.

1, deem [di:m]
vt. 认为，视作；相信
vi. 认为，持某种看法；作某种评价

2, stems
n. 茎（stem的复数）；树管；阻挡物
v. 起源于（stem的三单形式）；除去…的茎；给…装杆；止住
3, wiretap ['waiə,tæp]
v.&n. 窃听或偷录,窃听情报,窃听装置
4, solitaire ['sɔlitεə, ,sɔli'tεə]
n. 纸牌

5, denote [di'nəut]
vt. 表示，指示

6, depict [di'pikt]
vt. 描述；描画

7, brochure [bro'ʃur]
n. 手册，小册子

8, plotting ['plɔtiŋ]
n. 测绘；标图
v. [测] 绘图；密谋（plot的ing形式）

9, stencil ['stensəl]
n. 模版，蜡纸
vt. 用蜡纸印刷；用模板印刷

10, raster ['ræstə]
光栅,扫描线

Continue reading it-e-63 Concept of Graphics and Images

it-e-62 Security Policy Design Issues

27 Jul 2011 in 英语 on english, it

When designing a firewall system and its corresponding security policy, a number of
questions should be answered. The first question involves the company's expected level of
security. Is the company trying to restrict all access to services not deemed essential to the
business? Or does the company wish to allow all or most types of transactions, thus asking the
firewall system only to audit transactions and create an orderly request for transactions?
Restricting all access to services not deemed essential requires a more elaborate firewall system
and thus more work and expense. Allowing most types of transactions requires a simpler system
that only performs queue management operations and creates an audit trail.
A second question stems from the first decision: How much money is the company willing
to invest in a firewall system? Commercially-purchased firewall systems can be powerful,
complex, and expensive. It is possible, however, to construct a home-grown firewall system that
takes advantage of the capabilities of existing equipment, such as routers and network operating
systems. As we saw earlier, it is possible to restrict access into a system based on time of day,
day of week, and location. It is also possible to use existing software to create an audit trail of all
incoming and outgoing transactions. Depending on the detail of auditing required, additional
software can be purchased and installed that will work in concert with network operating system
software to provide any desired level of audits.
Similarly, many routers can be programmed to restrict access to certain kinds of traffic. A router
can be programmed to accept and reject requests with specific IP addresses or a range of IP addresses.
Routers can also be programmed to deny access to certain port addresses at the TCP level.
A third question relates to the company's commitment to security. If the company is serious
about restricting access to the corporate network through a link such as the Internet, will the

company be equally serious about supporting security on any and all other links into the
corporate network environment? Dial-up modem access, wireless network access, and other
telecommunication links should also be considered when making security decisions. Fax
machines, both stand alone and computer based, as well as removable disk media are two more
examples of how data may enter or leave a corporation. Any security policy must take these
entrance and exit points, as well as the Internet, into consideration.
Having a well-designed security policy in place will make the jobs of network support staff
clearer. The staff employees will know what the network users can and cannot access and where
they can and cannot go. A well-designed security policy will make enforcement more
straightforward, and it will allow the staff to react properly to specific security requests. The
policy will also make clear the goals and duties of network employees in enforcing security with
respect to requests from the outside. If there is a good security policy, the users themselves will
have a better understanding of what they can and cannot do. This understanding will hopefully
assist the network staff in conducting their jobs and will allow the company to maintain security
in an increasingly insecure world.
Perhaps because companies have well-designed security policies in place, many people who
use the Internet to purchase items online are growing comfortable with the fact that, if they
transfer credit card information during a secure session, their data is safe from hackers and other
eavesdroppers. This sense of security may change, however, because the Internet Engineering
Task Force is considering whether to allow a backdoor entry into all Internet traffic. This
backdoor entry would allow authorized persons to intercept any data traffic on the Internet. Since
this proposal appears to be a violation of privacy, why would anyone want to create such a
backdoor?
At the core of the argument is the fact that standard telephone systems currently allow
agencies of the U.S. government to wiretap communications. This wiretap occurs at the
telephone central office and is built into central office telephone switches.
The act that allows wiretapping (the Communications Assistance for Law Enforcement Act)
has been in existence since 1994. Now that the Internet is beginning to carry voice traffic, should
it also be possible for the U.S. government to wiretap voice transactions on the Internet? As one
critic of the proposal states, if they can tap voice, then they can tap data. Furthermore, if the
designers of the Internet create such a backdoor, it is also possible that this knowledge could fall
into the wrong hands and be used for criminal intent.
This issue is further complicated by the fact that many businesses presently encrypt all data
leaving the corporate network. Most encryption techniques used by businesses are so effective
that virtually no one, including the government, can crack them. If the network does the
encryption just before the data leaves corporate boundaries, then it would be the responsibility of
the corporate network support personnel to provide the U.S. government, if asked, with
unencrypted data. If, on the other hand, the encryption is applied at the user workstation before it
is inserted onto the corporate network, who will supply the U.S. government with the

unencrypted data? Clearly, this issue will be hotly debated for some time to come.
Despite the fact that a company may have a well-designed security policy in place, external
events are making this area more complex all the time.

1, deem [di:m]
vt. 认为，视作；相信
vi. 认为，持某种看法；作某种评价

2, stems
n. 茎（stem的复数）；树管；阻挡物
v. 起源于（stem的三单形式）；除去…的茎；给…装杆；止住
3, wiretap ['waiə,tæp]
v.&n. 窃听或偷录,窃听情报,窃听装置

Continue reading it-e-62 Security Policy Design Issues

it-e-61 Computer Security

26 Jul 2011 in 英语 on english, it

The techniques developed to protect single computers and network-linked computer systems
from accidental or intentional harm are called computer security. Such harm includes destruction
of computer hardware and software, physical loss of data, and the deliberate invasion of
databases by unauthorized individuals.
Data may be protected by such basic methods as locking up terminals and replicating data in
other storage facilities. Most sophisticated methods include limiting data access by requiring the
user to have an encoded card or to supply an identification number or password. Such procedures
can apply to the computer-data system as whole or may be pinpointed for particular information
banks or programs. Data are frequently ranked in computer files according to degree of
confidentiality.
Operating systems and programs may also incorporate built-in safeguards, and data may be
encoded in various ways to prevent unauthorized persons from interpreting or even copying the
material. The encoding system most widely user in the United States is the Data Encryption
Standard (DES) designed by IBM and approved for use by the National Institute of that are then
repeated several times. Very large-scale computer systems, for example, the U.S. military's
Advanced Research Project Agency Network (ARPANET), may be broken up into smaller
subsystems for security purposes, but smaller system in government and industry are more prone to
system-wide invasions. At the level of personal computers, security possibilities are fairly minimal.
Most invasions of computer systems are for international or corporate spying or sabotage,
but computer hackers may take the penetration of protected databanks as a challenge, often with

no object in mind other than accomplishing a technological feat. Of growing concern is the
deliberate implantation in computer programs of worms or viruses that, if undetected, may
progressively destroy databases and other software. Such infected programs have appeared in the
electronic bulletin boards available to computer users. Other viruses have been incorporated into
computer software sold commercially. No real protection is available against such bugs except
the vigilance of manufacturer and user.

1, invasion [in'veiʒən]
n. 入侵，侵略；侵袭；侵犯

2, sophisticated [sə'fistikeitid]
adj. 复杂的；精致的；久经世故的；富有经验的
v. 使变得世故；使迷惑；篡改（sophisticate的过去分词形式）
3, pinpointed
v. 指出正确的位置；准确地找到（pinpoint的过去分词）
4, sabotage ['sæbətɑ:ʒ, ,sæbə'tɑ:ʒ]
vt. 妨害；对…采取破坏行动
vi. 从事破坏活动
n. 破坏；破坏活动；怠工
5, penetration [,peni'treiʃən]
n. 渗透；突破；侵入；洞察力
6, implantation [,implɑ:n'teiʃən, -plæn-]
n. 移植；灌输；鼓吹
7, vigilance ['vidʒiləns]
n. 警戒，警觉；警醒症

Continue reading it-e-61 Computer Security

数据库同步--可别忘记了

26 Jul 2011 in 数据库 on jdbc, 数据库

对于数据库同步，使用者往往将注意力放在了事务上，但是可别忘记了数据库操作方法的同步性。

JDBC中:setAutoCommit(boolean autoCommit)这个方法可不是什么同步方法，如果一个connection被多个线程使用，这种方式就达不到同步的要求。因为说不定哪个线程马上又调用setAutoCommit。

保持同步的方法是：保证connection只被一个线程使用:

1:使用ThreadLocal(HibernateSessionFactory的方法,ibatis的SqlMapClient内部也是使用了ThreadLocal,所以你可以放心使用单例的SqlMapClient,它是线程安全的)。

2：使用连接池获取connection，用完后关闭。

3：在一个操作内使用同步块。

Continue reading 数据库同步--可别忘记了

tomcat jndi数据源--麻烦？

26 Jul 2011 in java on jndi, tomcat

不知为什么Tomcat配置jndi数据源要这么麻烦，其原因是path这个属性，指定为空字符串表示是默认的应用而不是指全部应用。所以你无法多个应用共用一个jndi资源。后来再仔细看看文档，原来放在$CATALINA_HOME/conf/context.xml中的配置才可以“共享”(这事就不要设置path了)。误导误导！！！

Continue reading tomcat jndi数据源--麻烦？