it-e-61 Computer Security

The techniques developed to protect single computers and network-linked computer systems
from accidental or intentional harm are called computer security. Such harm includes destruction
of computer hardware and software, physical loss of data, and the deliberate invasion of
databases by unauthorized individuals.
Data may be protected by such basic methods as locking up terminals and replicating data in
other storage facilities. Most sophisticated methods include limiting data access by requiring the
user to have an encoded card or to supply an identification number or password. Such procedures
can apply to the computer-data system as whole or may be pinpointed for particular information
banks or programs. Data are frequently ranked in computer files according to degree of
Operating systems and programs may also incorporate built-in safeguards, and data may be
encoded in various ways to prevent unauthorized persons from interpreting or even copying the
material. The encoding system most widely user in the United States is the Data Encryption
Standard (DES) designed by IBM and approved for use by the National Institute of that are then
repeated several times. Very large-scale computer systems, for example, the U.S. military's
Advanced Research Project Agency Network (ARPANET), may be broken up into smaller
subsystems for security purposes, but smaller system in government and industry are more prone to
system-wide invasions. At the level of personal computers, security possibilities are fairly minimal.
Most invasions of computer systems are for international or corporate spying or sabotage,
but computer hackers may take the penetration of protected databanks as a challenge, often with

no object in mind other than accomplishing a technological feat. Of growing concern is the
deliberate implantation in computer programs of worms or viruses that, if undetected, may
progressively destroy databases and other software. Such infected programs have appeared in the
electronic bulletin boards available to computer users. Other viruses have been incorporated into
computer software sold commercially. No real protection is available against such bugs except
the vigilance of manufacturer and user.

1, invasion  [in'veiʒən]
n. 入侵,侵略;侵袭;侵犯

2, sophisticated  [sə'fistikeitid]
adj. 复杂的;精致的;久经世故的;富有经验的
v. 使变得世故;使迷惑;篡改(sophisticate的过去分词形式)
3, pinpointed 
v. 指出正确的位置;准确地找到(pinpoint的过去分词)
4, sabotage  ['sæbətɑ:ʒ, ,sæbə'tɑ:ʒ]
vt. 妨害;对…采取破坏行动
vi. 从事破坏活动
n. 破坏;破坏活动;怠工
5, penetration  [,peni'treiʃən]
n. 渗透;突破;侵入;洞察力
6, implantation  [,implɑ:n'teiʃən, -plæn-]
n. 移植;灌输;鼓吹
7, vigilance  ['vidʒiləns]
n. 警戒,警觉;警醒症

Continue reading it-e-61 Computer Security



JDBC中:setAutoCommit(boolean autoCommit)这个方法可不是什么同步方法,如果一个connection被多个线程使用,这种方式就达不到同步的要求。因为说不定哪个线程马上又调用setAutoCommit





Continue reading 数据库同步--可别忘记了

tomcat jndi数据源--麻烦?


Continue reading tomcat jndi数据源--麻烦?

opengl 编程指南笔记





Continue reading opengl 编程指南笔记

it-e-60 Secure Networks and Policies

What is a secure network? Can an Internet be made secure?[1] Although the concept of a
secure network is appealing to most users, networks cannot be classified simply as secure or not
secure because the term is not absoluteˆeach group defines the level of access that is permitted
or denied. For example, some organizations store data that is valuable. Such organizations define
a secure network to be a system prevents outsiders from accessing the organization's computers.
Other organizations need to make information available to outsiders, but prohibit outsiders from
changing the data. Such organizations may define a secure network as one that allows arbitrary
access to data, but includes mechanisms that prevent unauthorized changes. Finally, many large
organizations need a complex definition of security that allows access to selected data or services
the organization chooses to make public, while preventing access or modification of sensitive
data and services that are kept private.
Because no absolute definition of information secure exists, the first step an organization
must take to achieve a secure system is to define the organization's security policy. The policy
does not specify how to achieve protection. Instead, it states clearly and unambiguously the items
that are to be protected.

Defining an information security policy is complex. The primary complexity arises because an
information security policy cannot be separated from the security policy for computer systems
attached to the network. In particular, defining a policy for data that traverses a network does not
guarantee that data will be secure. Information security cannot prevent unauthorized users who
have accounts on the computer from obtaining a copy of the data. The policy must hold for the data
stored on disk, data communicated over a telephone line with a dialup modem, information printed
on paper, data transported on portable media such as a floppy disk, and data communicated over a
computer network.
Defining a security policy is also complicated because each organization must decide which
aspects of protection are most important, and often must compromise between security and ease
of use. For example, an organization can consider:
Data Integrity'
Data Availability'
Data Confidentiality and Privacy.



  • a. 引起兴趣的,动人的

    Continue reading it-e-60 Secure Networks and Policies

  • hibernate工程,正向还是反向?

    我用hibernate都是反向工程即先有数据库schema再生成dao,mapping file。


    这次做的项目先用的是mongodb,自己写的pojo,dal,现在要转为使用mysql,在想这回来个正向工程吧。查了一下,正向工程要先写mapping file或是在pojo上写注解,再用xdolet或者SchemaExport反向生成。想想,哎呀算了吧,看见xml就头疼!况且已经有了数据库设计的模型,转成sql很容易。最后还是决定反向工程。



    从这四种自动生成工具来看, mapping file, java file and DDL,只要知道任何一种文件,都可以得到另外两种文件, 
    1. 只有mapping file: 
    mapping file---hbm2java----java---SchemaExport----DDL 

    Continue reading hibernate工程,正向还是反向?

    it-e-59 Internet Firewall Concept

    A packet filter is often used to protect an organization's computers and networks from
    unwanted Internet traffic. The filter is placed in the router that connects the organization to the
    rest of the Internet.
    A packet filter configured to protect an organization against traffic from the rest of the
    Internet is called an Internet firewall; the term is derived from the fireproof physical boundary
    placed between two structures to prevent fire from moving between them. Like a conventional
    firewall, an Internet firewall is designed to keep problems in the Internet from spreading to an
    organization's computers.
    Firewalls are the most important security tool used to handle network connections between
    two organizations that do not trust each other. By placing a firewall on each external network
    connection, an organization can define a secure perimeter that prevents outsiders from interfering
    with the organization's computers. In particular, by limiting access to a small set of computers, a
    firewall can prevent outsiders from probing all computers in an organization or flooding the
    organization's network with unwanted traffic.

    A firewall can lower the cost of providing security. Without a firewall to prevent access,
    outsiders can send packets to arbitrary computers in an organization. Consequently, to provide
    security, an organization must make all of its computer secure. With a firewall, however, a
    manager can restrict incoming packets to a small set of computers. In the extreme case, the set
    can contain a single computer. Although computers in the set must be secure, other computers in
    the organization do not need to be. Thus, an organization can save money because it is less
    expensive to install a firewall than to make all computer systems secure.


    1, perimeter  [pə'rimitə]
    n. 周长;周界;[眼科] 视野计

    2, interfering  [,intə'fiəriŋ]
    adj. 干涉的;多管闲事的
    v. 妨碍(interfer的ing形式)

    3, arbitrary  ['ɑ:bitrəri]
    adj. [数] 任意的;武断的;专制的

    Continue reading it-e-59 Internet Firewall Concept

    it-e-58 Network Security Report

    Any one responsible for the security of a trusted network will be concerned when connecting
    it to a distrusted network. In the case of connections to the Internet this concern may be based
    largely on anecdotal evidence gleaned from widespread media coverage of security breaches. A
    closer inspection of the facts and statistics behind some of the media coverage will, however, only
    serve to deepen that concern. For example, the US National Computer Security Agency (NCSA)
    asserts that most attacks to computer systems go undetected and unreported, citing attacks made
    against 9,000 Department of Defence computers by the US Defence Information Systems Agency

    (DISA). These attacks had an 88 percent success rate and went undetected by more than 95 percent
    of the target organizations. Only 5 percent of the 5 percent that detected an attack, a mere 22 sites,
    reacted to it.
    It is noteworthy that these sites belong to the US Department of Defence (DoD) and were
    not commercial sites, which may give security less priority than the DoD.
    NCSA also quote the FBI as reporting that in more than 80 percent of FBI investigated
    computer crimes, unauthorized access was gained through the Internet.
    Putting a value on the damage done by such attacks is difficult but a 1995 survey conducted
    by Ernst & Young, a New York based accounting firm, reported that one third of businesses
    connected to the Internet reported up to 100 000 USD in financial loss over a two year period due
    to malicious acts by computer users outside the firm. A little more than two percent of connected
    companies reported losses of more than 1M USD.
    There is amazement in the computer security industry at the level of ignorance to the
    problem. To understand the risks often involves a steep learning curve and they have few real
    parallels in everyday life, for example nobody worries that a burglar will be able to trick their
    front door into opening by posting cryptic messages through the letterbox. When there is a good
    "hacker" story to report the press goes into frenzy, but the general level of awareness is still
    surprisingly low. For example, the Sunday Times which prides itself on providing accurate
    coverage of IT issues published an article recently that claimed that most businesses worry too
    much about Internet security. The article goes on to explain that encryption is all that is needed to
    be completely secure. The article focuses purely on privacy of communication and completely
    misses the possibility of an attack originating from the Internet.


    1, anecdotal  [,ænik'dəutəl]
    adj. 轶事的;轶事一样的;多轶事的

    2, glean  [ɡli:n]
    vt. 收集(资料);拾(落穗)
    vi. 收集;拾落穗
    3, breach  [bri:tʃ]
    n. 违背,违反;缺口
    vt. 违反,破坏;打破
    4, citing 
    vbl. 引用,引证,举例
    5, burglar  ['bə:ɡlə]
    n. 夜贼,窃贼
    6, cryptic  ['kriptik]
    a. 秘密的(使用密码的,意义深远的)

    Continue reading it-e-58 Network Security Report













    Struts出来的早,别人用着都好,MVC嘛,简单就是美,我认同硬道理--实际用的人多就是有道理的。struts2是基于webwork2的, MVC很好,我首先自己开发标签,(开发struts2标签见我的文章。感觉不爽。


    Struts2 Action有以下特点:
    —  Action类完全是一个POJO,因此具有很好的代码复用性。
    —  Action类无需与Servlet API耦合,因此进行单元测试非常简单。
    —  Action类的execute方法仅返回一个字符串作为处理结果,该处理结果可映射到任何的视图,甚至是另一个Action。








    Continue reading 我来谈谈web框架

    it-e-57 Internet Security

    In recent years, Internet changes our life a lot. We use e-mail and Internet phone to talk with
    our friends, we get up-to-date information through web and we do shopping in the cyber-market.
    Internet has many advantages over traditional communication channels, e.g. it's cost effective, it
    delivers information fast and it is not restricted by time and place. [1]The more people use Internet,
    the more concerns about Internet security.
    In person-to-person community, security is based on physical cues. To name but a few, we
    use our signature to authenticate ourselves; we seal letters to prevent others inspection and
    modification; we receive receipt with the shop's chop to make sure we paid; we get information
    from a reliable source. But in the Internet society, no such physical cue is available. There are
    two areas that we concern about in Internet communication. The first one is secrecyˆhow do we
    ensure no one reads the data during its transmission? The second one is authenticationˆhow do
    we be sure that the identity of someone claiming "who it is". Imagine one day you receive an

    e-mail, which the e-mail sender is "Bill Gates". How do you confirm the e-mail is actually sent
    by Bill Gates?
    Encryption is the way to solve the data security problem. In real life, if Tom wants to talk with
    Mary secretly, he can choose a room with nobody there and talk with Mary quietly, or he can talk
    with Mary using codes understandable by Tom and Mary only. We take the second approachˆ
    encryptionˆto transmit data through Internet. There are two kinds of encryption techniquesˆ
    symmetric key encryption and asymmetric key encryption.
    For symmetric key encryption, both parties should have a consensus about a secret encryption key.
    When A wants to send a message to B, A uses the secret key to encrypt the message. After receiving the
    encrypted message ,B uses the same (or derived)secret key to encrypt the message.The advantage of
    using symmetric key encryption lies in its fast encryption and decryption processes(when compared
    with asymmetric key encryption at the same security level). The disadvantages are , first, the encryption
    key must be exchanged between two parties in a secure way before sending secret messages. Secondly,
    we must use different keys with different parties. For example, if A communicates with B, C, D and E,
    A should use 4 different keys. Otherwise, B will know what A and C as well as A and D has been
    talking about. The drawbacks of symmetric key encryption make it unsuitable to be used in the Internet,
    because it's difficult to find a secure way to exchange the encryption key.
    For asymmetric key encryption, there is a pair of keys for each party: a public key and a
    private key. The public key is freely available to the public, but only the key owner gets hold of
    the private key. Messages encrypted by a public key can only be decrypted by its corresponding
    private key, and vice versa. When A sends message to B, A first gets B's public key to encrypt
    the message and sends it to A. After receiving the message, B uses his private key to decrypt the
    message. The advantage comes in the public key freely available to the public, hence free from
    any key exchange problem. The disadvantage is the slow encryption and decryption process.
    [2]Almost all encryption schemes used in the Internet uses asymmetric key encryption for
    exchanging the symmetric encryption key, and symmetric encryption for better performance.
    Asymmetric key cryptography seems to attain secrecy in data transmission, but the authentication
    problem still exists. Consider the following scenario: when A sends a message to B, A gets B's
    public key from the Internetˆbut how can A know the public key obtained actually belongs to B?
    Digital certificate emerges to solve this problem.
    Digital certificate is an identity card counterpart in the computer society. When a person
    wants to get a digital certificate, he generates his own key pair, gives the public key as well as
    some proof of his identification to the Certificate Authority (CA). CA will check the person's
    identification to assure the identity of the applicant.[3] If the applicant is really the one "who
    claims to be", CA will issue a digital certificate, with the applicant's name, e-mail address and the
    applicant's public key, which is also signed digitally with the CA's private key. When A wants to
    send B a message, instead of getting B's public key, A now has to get B's digital certificate. A
    first checks the certificate authority's signature with the CA's public key to make sure it's a
    trustworthy certificate. Then A obtain B's public key from the certificate, and uses it to encrypt

    message and sends to B.
    Authentication is an important part everyday life. The lack of strong authentication has
    inhibited the development of electronic commerce. It is still necessary for contracts, legal
    documents and official letters to be produced on paper. Strong authentication is then, a key
    requirement if the Internet is to be used for electronic commerce. Strong authentication is
    generally based on modern equivalents of the one time pad. For example tokens are used in place
    of one-time pads and are stored on smart cards or disks.
    [4] Many people pay great amounts of lip service to security, but do not want to be bothered
    with it when it gets in their way. It's important to build systems and networks in such a way that
    the user is not constantly reminded of the security system around him. Users who find security
    policies and systems too restrictive will find ways around them. Security is everybody's business,
    and only with everyone's cooperation, an intelligent policy, and consistent practices, will it be


    1, cue  [kju:]
    n. 提示,暗示;线索
    vt. 给…暗示

    2, chop  [tʃɔp]
    n. 厚肉片,排骨
    v. 剁碎,砍,切

    3, secrecy  ['si:krəsi]
    n. 保密;秘密;隐蔽

    4, symmetric  [si'metrik]
    a. 对称的
    5, asymmetric  [,eisi'metrik]
    a. 不对称的
    6, consensus  [kən'sensəs]
    n. 一致,合意,交感
    7, cryptography  [krip'tɔɡrəfi]
    n. 密码学;密码使用法

    Continue reading it-e-57 Internet Security


    Total views.

    © 2013 - 2019. All rights reserved.

    Powered by Hydejack v6.6.1