Saturday, December 23, 2017

Apply Border color to button on Android


Use the <stroke> element. Add this xml file in res/drawable folder as button_border.xml:



<?xml version="1.0" encoding="utf-8"?>
  <shape xmlns:android="http://schemas.android.com/apk/res/android"
    android:shape="rectangle">
    <gradient android:startColor="#FFFFFF" 
       android:endColor="#00FF00"
       android:angle="270" />
    <corners android:radius="3dp" />
    <stroke android:width="5px" android:color="#ffffff" />
 </shape>

then call this by in layout file

 
<Button
   android:id="@+id/button1"
   android:layout_width="wrap_content"
   android:layout_height="wrap_content"
   android:layout_margin="10dp"
   android:background="@drawable/button_border"
   android:text="Button" 
/>

Forcing “portrait” orientation mode for android application

Adding following code segment in AndroidManifest file for each activity, we can force the android application to work only in portrait mode.

Note: Don't apply the orientation to the application element, instead you should apply the attribute to the activity element, and you must also set configChanges as noted below.


<activity
   android:screenOrientation="portrait"
   android:configChanges="orientation|keyboardHidden">
</activity>

Monday, December 18, 2017

Java Interview Question: HashSet vs HashMap

HashSet

  1. HashSet class implements the Set interface
  2. In HashSet, we store objects(elements or values) e.g. If we have a HashSet of string elements then it could depict a set of HashSet elements: {“Hello”, “Hi”, “Bye”, “Run”}
  3. HashSet does not allow duplicate elements that mean you can not store duplicate values in HashSet.
  4. HashSet permits to have a single null value.
  5. HashSet is not synchronized which means they are not suitable for thread-safe operations until unless synchronized explicitly. 

HashMap


  1. HashMap class implements the Map interface
  2. HashMap is used for storing key & value pairs. In short, it maintains the mapping of key & value (The HashMap class is roughly equivalent to Hashtable, except that it is unsynchronized and permits nulls.) This is how you could represent HashMap elements if it has integer key and value of String type: e.g. {1->”Hello”, 2->”Hi”, 3->”Bye”, 4->”Run”}
  3. HashMap does not allow duplicate keys however it allows having duplicate values.
  4. HashMap permits single null key and any number of null values.
  5. HashMap is not synchronized which means they are not suitable for thread-safe operations until unless synchronized explicitly. 

Friday, December 15, 2017

How to handle HTTP Header related issue in Apache


By following below steps you can suppress following HTTP Header related security issues in web applications those are hosted in apache web server.
  • Web Browser XSS Protection Not Enabled
  • X-Frame option Header not set
  • X-Content-Type-Options header missing  
  • Incomplete or No Cache-control and Pragma HTTP Header Set


These issues can be handled by placing following lines in httpd.conf of apache web server.

Header set X-XSS-Protection “1; mode=block”
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
Header always append X-Frame-Options DENY
Header set X-Content-Type-Options nosniff
Header set Content-Security-Policy "default-src 'self';"



For this mod_hedaers module also need to be enabled. so uncomment the following Load Module line:

LoadModule headers_module modules/mod_headers.so


Now doing security audit test again, you can see these issues are handled properly. 

Handling HTTP Header related security issues in Tomcat 8 web applications


The following issues are the commonly occurs in security audit report of any java web applications

  • Web Browser XSS Protection Not Enabled
  • X-Frame option Header not set
  • X-Content-Type-Options header missing  
  • Incomplete or No Cache-control and Pragma HTTP Header Set

Tomcat 8 provides, support for following http header 


  • X-Frame-Options – to prevent clickjacking attack
  • X-XSS-Protection – to avoid cross-site scripting attack
  • X-Content-Type-Options – block content type sniffing
  • HSTS – add strict transport security

To utilize this option we need to follow simple steps. Just uncomment the following lines in Tomcat's web.xml files (\conf\web.xml).

<filter>
     <filter-name>HeaderSecurityFilter</filter-name> 
     <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
 </filter>
<filter-mapping>
      <filter-name>HeaderSecurityFilter</filter-name>
      <url-pattern>/*</url-pattern>
 </filter-mapping>

Remember it is not applications individual web.xml files. it is tomcat's web.xml. after uncommenting these lines. restart the tomcat and redo the security audit. you can see the issues are handled.