Java – Santhosh Ponnam

Another Log4j Bug – DoS

December 20, 2021December 22, 2021 Santhosh Ponnam

Denial of Service (DoS) which is another Log4J Bug reported over the last couple of days after the fix for JNDI is provided. Apache Issues Fix and the new Log4j vulnerability is similar to Log4Shell but this DoS flaw has to do with Context Map lookups. Apache released another patch version 2.17.0 to address the…

Read More “Another Log4j Bug – DoS” »

Java

Log4j Vulnerability / Version Upgrade to 2.16.0 by Apache Team

December 14, 2021December 22, 2021 Santhosh Ponnam

A new version of Log4j with 2.16.0 has been released to address the JNDI issue to further prevent the CVE-2021-44228 permanently. While release 2.15.0 removed the ability to resolve Lookups and log messages and addressed issues with how JNDI is accessed, the Log4j team feels that having JNDI enabled by default introduces an undue risk…

Java

Fixing Log4j Vulnerability

December 11, 2021December 13, 2021 Santhosh Ponnam

The easiest way to remediate this is to update to log4j version 2.15.0 or later, as this behavior is now disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting the system property log4j2.formatMsgNoLookups to true by adding the following Java parameter: -Dlog4j2.formatMsgNoLookups=true Alternatively, you can mitigate this vulnerability by removing…

Java, Spring Boot

Log4J (RCE) Vulnerability

December 11, 2021December 13, 2021 Santhosh Ponnam

What is the Log4J Vulnerability (CVE-2021-44228 vulnerability) which is creating a panic over java based applications? Lets quickly start with what it is and the remediation’s to fix it on various versions. CVE-2021-44228 is a vulnerability classified under the highest severity mark, i.e. 10 out of 10. It allows an attacker to execute arbitrary code…

Read More “Log4J (RCE) Vulnerability” »

Java

Why to have a private constructor?

August 13, 2018September 1, 2021 Santhosh Ponnam

In Java, it is possible to have a private constructor. When and why should we use private constructor is explained in detail below. Defining a constructor with the private modifier says that only the native class (as in the class in which the private constructor is defined) is allowed to create an instance of the…

Java

hashCode and equals methods in java

November 2, 2016August 12, 2021 Santhosh Ponnam

Usage of hashCode() and equals()hashCode() method returns integer for a given object. This integer is used for determining the bucket location, when this object needs to be stored in some HashTable like data structure. By default, Object’s hashCode() method returns an integer representation of memory address where object is stored. equals() method is used to…

Java

Unique Random ‘N’ digit Number generator

August 12, 2016August 13, 2021 Santhosh Ponnam

package com.santhosh.random;

import java.util.Random;

import org.apache.commons.lang3.StringUtils;

public class SequenceGenerator {
    private final Random random;

    public SequenceGenerator() {
        random = new Random();
    }

    /**
     * Returns a pseudo-random integer between 0 and n-1.
     *
     * @see Random#nextInt(int)
     */
    public int nextInt(int n) {
        return random.nextInt(n);
    }

    public static void main(String[] args) {
        SequenceGenerator g = new SequenceGenerator();
        String result = StringUtils.leftPad(String.valueOf(g.nextInt(99999)),
                5, '0');
        System.out.println(result);
    }
}

Java

Setting Environment Variables in Windows

August 2, 2016August 12, 2021 Santhosh Ponnam

Why do I need to set JAVA_HOME? Many Java based programs like Tomcat require JAVA_HOME to be set as environment variable to work correctly. Please note JAVA_HOME should point to a JDK directory not a JRE one. The point of setting the environment variable is to let programs know in which directory executables like javac can be…

Java