interfaces

http://www.tutorialspoint.com/java/java_interfaces.htm

 an interface is different from a class in several ways, including:

  • You cannot instantiate an interface.
  • An interface does not contain any constructors.
  • All of the methods in an interface are abstract.
  • An interface cannot contain instance fields. The only fields that can appear in an interface must be declared both static and final.
  • An interface is not extended by a class; it is implemented by a class.
  • An interface can extend multiple interfaces.

When overriding methods defined in interfaces there are several rules to be followed:

  • Checked exceptions should not be declared on implementation methods other than the ones declared by the interface method or subclasses of those declared by the interface method.
  • The signature of the interface method and the same return type or subtype should be maintained when overriding the methods.
  • An implementation class itself can be abstract and if so interface methods need not be implemented.

When implementation interfaces there are several rules:

  • A class can extend only one class, but implement many interfaces.
  • An interface can extend another interface, similarly to the way that a class can extend another class.

Extending Multiple Interfaces:

public interface Hockey extends Sports, Event

Tagging Interfaces:

public interface EventListener
{}

An interface with no methods in it is referred to as a tagging interface. There are two basic design purposes of tagging interfaces:

Creates a common parent: As with the EventListener interface, which is extended by dozens of other interfaces in the Java API, you can use a tagging interface to create a common parent among a group of interfaces. For example, when an interface extends EventListener, the JVM knows that this particular interface is going to be used in an event delegation scenario.

Adds a data type to a class: This situation is where the term tagging comes from. A class that implements a tagging interface does not need to define any methods (since the interface does not have any), but the class becomes an interface type through polymorphism.

thread in java

why “implements runnable” is preferred than “extends thread”

implements Runnable is the preferred way to do it, IMO. You’re not really specialising the thread’s behaviour. You’re just giving it something to run. That means composition is the philosophically “purer” way to go.

In practical terms, it means you can implement Runnable and extend from another class as well.

http://stackoverflow.com/questions/541487/implements-runnable-vs-extends-thread

Two ways for Threads

http://docs.oracle.com/javase/7/docs/api/java/lang/Thread.html

class PrimeThread extends Thread {
   @override
   public void run() {
   }
}
new PrimeThread().start();

 class PrimeRun implements Runnable {
    public void run() {
    }
}
new Thread(new PrimeRun()).start()

XSS

http://www.dotblogs.com.tw/tsxz2009/archive/2013/05/07/103080.aspx

比如有些网站后端没处理好,允许加script
象comment什么的,每次load这个comment,就可以embed一个script,然后获取用户的信息
XSS enables attackers to inject client-side script into Web pages viewed by other users.
The expression “cross-site scripting” originally referred to the act of loading the attacked, third-party web application from an unrelated attack site, in a manner that executes a fragment of JavaScript prepared by the attacker in the security context of the targeted domain (a reflected or non-persistent XSS vulnerability).

http://en.wikipedia.org/wiki/Cross-site_scripting

为什么叫cross site?

是因为那个script本来是不属于被攻击的那个site

prevention:

1) encode input, when needed to display, decode it

2) validate untrusted html input: sanitize the parameter

3) One example is the use of additional security controls when handling cookie-based user authentication. Many web applications rely on session cookies for authentication between individual HTTP requests, and because client-side scripts generally have access to these cookies, simple XSS exploits can steal these cookies.[24] To mitigate this particular threat (though not the XSS problem in general), many web applications tie session cookies to the IP address of the user who originally logged in, and only permit that IP to use that cookie.

4) disable scripts if the website does not have scripts

http://lifeiskuso.blogspot.com/2009/08/cross-site-scripting-xss.html

Cross-Site Scripting中文譯為「跨站腳本攻擊」,簡稱XSS。此乃是駭客利用網站上允許使用者輸入字元或字串的欄位插入HTML與Script語言,造成其 他正常使用者在觀看網頁的同時,瀏覽器會主動下載並執行部份惡意的程式碼,或被暗地裡導入到惡意的網站,而受到某種型態的影響。

http://www.baike.com/wiki/%E9%98%B2%E8%8C%83XSS%E8%B7%A8%E7%AB%99%E5%BC%8F%E8%84%9A%E6%9C%AC%E6%94%BB%E5%87%BB

sed

Imagine you have a large file ( txt, php, html, anything ) and you want to replace all the words “ugly” with “beautiful”

This is the command:

CODE
$ sed -i ‘s/ugly/beautiful/g’ /home/bruno/old-friends/sue.txt

“sed” edits “-i in place ( on the spot ) and replaces the word “ugly with “beautiful” in the file “/home/bruno/old-friends/sue.txt”

do this for all files under a certain directory

CODE
$ find /home/bruno/old-friends -type f -exec sed -i ‘s/ugly/beautiful/g’ {} \;