So this is a hard to accomplish exploit, and is really only accomplishable by first exploiting another exploit first, or by an employee with some level of trusted access, though this employee might not normally have actual database access. I do believe you should be aware of it, as it leaves open an avenue you may not be thinking of. A sample application So the first thing we need is an application that uses Flyway, let’s just use the Spring Boot Flyway Sample.

At my job we have a CIO installed policy of remediating issues found by a static analysis tool and what it finds are most targeted at finding security issues. Currently this tool is Veracode, and I don’t recommend it, it misses more problems than it finds, and what it finds, including this issue, are often false positives. Our most common issue, is CRLF (Carriage Return Line Feed) or other log injection, which we have mitigated in a custom log appender (which Veracode doesn’t recognize).

I’m going to walk you through getting mvn test running in wercker, on the new docker based api. First let’s talk about what Wercker is and why you’d want to use it. Wercker a continuous integration and deployment web application. It will all you to run any language or stack. It currently is free for both private and public repositories; I am hopeful that once it comes out of beta it will maintain reasonable pricing for small personal private projects (Most CI’s are ridiculously priced for hobby projects).

Spring with Spring Data is awesome. Seriously, I’ve never been able to throw up a full HATEOAS REST web service this fast. To start, I’ll admit my headliner lie, I’m not counting the pom.xml.

Sometimes you want to remove behavior from your code in a future version, here’s the right way to do it.

So I just recently finished reading Restful Web Services and decided I wanted to go back and play with Catalyst and REST some. The original way to create a Catalyst skeleton is to run catalyst.pl. This creates a lot of nice files to get you started. dzil new basically does the same thing for a generic cpan module. Honestly, without any plugins dzil new isn’t that useful. However, once you add Git::Init , you remove several steps from the creation of a new module and repository.

So in the tabs vs spaces war I’m squarely on the side of use tabs. tabs have meaning. tabs allow people to set there editor’s to whatever space display width their eyes are comfortable with as opposed to what yours are (e.g. you like 2 spaces I like 4). However, I’ve heard the argument what about when you cat the file, etc. Well it is actually a bit annoying… so let’s fix it.