struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Micael <caraun...@harbornet.com>
Subject RE: [OT] Use of Static Methods
Date Thu, 10 Jul 2003 18:10:19 GMT
Richard,

I don't doubt what you say is true, but how do you know this?  Why couldn't 
the implementation of the abstract class MessageDigest not be thread-safe?

Micael


At 01:55 PM 7/10/03 -0400, you wrote:
>Jerry,
>Your methods are thread-safe. The MessageDigest.getInstance() and
>SecureRandom() calls are thread-safe too. One thing I read while reading the
>JavaDocs for SecureRandom() was:
>
>This constructor is provided for backwards compatibility. The caller is
>encouraged to use one of the alternative getInstance methods to obtain a
>SecureRandom object.
>
>You might consider changing your code to comply with this.
>
>Regards,
>
>Richard
>
>-----Original Message-----
>From: Jerry Jalenak [mailto:Jerry.Jalenak@LABONE.com]
>Sent: Thursday, July 10, 2003 10:30 AM
>To: 'Struts Users Mailing List'
>Subject: RE: [OT] Use of Static Methods
>
>
>Micael,
>
>The class is called 'Password':
>
>public class Password
>{
>         public static byte[] getEncryptedPassword(byte[] digestKey, String
>password)
>         {
>                 try
>                 {
>                         MessageDigest md =
>MessageDigest.getInstance("SHA1");
>                         md.update(digestKey);
>                         md.update(password.getBytes());
>                         return (md.digest());
>                 }
>                 catch(Exception e)
>                 {
>                         return (null);
>                 }
>         }
>
>         public static byte[] getRandomDigestKey()
>         {
>                 byte[] digestKey = new byte[12];
>
>                 SecureRandom sr = new SecureRandom();
>                 sr.nextBytes(digestKey);
>                 return (digestKey);
>         }
>
>         public static String getRandomPassword()
>         {
>                 return (RandomStringUtils.randomAlphabetic(8));
>         }
>}
>
>I am calling this using 'Password.getEncryptedPassword(digestKey,
>password)'.  I don't think I have thread issues since I'm not using instance
>variables, but I'm concerned about the use of the
>MessageDigest.getInstance() and SecureRandom calls....
>
>Thanks!
>
>Jerry Jalenak
>Team Lead, Web Publishing
>LabOne, Inc.
>10101 Renner Blvd.
>Lenexa, KS  66219
>(913) 577-1496
>
>jerry.jalenak@labone.com
>
>
>-----Original Message-----
>From: Micael [mailto:caraunltd@harbornet.com]
>Sent: Thursday, July 10, 2003 11:51 AM
>To: Struts Users Mailing List
>Subject: RE: [OT] Use of Static Methods
>
>
>Could you give us the method body again?  That is where we can see if there
>is a thread safety issue?
>
>At 07:53 AM 7/10/03 -0500, you wrote:
> >To everyone:  WOW!  Talk about opening a can of worms!  It's been quite
> >interesting reading the different viewpoints regarding the use of
> >statics
>vs
> >singletons, whether Perl is OO or not, etc. etc. etc.  It's this kind
> >of discussion that makes this list one (if not THE) best list on the
> >web.
> >
> >Ted: Thanks for answering the specific question.  As much as I've
> >enjoyed the thread, all I really wanted to know is if my approach for
> >these
>'helper'
> >methods was appropriate or not.  I'm not sure what you mean by 'whether
> >instantiating Password is an issue' - I can't think of a case where
> >instantiating any class would be an issue, so I guess I could change
> >the Password class to be a 'normal' class.  The
> >'getEncryptedPassword()' method is used by several different classes,
> >so I don't really want to make it
>part
> >of a specific class - that's one of the reasons I moved it to a
> >'helper' class and made it static.  I guess the only question I have
> >remaining is whether there is a problem with maintaining 'thread safety'
>with the use of
> >a static method....   Is there a chance that two or more users can get to
> >the method at the same time and clobber each other?
> >
> >
> >Jerry Jalenak
> >Team Lead, Web Publishing
> >LabOne, Inc.
> >10101 Renner Blvd.
> >Lenexa, KS  66219
> >(913) 577-1496
> >
> >jerry.jalenak@labone.com
> >
> >
> >-----Original Message-----
> >From: Ted Husted [mailto:husted@apache.org]
> >Sent: Wednesday, July 09, 2003 5:34 PM
> >To: Struts Users Mailing List
> >Subject: Re: [OT] Use of Static Methods
> >
> >
> >It's mainly a question of whether instantiating Password is an issue. If
> >   not, then make it a normal method.
> >
> >Ideally, getEncryptedPassword should be a method of whatever class
> >needs to call it.
> >
> >The benefit of static methods is that they can be called without
> >instantiating the class that contains them. So long as instantiation is
> >not an issue, then make it a normal method on whichever class needs to
> >use it. (Or make Password a member class of whichever classes need to
> >call it, and instantiate it when the parent class is instantiated.)
> >
> >-Ted.
> >
> >
> >Jerry Jalenak wrote:
> > > <back-from-lunch>
> > >
> > > Thanks to everyone for weighing in on this.  I certainly didn't
> > > expect
> >this
> > > type of discussion.
> > >
> > > Let me give an example of what we are trying to do, and see if this
> > > is appropriate or not.  For various reasons we have a 'roll your
> > > own' logon authentication process.  Part of the process takes the
> > > users password,
>and
> > > using a stored digest key, we encrypt it and then compare it to the
>stored
> > > (encrypted) password.  If they match, great.  If not, then we return
> > > an error.  The code that we use to do the encryption looks like the
> >following:
> > >
> > >       public static byte[] getEncryptedPassword(byte[] digestKey,
> > > String
> > > password)
> > >       {
> > >               try
> > >               {
> > >                       MessageDigest md =
> > > MessageDigest.getInstance("SHA1");
> > >                       md.update(digestKey);
> > >                       md.update(password.getBytes());
> > >                       return (md.digest());
> > >               }
> > >               catch(Exception e)
> > >               {
> > >                       return (null);
> > >               }
> > >       }
> > >
> > > The class name is 'Password', so to call this method we use
> > > something
>like
> > > 'Password.getEncryptedPassword(storedDigestKey, enteredPassword)'.
> > > Is
> >this
> > > type of method appropriate for a 'static' method?  Or should this be
> > > a singleton?  Or a normal class?
> > >
> > >
> > >
> > > Jerry Jalenak
> > > Team Lead, Web Publishing
> > > LabOne, Inc.
> > > 10101 Renner Blvd.
> > > Lenexa, KS  66219
> > > (913) 577-1496
> > >
> > > jerry.jalenak@labone.com
> > >
> > >
> > > -----Original Message-----
> > > From: Yee, Richard K,,DMDCWEST [mailto:Yeerk@osd.pentagon.mil]
> > > Sent: Wednesday, July 09, 2003 12:35 PM
> > > To: 'Struts Users Mailing List'
> > > Subject: RE: [OT] Use of Static Methods
> > >
> > >
> > > I and a lot of other developers would disagree with the statement
> > > "Static methods are evil for many reasons including philosophical
>(they're
> > > not OO) and practical (you can't override their behavior)."
> > >
> > > 1) Whenever you write a method that only accesses static data of a
>class,
> > > you should declare the method as static.
> > >
> > > 2) It is not correct to say that static methods can't be overriden.
> > > They
> >can
> > > be overridden with another static method. You can't override a
> > > static
> >method
> > > to be non-static, however.
> > >
> > > 3) There are many cases where using the static modifier on a method
> > > is totally appropriate. Typically, they are used on methods that
> > > provide a
> >very
> > > specific functionality that will never change. Using the static
> > > modifier
> >on
> > > such methods also reduces the overall memory footprint of an
>application.
> > >
> > > Regards,
> > >
> > > Richard
> > >
> > >
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: David Graham [mailto:grahamdavid1980@yahoo.com]
> > > Sent: Wednesday, July 09, 2003 9:22 AM
> > > To: Struts Users Mailing List
> > > Subject: RE: [OT] Use of Static Methods
> > >
> > >
> > >
> > >>One of my programmers asked me whether or not it is OK to define
> > >>helper methods as 'static' - and I realized that I didn't know the
> > >>answer.  So I guess the question is, in a web application, can
> > >>common code be factored out to a helper class and marked as
> > >>'static'?
> > >
> > >
> > > Static methods are evil for many reasons including philosophical
>(they're
> > > not OO) and practical (you can't override their behavior).  You
> > > should
>use
> >a
> > > Singleton class with non-static methods.
> > >
> > > Struts' RequestUtils class is a good example of why you should never
> > > use static methods.  Developers want to override their behavior but
> > > can't because everything is static.
> > >
> > > David
> > >
> > >
> > >>Are there any major problems
> > >>with
> > >>doing this?  I should know the answer, but just can't put my thumb
> > >>on it right now.... 8)
> > >>
> > >>TIA!
> > >>
> > >>Jerry Jalenak
> > >>Team Lead, Web Publishing
> > >>LabOne, Inc.
> > >>10101 Renner Blvd.
> > >>Lenexa, KS  66219
> > >>(913) 577-1496
> > >>
> > >>jerry.jalenak@labone.com
> > >>
> > >>
> > >>This transmission (and any information attached to it) may be
> > >>confidential and is intended solely for the use of the individual or
> > >>entity to which it is addressed. If you are not the intended
> > >>recipient or the person responsible for
> > >>delivering the transmission to the intended recipient, be advised that
> > >>you have
> > >>received this transmission in error and that any use, dissemination,
> > >>forwarding,
> > >>printing, or copying of this information is strictly prohibited. If you
> > >>have
> > >>received this transmission in error, please immediately notify LabOne at
> > >>the
> > >>following email address: securityincidentreporting@labone.com
> > >>
> > >>
> > >>
> > >>--------------------------------------------------------------------
> > >>-
> > >>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > >>For additional commands, e-mail: struts-user-help@jakarta.apache.org
> > >>
> > >>
> > >>--------------------------------------------------------------------
> > >>-
> > >>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > >>For additional commands, e-mail: struts-user-help@jakarta.apache.org
> > >>
> > >
> > >
> > >
> > > __________________________________
> > > Do you Yahoo!?
> > > SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
> > >
> > > --------------------------------------------------------------------
> > > -
> > > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> > >
> > > --------------------------------------------------------------------
> > > -
> > > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> > >
> > >
> > > This transmission (and any information attached to it) may be
>confidential
> >and is intended solely for the use of the individual or entity to which
> >it is addressed. If you are not the intended recipient or the person
> >responsible for delivering the transmission to the intended recipient,
> >be advised that you have received this transmission in error and that
> >any use, dissemination, forwarding, printing, or copying of this
> >information is strictly prohibited. If you have received this
> >transmission in error,
>please
> >immediately notify LabOne at the following email address:
> >securityincidentreporting@labone.com
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > > -
> > > To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> > > For additional commands, e-mail: struts-user-help@jakarta.apache.org
> > >
> > >
> >
> >
> >--
> >Ted Husted,
> >    Junit in Action  - <http://www.manning.com/massol/>,
> >    Struts in Action - <http://husted.com/struts/book.html>,
> >    JSP Site Design  -
> ><http://www.amazon.com/exec/obidos/ISBN=1861005512>.
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: struts-user-help@jakarta.apache.org
> >
> >
> >
> >---------------------------------------------------------------------
> >To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
> >For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
>
>LEGAL NOTICE
>
>This electronic mail  transmission and any accompanying documents contain
>information belonging to the sender which may be confidential and legally
>privileged.  This information is intended only for the use of the
>individual or entity to whom this electronic mail transmission was sent as
>indicated above. If you are not the intended recipient, any disclosure,
>copying, distribution, or action taken in reliance on the contents of the
>information contained in this transmission is strictly prohibited.  If you
>have received this transmission in error, please delete the message.  Thank
>you
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: struts-user-help@jakarta.apache.org



LEGAL NOTICE

This electronic mail  transmission and any accompanying documents contain 
information belonging to the sender which may be confidential and legally 
privileged.  This information is intended only for the use of the 
individual or entity to whom this electronic mail transmission was sent as 
indicated above. If you are not the intended recipient, any disclosure, 
copying, distribution, or action taken in reliance on the contents of the 
information contained in this transmission is strictly prohibited.  If you 
have received this transmission in error, please delete the message.  Thank 
you  



---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org


Mime
View raw message