I am going to create a series of blogs on the security and type of attack. Here is just a heads-up.

Cyber Security:

Today’s world cybersecurity involves protecting financial and non financial information and systems from major cyberthreats, such as cyber terrorism, cyber warfare, and cyber espionage.

In their most disruptive form, cyberthreats take aim at secret, political, military, or infrastructural assets of a institution, nation, or its people. Cybersecurity is critical part of any institutions’ security strategy.

Cyber Terrorism

Cyber terrorism, which involves crimes of terrorism that occur electronically. These crimes occur against individuals, businesses, organizations, and against the government itself.

Our lives are accessible electronically now, from our social details on a job application, to our bank account, to medical records and more.

With the greater convenience of using technology, we trade off some degree of security since it’s very difficult to stop every instance of cyber terrorism. Consider for a moment, how much of our own private information could a hacker potentially find online about our life? Who or what protects us against theft or other crimes related to our personal data?

Cyber Espionage

Cyber spying is the act of engaging in an attack or series of attacks that let an unauthorized user or users view classified/protected material.

These attacks are often subtle, amounting to nothing more than an unnoticed bit of code or process running in the background of a mainframe or personal workstation, and the target is usually a personal, institution or government entity.

The goal is typically to acquire intellectual property or government secrets. Attacks can be motivated by greed or profit, and can be used in conjunction with a military operation or as an act of terrorism. Consequences can range from loss of competitive advantage to loss of materials, data, infrastructure, or loss of life.

Cyber espionage is very common and prominent also. Current attacks of WannaCry, Petya are recent attacks which infected millions of devices across the world. Let’s understand some of the attack type which can cause damage to any institution, country and individuals.

Cyber Attack:

A cyberattack is deliberate exploitation of computer systems, technology-dependent enterprises and networks. Cyberattack uses malicious code to alter computer code, logic or data, resulting in disruptive consequences that can compromise data and lead to cybercrimes, such as information and identity theft.

Cyberattacks may include the following consequences:

  1. Identity theft, fraud, extortion
  2. Malware, pharming, phishing, spamming, spoofing, spyware, Trojans and viruses
  3. Stolen hardware, such as laptops or mobile devices
  4. Denial-of-service and distributed denial-of-service attacks
  5. Breach of access
  6. Password sniffing
  7. System infiltration
  8. Website defacement
  9. Private and public Web browser exploits
  10. Instant messaging abuse
  11. Intellectual property (IP) theft or unauthorized access

It is not limited to above list, but it can be much more than this. On daily basis hackers uses far more advance technologies and methods than what we think normally.

Mainly there are two main categories of attacks which cause damage.

  1. Internal Attacks
  2. External Attacks

These attacks may be active and passive in nature. Active attacks is deliberate exploitation in which hacker attempts to make changes to data on target or Enroute to target. Passive attacks is a network attack in which system is monitored and scanned for vulnerabilities like open ports, week passwords etc.

In the next few articles I will discuss more on the approx 50 different type of attacks.

To be continued….

This post is the first in series of JPA performance tips.

The tips are result of my working with JPA and facing issues which are not documented.

These are non-obvious performance pitfalls which if you do not take care from beginning may result in lot of rework or worse non resolvable issues making you grin and bear.

So, please use my experience and build your systems correctly from the beginning.

Surrogate key: The surrogate key is the primary key with no business meaning. Generally the surrogate key type of primary key is of two types:

  • Usually generated with database sequence (but not always)
  • GUID generator.

The primary key generated with sequence is of type  Number (translating to long in java).We will discuss how a ‘long’ type of primary key can improve the performance in a database.

Let us take an  example tables

‘Person’ : contains the details of a person

‘Person_phones’ : One or more phones for a user

The Person entity class is created as follows

@Entity
public class Person {

@Id
private String id;

@OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER, mappedBy = "person")
private Set<Person_phones> phones = new HashSet<Person_phones>();

private String firstName;
private String lastName;
private String type;

The Person_phones class is:

@Entity
public class Person_phones {

@Id
private String id;

private String phoneNumber;

@ManyToOne
@JoinColumn(name="person", referencedColumnName="id")
private Person person;

 

To create the person and person phone following code snippet is given. The id in both person and person_phone table is assigned using setter methods.

@Transactional
public String create(String firstName, String lastName, String type)
{
Person per = new Person();
per.setId("3093");
per.setFirstName(firstName);
per.setLastName(lastName);
per.setType(type);

Person_phones phone = new Person_phones("9873692304", per);
phone.setId("firstPhone");

Person newPer = persRepository.save(per);
System.out.println("New ID: " + newPer.getId());

return "success";
}

 

Here the CRUD operations are performed using the CRUDRepository interface provided by spring.

If we run the code with show_sql true lets see the output

<!– HTML generated using hilite.me –>

Hibernate: select person0_.id as id1_1_1_, person0_.first_name as first_na2_1_1_, person0_.last_name as last_nam3_1_1_, person0_.type as type4_1_1_, phones1_.person as person3_1_3_, phones1_.id as id1_2_3_, phones1_.id as id1_2_0_, phones1_.person as person3_2_0_, phones1_.phone_number as phone_nu2_2_0_ from person person0_ left outer join person_phones phones1_ on person0_.id=phones1_.person where person0_.id=?
Hibernate: insert into person (id, first_name, last_name, type) values (null, ?, ?, ?)
Hibernate: select person_pho0_.id as id1_2_0_, person_pho0_.person as person3_2_0_, person_pho0_.phone_number as phone_nu2_2_0_ from person_phones person_pho0_ where person_pho0_.id=?

Hibernate: insert into person_phones (person, phone_number, id) values (?, ?, ?)

 

We see that there is a Select query before an insert !!!!!

Now if the person and person_phone contains millions of records, consider the cost of one extra select query. But the point to explore is why did this happen ??

For getting the answer, we need to go into the code of CRUDRepository by Spring. When we call the repository.save() the control goes to the following class and code snippet

@Transactional(readOnly = true)
public class SimpleJpaRepository<T, ID extends Serializable> implements JpaRepository<T, ID>,
JpaSpecificationExecutor<T> {

@Transactional
public <S extends T> S save(S entity) {

if (entityInformation.isNew(entity)) {
em.persist(entity);
return entity;
} else {
return em.merge(entity);
}
}

 

The entityInformation.isNew(s entity), checks the primary key type. if the primary key type is primitive, i.e. long, int etc it returns true and e.persist is called.

In case pf PK being String the String (as in our case)  or any other class (as in composite key) the  entityInformation.isNew(s entity) returns false and em.merge() called.

In case of em.merge(), the hibernate checks if the entity is already existing by making the select query. Hence we get select query in above example.

if the  primary key is primitive and surrogate (generation type auto, sequence or table) i.e. the not the application data, the em.new() is called and  and there is only insert query saving on valuable IO.

Conclusion: Always have surrogate keys for all tables. The relationship (oneToMany, manyToOne) can be maintained outside the primary  keys.  The non-primitive primary keys and composite keys will have a performance impact while inserting new rows.

This article can also be viewed at https://bootcamptechblog.wordpress.com/2015/09/25/jpa-performance-tip-1-surrogate-keys/