Retrieving the dimensions of an image file is a pretty common requirement for a web application. My current project is no exception, and needed to run a validation on uploaded images to ensure their width and height are not too big.
First, I tasked myself with learning to use the javax.imageio api to read through the metadata of an image file. Although this was doable... it was cumbersome. If all you'd like to do is find the image dimensions, you need to iterate through an awful lot of irrelevant information just to find it. After about 80 lines of code, I decided that was not the way to go.
The solution was this:
Image img = new ImageIcon("C:\\prototype.jpg").getImage();
System.out.println("width is "+ img.getWidth(null) );
System.out.println("height is "+ img.getHeight(null) );
Wow. Three lines of code. I think we've got a winner. You'll only need two imports to make this happen:
import java.awt.Image;
import javax.swing.ImageIcon;
This does, obviously, depend on you having the file written to local disk. If you don't (perhaps the file has come through the HTTP Request and is only in RAM), then I'd suggest writing it to the system's temporary file directory, so that you may get the dimensions while it's on the file system, but it will be deleted later. You may get the system's temporary directory like this:
String tempDir = System.getProperty("java.io.tmpdir");
Good luck. =)
Monday, July 27, 2009
Thursday, May 21, 2009
WebScarab and WebGoat - learning security!
Application Development: the funnest job in the world, right? But how do you feel about that fun when early in your career you first encounter the classic adage: "80% of your code will run only 20% of the time?" Bullet-proofing your code can be a real buzz kill for the wonder lusted developer.
Well fret no more. Securing an application isn't a tedious bore - it's an opportunity to step into the exciting shoes of a web hacker/cracker and have yourself a truly fun learning experience. I've spent the last two days using WebScarab and WebGoat, both open and free software provided by OWASP, as reliable (and awesome) learning tools to hack legitimate applications:
Enough gab Here's the deal:
WebGoat:
This is a well designed application that is built to contain vulnerabilities on purpose. It is ready for you to do some Cross Site scripting and other common hacks on it, and feel the thrill of hacking into a system! It downloads and runs on its own servlet container right out of the box.
->Download here: http://code.google.com/p/webgoat/downloads/list
->Install Instructions here: http://www.owasp.org/index.php/WebGoat_Installation
At this time, version 5.2 is the latest release. Download the zip, run the batch file, and access the app at your localhost domain, running on either port 80 or 8080 depending on which batch file you ran. It's that easy. Linux users may want to check out the documentation I just linked above.
WebScarab:
This is a tool which will intercept your outgoing HTTP Requests and incoming HTTP Responses, giving you a chance to change them any way you like as you go. You just filled in a username and password? Let's see what happens when you decide to add onto the request a cookie that you stole from someone else's session, logging you in as them...
->Download here: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download
I am failling to find good instructions for this tool, but it's not hard to figure out. It's most compatible with firefox, so don't waste your time with IE. Simply change your firefox proxy settings to point to localhost, port 8008 (and remember to clear out the NO PROXY FOR field!!), fire up WebScarab, and click the "intercept requests" checkbox within WebScarab. WebScarab will act as a proxy, but if you use a proxy to the internet anyhow, then you'll need to tell WebScarab which proxy to forward to... Simply click the Proxies toolbar at the top of WebScarab and punch in your proxy server address. Port 3128 is pretty standard for a proxy.
Have fun guys
Well fret no more. Securing an application isn't a tedious bore - it's an opportunity to step into the exciting shoes of a web hacker/cracker and have yourself a truly fun learning experience. I've spent the last two days using WebScarab and WebGoat, both open and free software provided by OWASP, as reliable (and awesome) learning tools to hack legitimate applications:
- Tamper with request parameters on the fly
- Embed Cross Site Scripting (XSS) attacks and Injection attacks to hijack sessions and elevate application authorization (make me an admin, please... woot. )
- Manipulate requests to take advantage of vulnerabilities in Web Services.
Enough gab Here's the deal:
WebGoat:
This is a well designed application that is built to contain vulnerabilities on purpose. It is ready for you to do some Cross Site scripting and other common hacks on it, and feel the thrill of hacking into a system! It downloads and runs on its own servlet container right out of the box.
->Download here: http://code.google.com/p/webgoat/downloads/list
->Install Instructions here: http://www.owasp.org/index.php/WebGoat_Installation
At this time, version 5.2 is the latest release. Download the zip, run the batch file, and access the app at your localhost domain, running on either port 80 or 8080 depending on which batch file you ran. It's that easy. Linux users may want to check out the documentation I just linked above.
WebScarab:
This is a tool which will intercept your outgoing HTTP Requests and incoming HTTP Responses, giving you a chance to change them any way you like as you go. You just filled in a username and password? Let's see what happens when you decide to add onto the request a cookie that you stole from someone else's session, logging you in as them...
->Download here: http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project#Download
I am failling to find good instructions for this tool, but it's not hard to figure out. It's most compatible with firefox, so don't waste your time with IE. Simply change your firefox proxy settings to point to localhost, port 8008 (and remember to clear out the NO PROXY FOR field!!), fire up WebScarab, and click the "intercept requests" checkbox within WebScarab. WebScarab will act as a proxy, but if you use a proxy to the internet anyhow, then you'll need to tell WebScarab which proxy to forward to... Simply click the Proxies toolbar at the top of WebScarab and punch in your proxy server address. Port 3128 is pretty standard for a proxy.
Have fun guys
Thursday, February 12, 2009
JavaFX: immature
If you're reading this now, you're one of two people:
In my web development with FreeLance Webs, my customers often desire "Flashy" and graphically intense websites, in order say to the potential customer, "We are amazing! We are serious! We know how to stun you graphically!" It's no secret that a customer won't take you serious if your website looks like a 1995 AOL Special.
This has led me to working with Adobe Flash much more than I'd ever have liked to. Ranging from full-flash sites, such as xpandinc.com, to little flash animations such as weberslandscaping.com and the animated limousine at motion-limo.com, my experiences have always been painful ones.
So when I heard about JavaFX, my interest was peeked. Can I now develop the same flashy interfaces for my customers, but with the ease of the Java environments I'm used to?
Well I don't have a conclusion yet. I intend to blog at a later date when JavaFX is a little more mature and some kinks are worked out. Here's some of the kinks I've hit so far:
- A Flash advocate, wondering what competition JavaFX might be bringing to the table
- A Java developer, looking to see how your existing skills might now make you capable of creating flash-like web RIA's.
In my web development with FreeLance Webs, my customers often desire "Flashy" and graphically intense websites, in order say to the potential customer, "We are amazing! We are serious! We know how to stun you graphically!" It's no secret that a customer won't take you serious if your website looks like a 1995 AOL Special.
This has led me to working with Adobe Flash much more than I'd ever have liked to. Ranging from full-flash sites, such as xpandinc.com, to little flash animations such as weberslandscaping.com and the animated limousine at motion-limo.com, my experiences have always been painful ones.
So when I heard about JavaFX, my interest was peeked. Can I now develop the same flashy interfaces for my customers, but with the ease of the Java environments I'm used to?
Well I don't have a conclusion yet. I intend to blog at a later date when JavaFX is a little more mature and some kinks are worked out. Here's some of the kinks I've hit so far:
- All JavaFX demos I've found so far (that work) are essentially a runnable Java download, which then runs in its own window, outside of the browser. This is not what web developers are looking for.
- JavaFX runs on your JRE plugin for your browser, and I'm hitting a lot of JavaFX demos which won't run for me. I'll get a message saying that I must download JRE 6.0, I'll then download and install the JRE, and then the JavaFX Demo will not run at all. I'll sit and watch some stupid "loading cycle" spin infinitely:
Subscribe to:
Posts (Atom)