Thursday, October 11, 2012

How Does the Server Certificate SSL Work?


The Secure Socket Layer (SSL) is the standard security transportation protocol for establishing an encrypted communication between the client and the server. It addresses two use cases: server certificate and client certificate. The following diagram simply illustrates the interaction between the client and the server for the server certificate SSL enabled communication.  


Tuesday, August 21, 2012

How to Create JDBC Connection Pools and Data Resources By SID and Service Name in Oracle WebLogic Server 10.3.5

We known the difference between Oracle Database SID and ServiceName. In short, SID = the unique name of your Oracle Database instance; ServiceName = the alias name to your Oracle Database instance. You can use either of them to create  JDBC Connection Pools and Data Resources in Oracle WebLogic Server 10.3.5. Most product user guides do not cover one of them. You need to figure out by yourself if  your TNSNAMES does not define SID or SERVICE_NAME you need.

My operating environment is
  • Microsoft Windows Server 2008
  • Oracle WebLogic Server 10.3.5
  • Oracle Database 11.2.0.2g
For instructions on how to start and stop your Oracle WebLogic Server, see Starting and Stopping Servers: Quick Reference at http://download.oracle.com/docs/cd/E14571_01/wls.htm.
 
Connect Oracle Database using SID
1. Launch the Oracle WebLogic Server Administration Console
2. Log in using the user name /password configured, by default weblogic/welcome1
3. On the left panel, under Domain Structure, expand Services, click JDBC, and then
choose Data Sources.
4. To create a new JDBC Data Source click New at the bottom of the right panel. Settings for a new JDBC Data Source appears in the right panel of the page.
    In the Name field, type YourDataSource.
    In the JNDI Name field, type jdbc/YourDataSource.
    In the Database Type drop-down list, choose Oracle
    In the Database Driver drop-down list, choose the appropriate driver:
              Oracle’s Driver (Thin XA) for Instance Connections; Versions: 9.0.1; 9.2.0; 10, 11.
5. Click Next. Connection Properties appears on the Create a New JDBC Data Source panel. Use
it to define the connection properties.
    In the Database Name field, your Oracle Database SID
    In the Host Name field, type the name or the IP address of the database server (for example: localhost)
    In the Port field, type the port on the database server that is used to connect to the
database (for example: 1521, the default for Oracle).
    In the Database User Name field, type the database account user name you want
to use to create database connections (for example: root).
    In the Password field, type a password for your database account to use to create database connections.
    In the Confirm Password field, re-type the password to confirm it.
6. Click Next.
The Settings for YourDataSource page appears in the right panel.
7. Click the Connection Pool tab, click Test Configuration, and then click Next.
Select Targets appears on the Create a New JDBC Data Source page in the right panel. Here you select one or more targets to deploy the new JDBC data source.
8. In the Servers check list, select one or more target servers and click Finish.

Connect Oracle Database using SERVICE_NAME
Follow the same steps excepts the following different settings:
4. In the Database Driver drop-down list, choose the appropriate driver:
    Oracle’s Driver (Thin XA) for Service Connections; Versions: 9.0.1; 9.2.0; 10, 11.
5. In the Database Name field, your Oracle Database SERVICE_NAME

Sunday, August 19, 2012

What Happens When You Type in a website URL such as www.amazon.com or www.google.com into Your Browser and Press ‘Enter’?

This article explains  how web applications work and what technologies are involved in high level.

When you type www.amazon.com/www.google.com into your browser and press ‘Enter’, it invokes a series of operations and executes a sequence of information exchanges using standard communication and application protocols within your web browser and across the internet and an Amazon/Google web server where the website www.amazon.com//www.google.com  is hosted.

At the high level, your web browser client connects to the Amazon/Google web server over the internet, requests the Amazon/Google home page by sending the HTTP request to the server.  The Amazon/Google web server receives the HTTP request, locates the resource that is requested, processes it to build the Amazon/Google dynamic home page, constructs a HTTP response, and sends the response back to your browser. Your browser interprets received content and displays it on your browser screen.

The communications between your browser and the Amazon/Google web server can be divided into four layers: HTTP application protocol layer, TCP transmission control protocol layer, IP internet protocol layer and hardware Ethernet layer. Let’s consider the technical details of each procedure:

In order for your browser to contact the Amazon/Google web server, it needs to translate the www.amazon.com/www.google.com host name into the IP address by looking it up in your local DNS cache or querying your ISP’s DNS server configured using  TCP or UDP over the internet.

After the Amazon/Google IP address is resolved, the browser connects to the Amazon/Google web server via the TCP reliable transmission protocol at that IP address using the default HTTP listen port 80. The Amazon/Google is providing a cluster of the Amazon/Google web servers in order for high scalability and high availability, the Amazon/Google web server load balancer is used to deliver the connection request to the specific Amazon/Google web server. 

Once the TCP connection is successfully established between your browser and the Amazon/Google web server, your browser sends the following HTTP GET message to the server:
               GET / HTTP/1.1[CRLF]
               Host: www.amazon.com[CRLF]
               User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9)Firefox/3.0[CRLF]
               Accept-Charset: ISO-8859-1,UTF-8;q=0.7,*;q=0.7[CRLF]
               …..
      It is noted that cookies may be sent from your browser to the Amazon/Google web server with the HTTP GET request if the Amazon/Google web server has been visited and the cookie is not cleaned up.

      The Amazon/Google web server receives the HTTP GET request, and creates a session for this very first HTTP request. The Amazon/Google web server is a fully-distributed, decentralized multi-tiered web application. Its web tier that implements servlet server side web technology converts the HTTP request to the HTTPServletRequest. The HTTPServletRequest is delivered to the web components which can interact with the business components or the database components to generate dynamic content.  The web components provide dynamic extension capabilities for the web server to process servlets, JSP pages or web service endpoints. The business components perform business logic. The database components retrieve data from the data warehouse for dynamic content.  The requested resources include files, images, etc.

      The web components then create an HTTPServletResponse, convert it to the following HTTP response message, and send it back to your browser:
            Status: HTTP/1.1 200 OK
            Date: Tue, 05 Jun 2012 03:53:32 GMT
            Server: Server
            pragma:  no-cache
            cache-control: no-cache
            Content-Type: text/html; charset=ISO-8859-1
            Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue,                  01-Jan-2036 08:00:01 GMT
            Transfer-Encoding: chunked
            …..
             Content:
               “<html>
               <head>
            <script type="text/javascript">var ue_t0=ue_t0||+new Date();
               <script>var BtechCF={a:2,cf:function(){if(--BtechCF.a == 0){uet('cf');}}};
                 <script type="text/javascript">
                    new Image().src = "http://g-ecx.images-amazon.com/images/G/01/...";
                    new Image().src = "http://g-ecx.images-amazon.com/images/G/01/...";
               …..
               </html>”

      Depending on the Amazon/Google web server implementation, generally speaking, the servlet is a Java programming language class that dynamically process requests and construct responses. JSP page is a text-based document that executes as servlets but allow a more natural approach to creating both static and dynamic content. Many other web technologies, including ASP, JSF, HTML, DHTML, CSS, AJAX, JSON, PHP, CGI, XML, JavaScript, RSS, etc., can be used to implement the Amazon/Google web pages. Web components are supported by the services of a run time platform called - web container. A web container provides services such as request dispatching, security, concurrency, and life-cycle management.

      The above HTTP response is sent back to your browser by the Amazon/Google web server.  The browser rendering engine parses the HTML document and the tags to DOM nodes in a tree called the "content tree". It will parse the style data, both in external CSS files and in style elements. The styling information together with the visual instructions in HTML will be used to create another tree - the render tree. Then it goes through the layout and painting processes to display the content on the browser screen. Sometimes, the Amazon/Google web page contains links to files that your browser can not display or play, such as sound, animation files. In that case, you need to install a plug-in application in your browser.

In the end, a couple of additional important things you need to be aware of during the procedures described above. 

      The Amazon/Google web server sends a cookie in the HTTP header with the HTTP response to your browser. Refer to the Set-cookie header line in the above HTTP response message. The Amazon stores the following information in the cookie:  a main user Id, Id for each session, the time session started on your machine. The Amazon also uses cookie to implement the shopping cart.

     The Amazon/Google web home page includes AJAX JavaScript to allow the parts of the page to be updated asynchronously by exchanging small amounts of data with the Amazon web server.    
              
     The HTTP application protocol used for retrieving the web pages is connectionless. Your web browser client opens a connection and sends a HTTP request message to a HTTP server; the server then returns a HTTP response message, usually containing the resources requested. After delivering the response, the server closes the connection. HTTP is stateless. This is a direct result of the HTTP being connectionless.  The server and the client are aware of each other only during request. As a work-around, HTTP servers implement various session management methods, utilizing identifiers in cookie to track the requests originating from the same client. 

Saturday, August 18, 2012

A Bug Identified in Oracle Healthcare MPI Installer

I failed to install Oracle Healthcare MPI product on the guest Red Hat Linux using Oracle JDK 1.7.0. The error reports:

"The installer could not find a compatible JDK installation. The minimum required version is 1.6.0. Specify JDK folder manually."

Once I switch to JDK 1.6.0 with update 34, it works. Obviously it is a buy in the installer. If it means that the minimum required version is 1.6.0, the installer shall work with JDK 1.7.0.  A simple logic is

                                            [The chosen JDK version] >= 1.6.0
  
But the installer coded actually works with the maximum required version 1.6.0. The fix is really simple. This type of simple mistake is made unexpectedly. 

Troubleshooting: cannot restore segment prot after reloc: Permission denied

After I installed JDK 1.7.0 (build 1.7.0-v147) on the guest Red Hat Linux 5.8 in the Oracle VirtualBox, I see the following error:

~/jdk1.7.0/jre/lib/i386/client/libjvm.so: cannot restore segment prot after reloc: Permission denies

After research, found out that the error is caused by my Red Hat Linux settings. Running the following command to fix the problem:

$chcon -t textrel_shlib_t  ~/jdk1.7.0/jre/lib/i386/client/libjvm.so

chcon is the command to change the security context of each FILE to CONTEXT.

How To Access Windows Host Folders From Redhat Linux Guest in Oracle VirtualBox


After you install a new virtual machine and install a guest operating system, how do you access files/folders from your host from guest? There are two basic approaches, ftp or folder sharing. Here is to address the folder sharing approach.
  
This guide is for the following environment:
  • Windows 7 Host Platform
  • Oracle VirtualBox 4.1.7
  • Red Hat Enterprise Linux 5.8 Server (x86) Guest Platform   
You just need to follow the three steps:

1. Set shared folder
From the VirtualBox menu  click Devices->Shared Folders ...

2. Install Guest Additions
From the VirtualBox menu  click Devices->Install Guest Additions ...

3. Mount windows shared folders in Red Hat Linux
    3.1 Create a mount point using the following command
          sudo mkdir /mnt/shared-folder
    3.2 Mount the shared folders using the following command
          sudo mount -t vboxsf shared-folder /mnt/shared-folder

Note: If you work on the VMware, you still need three steps. to mount windows shared folders, do the command:
          sudo mount -t vmhgfs .host:/Share /mnt/share  

Wednesday, January 21, 2009

Healthcare: E-Prescribing

What is E-Prescribing?
In general, E-prescribing is an electronic way to send an accurate, error-free and understandable prescription directly to a pharmacy from the point-of-care. It’s been described as the solution to improve patient safety and reducing sky-rocketing medication costs.

Adoption History
Based on HIMSS source, 7,000 Americans die and 1.5 million Americans are injured yearly and the cost of errors is $2 billion per year. Physicians write more than 4.5 billion prescriptions each year. Only 20% of prescriptions are prescribed electronically; 80% are handwritten.

On November 7, 2005, Medicare and Medicaid Service (CMS) published foundation standard of e-prescribing under Part D of the MMA.

On January, 1, 2006, the standards became effective.

On April, 2, 2008, the final e-prescribing rule was released by the Federal Register.

Beginning January 1, 2009, CMS will offer physician payment incentives of 2 percent for using e-prescribing in 2009 and 2010.

After May 2009, MMA will result in greater support for e-prescribing. But this does not mean that e-prescribing is required and will become the most common approach. And Most information about e-prescribing can be obtained from

Healthcare Information and Management System Society (HIMSS) http://www.himss.org/ASP/index.asp

National ePrescribing Patient Safety Initiative (NEPSI)
http://www.nationalerx.com/

E-Prescribing in China
HL7 China was formed in 2006, and e-prescribing has been adopted widely in major cities, e.g., Shanghai, Beijing. 90% of the grade-three hospitals has adopted e-prescribing systems based on the news. http://www.hl7china.com.cn/.

In this merging market, lots of software vendors are there already. Most of them just started a couple of years ago. Recently I spent lots of time thinking about what still can be done and debating with a physician from a different way of thinking. I would not post a lot of details technically, but basically I think that there are lots of new development opportunities we can do with e-prescribing. There is no winner yet. The best product with the right business model, right execution, right persons, high quality will win in the end.

How Does the Server Certificate SSL Work?

The Secure Socket Layer (SSL) is the standard security transportation protocol for establishing an encrypted communication between the clie...