Deserializing Object colors into commands? - serialization

I've a web application CTF where in an serialized object s%3A4%3A%22BLUE%22%3B coming from the server that sets blue as background color. This object is even sent in the subsequent requests. I have to execute os commands using the serialized object. I am not sure which language the server side is using. How can i execute id command using the serialized object.
How can i execute id command using the serialized object.

Related

Garbage collection on Corba and how can a client delete an object?

I am studying CORBA and how IDL maps interfaces to different languages. I read that you can not write constructors and destructors in an IDL interface because objects are not created locally.
My question is:
How can a client delete an object if he does not specify a destructor in the IDL interface, is the server only responsible for deleting objects? Does CORBA provide a garbage collection mechanism/specification or is the language on the server side responsible to do that? If only server is responsible to delete objects how can it be sure that an object should be deleted? Pinging the client?
An e-mail replay from one of my professors:
All lifecycle management of CORBA objects is done
by the object adapter. There is no built-in garbage
collection in CORBA (except that non-persistent objects
are deactivated and removed automatically when the session expires
or hangs, or when a time limit has expired). The servant object
deregistration method deactivate_object() should be explicitly
called on the OA (in server code) to make the OA
deregister/deallocate an object properly
(after awaiting that all possibly still
running calls on that object have terminated).
For simulating remote constructor behavior, a (server-side)
factory object (another CORBA object) should be used.
For simulating remote destructor behavior, the factory
object might provide an explicit destroy method (user-level
memory management controlled by client) or implement
reference counting for garbage collection at user level
(controlled by the server). The latter is tricky
because the ordering with the servant deregistration
call to the OA (deactivate_object()) must be correct.

Intercepting object creation in RavenDb

I am trying to run some code on objects that are loaded from RavenDB, and I need to do it just after the object has been loaded with its property values.
I've tried intercepting the deserialization process using a CustomCreationConverter and overriding ReadJson, but the object I can access at that point has all the properties set, except the one I need : the Id. Is there somewhere else I can slot into the pipeline in order to do this?
The reason you don't see the Id is because it's not part of the document, it's in the metadata as #id.
If you want to intercept client side, you can register a custom Conversion Listener. Create a class that implements IDocumentConversionListener and register it with documentStore.RegisterListener(). In the DocumentToEntity method, you can run your custom logic. The documentation is lacking on Listeners in general, but there is another topic that also uses them:
http://ravendb.net/kb/16/using-optimistic-concurrency-in-real-world-scenarios
The other option would be to add a bundle that intercepts on the server side. For that, you would use a Read Trigger.

lotus.domino.Session is not serialized

I had developed a Java based Lotus Domino Email Client Application. I am saving the lotus.domino.Session object in httpsession.setAttribute for session management.we decided to deploy the application on two different servers and manage load balancing and Session Replication between the two.
Now we are facing issues while Replicating lotus.domino.Session because lotus.domino.Session is not serialized.
Kindly help me
Thanks
AFAIK, you are out of luck.
Domino objects (that is, anything in the lotus.domino package) store a link to a C API object that must be garbage collected to avoid memory leaks.
As a result, if a Domino object is serialized, it will become toxic at the end of the request in which it was stored, because its C object link will have been automatically recycled at the end of that request.
As Leyrer says, it is not possible to serialise any Domino Object as it has a C-API backend component to it which cannot be stored.
Also the Session object was never designed for connection pooling either. So even if you skip the serialisation, you may encounter other issues.
Depending on what it is you are trying to accomplish, you could create your own serialisable object with just the references you need to recreate the session and any other objects.

Better Approach for Creating Temp Object for Core Data with Restkit

In my app, I have this scenario where I need to post an object to remoter server and get an object key back and then store the object locally. I have Core data and Restkit implemented in my app.
The object value are collected from user input. I couldn't figure out a great way to prepare the object before posting it to remote server. This object is an entity of type NSManagedObject, and I don't want to store it before I get the object id from server.
I came across this which suggested to use a transient object to handle this situation. But as discussed in that thread, this causes issue with code maintenance.
Is there a better way to handle this scenario? Thanks.
Make your core data model class adhere to the RKRequestSerializable protocol.
Then when the user input is validated, create an entity as normal and set it as the params value to the RKRequest, this will send your object as the HTTP body. Look inside RKParams.m for an example.
Also set the newly created entity as the targetObject for the RKObjectLoader. That way, when your web service returns the information (like the new unique ID), it will target the new object and save the new unique ID to this object without creating a duplicate.
Clear as mud?
PS: Oh and be careful mixing autogenerated core data classes with custom code! I recommend mogen to help you not lose code each time you make a change.

Why does my WCF Service generate Array types when I explicitly set it to List?

I have been consuming a service for some time in development, and have been updating my service reference almost daily with no problems. Collection types have been set to generate as System.Collections.Generic.List in the Advanced options.
However, for no apparent reason, now when I update the Service Reference, it's generating Array types for all my collections! It is still configured to generate the List type, why is it all of a sudden going back to the Array type?? I'm using VS 2010..
Here's the answer. A code change on the service was as follows: a class was marked as Abstract, and used in another class as List<AbstractClass>. Generating the service proxy on the client machine (EVEN WITH SVCUTIL.EXE) was forcing all of my list collections to be generated as Class[] instead of List<Class>. Removing the Abstract from the Class fixed everything and I am able to generate my service proxy from within VS and from the command prompt without issue.