What is JavaServer Faces?

Small overview of a Java web application framework
01 September 2017   1332

JavaServer Faces (JSF) is a framework for web applications written in Java. It serves to facilitate the development of user interfaces for Java EE-applications. Unlike other MVC frameworks that are managed by queries, the JSF approach is based on the components usage. The state of the user interface components is retained when the user requests a new page and then restores if the request is repeated. To display the data, JSP, Facelets is usually used, but JSF can be adapted to other technologies, for example XUL.

JavaServer Faces technology includes:

  • A set of APIs for representing user interface components (UI) and managing their state, processing events and validating input information, defining navigation, as well as supporting internationalization (i18n) and accessibility.
  • A special JSP tag library for expressing the JSF interface on a JSP page. In JSF 2.0, the Facelets technology is used as the view handler, which came to replace the JSP.

 

New Vulnerability to be Found in Google+

Due to this vulnerability it was possible to obtain private information of 52.5 million accounts
11 December 2018   136

Google decided to close the social network Google+ not in August 2019, but in April. The reason was another vulnerability in the API, due to which it was possible to obtain private information of 52.5 million accounts. The company plans to close the social network API until mid-March 2019.

By December 10, 2018, the following error information was published:

  • Third-party applications requesting access to profile data, because of the bug in the API, received permission to view information, even if it is hidden by privacy settings;
  • the names of users, their email addresses, information about occupation, age and other confidential information were at risk;
  • passwords, financial data and national identification numbers have not been compromised;
  • the company has no evidence that anyone has exploited the vulnerability;
  • the error was fixed within 6 days: from November 7 to November 13, 2018.
  • Google said it sends notifications to all users affected by the bug.

The previous data leak of Google+ users occurred in October 2018. Then about 500 thousand accounts were compromised. The attackers could get the names, email addresses, age, gender and occupation of users.