File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes WEb Site aTTack Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "WEb Site aTTack" Watch "WEb Site aTTack" New topic

WEb Site aTTack

Ranch Hand

Joined: Nov 22, 2001
Posts: 110
I don't found any Material on web-site attack
tell me if someone have or someone have any idea

Muhammad Hussain<br />Sun Certified Java Programer (SCJP2)<br />Sun Certified Web Component Devloper SCWCD
Ajith Kallambella

Joined: Mar 17, 2000
Posts: 5782
Denial of Service is one well known kind of attack where a malicious client sends a large number of GET/POST requests to overwhelm the remote service. If you remember, this is how Yahoo! and a few other online brockerage services were attacked a few months ago.
Use of appropriate architectural patterns could actually safeguard your website from denial of service attacks. For instance, you can provide a "Front Controller" that receives the requests, and dispatches it( RequestDispatcher, include/forward ) to the actual processing engine after doing some preliminary processing. This way, the work horse(s) of your website are not directly exposed to the attack and the Front Controller can be written to detect and handle multiple requests from the same client. This will also enable load balancing and distribution so that applications can scale under varying traffic conditions.
Front Controller also happens to be the darling of popular web architects. It is one inevitable architectural strategy employed by many production websites today.
Other kind of web attacks include
  • client intrusions - requesting protected resources through a GET. This can be avoided by making everything a secured resource( web-security-constraint ) and providing proper URL mappings to ones that can be exposed. Again, Front Controller can be very useful in detecting such intrusive requests and handling it appropriately.
  • Upload attacks - clients intentionally posting an extremley large amount of data using a GET/POST to overwhelm the service(s). Since multi-part request can support data uploads of unlimited length, nothing stops a client(exept the bandwidth restrictions ) to send gigabytes of useless data to engage the often poorly written servlet to start spinning endlessly. Again, Front Controller combined with some kind of data validation facades( such as one that inspects the size of uploaded data ) can prevent this from happening.

  • Hope that helps!

    Open Group Certified Distinguished IT Architect. Open Group Certified Master IT Architect. Sun Certified Architect (SCEA).
    subject: WEb Site aTTack
    It's not a secret anymore!