This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes How to protect my web application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "How to protect my web application" Watch "How to protect my web application" New topic

How to protect my web application

Laxmi Raghu
Ranch Hand

Joined: Feb 16, 2005
Posts: 218
I developed a small web based MRP package using just servlets, JSP, java classes. I've used apache and tomcat.

For logging in, i've used simple table with id, password and levels as columns and wrote a java program to verify the password and l;ogin id. No other security check i'm doing.

Being a web based application it's likely to be hacked by others. I want to protect my application. How do i do that? Pls advice.
Bernhard Neuhauser

Joined: Feb 06, 2006
Posts: 21
Use https instead of http.
The problem will be: You need an official cert for normal internet-users.

When your usage is inhouse, it might be fine to install your client cert manually on all pcs. When your users are somewhere in the internet, a self-cert will be a risk (they might chose to leave your site instead of accepting it).

But this will only secure against some classes of attacks.
It highly depends on your application.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42958
Security is a huge subject. As Bernhard pointed out, what makes sense for you to guard against depends a great deal on what your application does, how it is accessible, and who can access it. Authentication is a first step, encryption or using SSL is an easy one as well.

You might want to read up on subjects like SQL injection, parameter validation and cross-site scripting vulnerabilities as well. This site is a good start for further research.
Laxmi Raghu
Ranch Hand

Joined: Feb 16, 2005
Posts: 218
Thanks for the inputs. Surely it's going to help me.
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link:
subject: How to protect my web application
It's not a secret anymore!