jQuery in Action, 2nd edition*
The moose likes EJB and other Java EE Technologies and the fly likes How to protect my web application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "How to protect my web application" Watch "How to protect my web application" New topic
Author

How to protect my web application

Laxmi Raghu
Ranch Hand

Joined: Feb 16, 2005
Posts: 218
I developed a small web based MRP package using just servlets, JSP, java classes. I've used apache and tomcat.

For logging in, i've used simple table with id, password and levels as columns and wrote a java program to verify the password and l;ogin id. No other security check i'm doing.

Being a web based application it's likely to be hacked by others. I want to protect my application. How do i do that? Pls advice.
Bernhard Neuhauser
Greenhorn

Joined: Feb 06, 2006
Posts: 21
Use https instead of http.
The problem will be: You need an official cert for normal internet-users.

When your usage is inhouse, it might be fine to install your client cert manually on all pcs. When your users are somewhere in the internet, a self-cert will be a risk (they might chose to leave your site instead of accepting it).

But this will only secure against some classes of attacks.
It highly depends on your application.

hth
Bernhard
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41604
    
  55
Security is a huge subject. As Bernhard pointed out, what makes sense for you to guard against depends a great deal on what your application does, how it is accessible, and who can access it. Authentication is a first step, encryption or using SSL is an easy one as well.

You might want to read up on subjects like SQL injection, parameter validation and cross-site scripting vulnerabilities as well. This site is a good start for further research.


Ping & DNS - my free Android networking tools app
Laxmi Raghu
Ranch Hand

Joined: Feb 16, 2005
Posts: 218
Thanks for the inputs. Surely it's going to help me.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: How to protect my web application