• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to protect my web application

 
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I developed a small web based MRP package using just servlets, JSP, java classes. I've used apache and tomcat.

For logging in, i've used simple table with id, password and levels as columns and wrote a java program to verify the password and l;ogin id. No other security check i'm doing.

Being a web based application it's likely to be hacked by others. I want to protect my application. How do i do that? Pls advice.
 
Greenhorn
Posts: 21
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Use https instead of http.
The problem will be: You need an official cert for normal internet-users.

When your usage is inhouse, it might be fine to install your client cert manually on all pcs. When your users are somewhere in the internet, a self-cert will be a risk (they might chose to leave your site instead of accepting it).

But this will only secure against some classes of attacks.
It highly depends on your application.

hth
Bernhard
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security is a huge subject. As Bernhard pointed out, what makes sense for you to guard against depends a great deal on what your application does, how it is accessible, and who can access it. Authentication is a first step, encryption or using SSL is an easy one as well.

You might want to read up on subjects like SQL injection, parameter validation and cross-site scripting vulnerabilities as well. This site is a good start for further research.
 
Laxmi Raghu
Ranch Hand
Posts: 218
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for the inputs. Surely it's going to help me.
 
Story like this gets better after being told a few times. Or maybe it's just a tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic