I developed a small web based MRP package using just servlets, JSP, java classes. I've used apache and tomcat.
For logging in, i've used simple table with id, password and levels as columns and wrote a java program to verify the password and l;ogin id. No other security check i'm doing.
Being a web based application it's likely to be hacked by others. I want to protect my application. How do i do that? Pls advice.
Use https instead of http. The problem will be: You need an official cert for normal internet-users.
When your usage is inhouse, it might be fine to install your client cert manually on all pcs. When your users are somewhere in the internet, a self-cert will be a risk (they might chose to leave your site instead of accepting it).
But this will only secure against some classes of attacks. It highly depends on your application.
Security is a huge subject. As Bernhard pointed out, what makes sense for you to guard against depends a great deal on what your application does, how it is accessible, and who can access it. Authentication is a first step, encryption or using SSL is an easy one as well.
You might want to read up on subjects like SQL injection, parameter validation and cross-site scripting vulnerabilities as well. This site is a good start for further research.
0
