This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes EJB and other Java EE Technologies and the fly likes How to protect my web application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "How to protect my web application" Watch "How to protect my web application" New topic
Author

How to protect my web application

Laxmi Raghu
Ranch Hand

Joined: Feb 16, 2005
Posts: 218
I developed a small web based MRP package using just servlets, JSP, java classes. I've used apache and tomcat.

For logging in, i've used simple table with id, password and levels as columns and wrote a java program to verify the password and l;ogin id. No other security check i'm doing.

Being a web based application it's likely to be hacked by others. I want to protect my application. How do i do that? Pls advice.
Bernhard Neuhauser
Greenhorn

Joined: Feb 06, 2006
Posts: 21
Use https instead of http.
The problem will be: You need an official cert for normal internet-users.

When your usage is inhouse, it might be fine to install your client cert manually on all pcs. When your users are somewhere in the internet, a self-cert will be a risk (they might chose to leave your site instead of accepting it).

But this will only secure against some classes of attacks.
It highly depends on your application.

hth
Bernhard
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41182
    
  45
Security is a huge subject. As Bernhard pointed out, what makes sense for you to guard against depends a great deal on what your application does, how it is accessible, and who can access it. Authentication is a first step, encryption or using SSL is an easy one as well.

You might want to read up on subjects like SQL injection, parameter validation and cross-site scripting vulnerabilities as well. This site is a good start for further research.


Ping & DNS - my free Android networking tools app
Laxmi Raghu
Ranch Hand

Joined: Feb 16, 2005
Posts: 218
Thanks for the inputs. Surely it's going to help me.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How to protect my web application
 
Similar Threads
protect web application
protect java application
Access Linux shared folder from Windows OS
database authentication
Using Windows Login Information For Logging into the web based application