aspose file tools*
The moose likes Servlets and the fly likes How secure a Servlet  is? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "How secure a Servlet  is?" Watch "How secure a Servlet  is?" New topic
Author

How secure a Servlet is?

Maki Jav
Ranch Hand

Joined: May 09, 2002
Posts: 435
Can anyone tell me how secure a servlet is?
By that I mean that is it safe to send credit card numbers over the net to a servlet using html form or an applet?
Thanx in advance
[ July 06, 2002: Message edited by: Maki Jav ]

Help gets you when you need it!
Randall Twede
Ranch Hand

Joined: Oct 21, 2000
Posts: 4347
    
    2

servlets are neither secure or non-secure. it is the server that must be secure. that means SSI (secure socket layer) which encripts the info, and a digital signature (like verisign) proving the site is a real company.
sorry SSL not SSI
[ July 06, 2002: Message edited by: Randall Twede ]

SCJP
Visit my download page
Maki Jav
Ranch Hand

Joined: May 09, 2002
Posts: 435
What about "rumours" we hear that hackers can get card numbers from the servers, located on the way to the server, they are intended to go to.
What about the https protocol?
Thanx for your answer in advance
Randall Twede
Ranch Hand

Joined: Oct 21, 2000
Posts: 4347
    
    2

i have heard that the 128-bit encription used is virtually impossible to crack. to learn more, try searching Google for SSL
chanoch wiggers
Author
Ranch Hand

Joined: May 24, 2001
Posts: 245
servlets arent secure at all - as was said, its the server that has to be secure. When people hack into a machine, they are often using well known weaknesses in the server rather than in the application, although any ASP 3 application is also itself very vulnerable to SQL attack.
When you have heard of people hacking into a server to get credit cards, this is often buffer overflow attacks in IIS and Apache - although the New York Times seems to manage to get compromised via its CMS every time.
As far as securing servlets is concerned, you can specify in web.xml that the conversation with the user should be secure which will usually mandate SSL sockets
have a look around for security in J2EE


chanoch<p><a href="http://www.amazon.com/exec/obidos/ASIN/1861007736/" target="_blank" rel="nofollow">Author of Professional Apache Tomcat</a></p>
Maki Jav
Ranch Hand

Joined: May 09, 2002
Posts: 435
Thanx alot folks for your help.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How secure a Servlet is?