This week's book giveaway is in the OCMJEA forum. We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line! See this thread for details.
Can anyone tell me how secure a servlet is? By that I mean that is it safe to send credit card numbers over the net to a servlet using html form or an applet? Thanx in advance [ July 06, 2002: Message edited by: Maki Jav ]
servlets are neither secure or non-secure. it is the server that must be secure. that means SSI (secure socket layer) which encripts the info, and a digital signature (like verisign) proving the site is a real company. sorry SSL not SSI [ July 06, 2002: Message edited by: Randall Twede ]
What about "rumours" we hear that hackers can get card numbers from the servers, located on the way to the server, they are intended to go to. What about the https protocol? Thanx for your answer in advance
servlets arent secure at all - as was said, its the server that has to be secure. When people hack into a machine, they are often using well known weaknesses in the server rather than in the application, although any ASP 3 application is also itself very vulnerable to SQL attack. When you have heard of people hacking into a server to get credit cards, this is often buffer overflow attacks in IIS and Apache - although the New York Times seems to manage to get compromised via its CMS every time. As far as securing servlets is concerned, you can specify in web.xml that the conversation with the user should be secure which will usually mandate SSL sockets have a look around for security in J2EE
chanoch<p><a href="http://www.amazon.com/exec/obidos/ASIN/1861007736/" target="_blank" rel="nofollow">Author of Professional Apache Tomcat</a></p>