File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Servlet Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Servlet Security" Watch "Servlet Security" New topic

Servlet Security

Ezra Exposito
Ranch Hand

Joined: Apr 26, 2001
Posts: 34
I am working on a program that requires
high security and I was wondering if there
is any way a hacker can attack my servlets
and what can be done to protect them.
Example: If someone did a view source on one
of my jsp pages and saw:

What could potentially be done with this
information and how can I protect myservlet?
Thanks in advance,
Marcus Howarth
Ranch Hand

Joined: Jan 04, 2002
Posts: 38

Hi Ezra,
not really servlet answer... but for starters disable the ability to view source by doing this in your body tag


SCJP, March '02
Ezra Exposito
Ranch Hand

Joined: Apr 26, 2001
Posts: 34
Thanks a bunch!
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63548

That hardly makes anything more secure (you'd need to start trapping all possible key mapping for view source for all browsers), it'll just annoy your visitors.
What are your particular security concerns? Do you have an authenticated site where every page should check for appropriate login?

[Asking smart questions] [About Bear] [Books by Bear]
Ezra Exposito
Ranch Hand

Joined: Apr 26, 2001
Posts: 34
I am just concerned about hackers somehow
crashing the servlet. Maybe doing something
like /servlet/myServlet?value=lots-of-junk-data.
I am not a hacker so I am not sure what types
of attacks a JSP/Servlet system is open to.
I agree. Here's the link:
subject: Servlet Security
It's not a secret anymore!