File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes secure- login approach Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "secure- login approach" Watch "secure- login approach" New topic
Author

secure- login approach

Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
Hi,

please suggest some inputs for developing a good Login module in a web application

for example-

1) how to maintain session identity.
2.) how to pass data from login to db for uname/pswd validation
3.) how to keep data secure from hacking

and so on..


Thanks,
Neeraj.


Nishan Patel
Ranch Hand

Joined: Sep 07, 2008
Posts: 684


Hi,

In general login module you don't have to do more. First get user name and password from your login page and make one select query with that user name and password.

If you are getting result from the database then user registered with your application.

Now you just have to registered session with user object. That session identify with user trough out you application.

If you want to make login process still secure then you Https instead of Http. That is the normal process for login.



Thanks, Nishan Patel
SCJP 1.5, SCWCD 1.5, OCPJWSD Java Developer,My Blog
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Make sure to store passwords hashed/digested in the database, not as cleartext. That way they can't get stolen.


Ping & DNS - updated with new look and Ping home screen widget
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
thanks for your inputs.

It wil be a help if more advanced feature like session time out, user being not allowed to login from 2 different m/c, counting the number of active session etc can also be provided.

similar guidelines which are followed in big ecommerce banking applications for login procedure for authentication, authorization, secure coding etc..


Thanks,
Neeraj.
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
please guide or help to move my thread to a different group like design patterns on the site. I am unable to find an appropriate group in for posting my query.

Thanks,
Neeraj.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39547
    
  27
Your question is very generic, and would take a book to answer comprehensively. But since you know a lot of the things that you intend to do (like authentication, authorization, etc.), what keeps you from implementing them? Have you worked on web apps before, and are familiar with form processing, sessions, database storage etc.? How about SSL, encryption in general, XSS and SQL injection?

Some reading material to get you started on web app security matters can be found at http://faq.javaranch.com/java/SecurityFaq#web-apps
Neeraj Vij
Ranch Hand

Joined: Nov 25, 2003
Posts: 315
Thanks a ton Ulf for giving the link.

I wanted the main or very important things one need to keep in mind while implementing authentication, authorization etc.

I have worked on web application. I have knowledge of "form processing, sessions, database storage, SSL, encryption in general, XSS and SQL injection"


But now I need to work on making secure web application. So I was looking for some basics points to keep in mind to prevent session hijack, secure authentication etc.

This is the site which I always put my queries for guidance and then google for more details.

Regards,
Neeraj.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: secure- login approach
 
Similar Threads
LoginModules (jaas) and EJB
Secure login page only.
security on PDA
How to handle Security in a Webapp with a JDBCRealm
http tunneling