This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Security and the fly likes Sever security & Web Security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Sever security & Web Security" Watch "Sever security & Web Security" New topic
Author

Sever security & Web Security

Vijay Kumar
Ranch Hand

Joined: Jul 24, 2003
Posts: 260
Hi Al,

One of or server is is exposed on internet. My boss has asked me to implement security .

A web based financial application is running on server which is implementing an SSL and form based authentication.Please suggest me how are the other ways to protect server as well as application.

Thanks.









Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41062
    
  43
Security isn't something you can add after the fact, it's something that needs to be designed in from the start. If you developed the complete app without regard for security -except for what you mentioned- then you'll likely have some refactoring to do. The SecurityFaq lists a lot of the issues that needs to be addressed especially for web apps, including XSS and SQL injection.


Ping & DNS - my free Android networking tools app
 
jQuery in Action, 2nd edition
 
subject: Sever security & Web Security
 
Similar Threads
Should Swing application connect to Web application or directly to EJB tier?
Servlet Between Application and SQL Server
Acegi
Security Aspects to be considered
Web Service Security