File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JDBC and the fly likes How this code can be improved? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "How this code can be improved?" Watch "How this code can be improved?" New topic
Author

How this code can be improved?

Kunal Lakhani
Ranch Hand

Joined: Jun 05, 2010
Posts: 622
I have created a login page. The application has different users. For this, i have created 5 radio buttons.

This code is working fine, but, i need to improve this code.

UserLoginBean.java




UserLoginServlet



UserDao




index.jsp



kunal
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2491
    
    8

By not taking the user type from a parameter.
Someone can post a bogus request to your application and set r1 to "Add", and bypass security.

OCUP UML fundamental and ITIL foundation
youtube channel
Kunal Lakhani
Ranch Hand

Joined: Jun 05, 2010
Posts: 622
Jan,its not clear to me. Please elaborate.
Kaustubh G Sharma
Ranch Hand

Joined: May 13, 2010
Posts: 1270

use some framewoek..it makes flow easy


No Kaustubh No Fun, Know Kaustubh Know Fun..
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Use PreparedStatements.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2491
    
    8

Use container security
http://download.oracle.com/javaee/6/tutorial/doc/bnbxj.html
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Use a proper logging framework, don't just call printStackTrace();

Change the authenticateUser method so it authenticates the user, rather than returning a ResultSet.

Don't use an int where a boolean variable makes more sense.

Consider returning a 403 code rather then redirecting to a hard coded error JSP (unless you take Jan's much better advice about container managed security).

If you don't want to use container managed security, set your security code in a filter rather than a Servlet.

Don't use tables to positioning elements in your HTML. Use CSS instead.

Don't set the user's credentials in the session.

Kaustubh G Sharma
Ranch Hand

Joined: May 13, 2010
Posts: 1270

I think you'd got less reponses if you asked to fix the problems in your code instead asking only problems
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: How this code can be improved?
 
Similar Threads
Problem in Login page
Login Validation In JSP
Getting the name of the requesting page
NumberFormatException while inserting data into database
Help with this code!