aspose file tools*
The moose likes JDBC and the fly likes How this code can be improved? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "How this code can be improved?" Watch "How this code can be improved?" New topic
Author

How this code can be improved?

Kunal Lakhani
Ranch Hand

Joined: Jun 05, 2010
Posts: 618
I have created a login page. The application has different users. For this, i have created 5 radio buttons.

This code is working fine, but, i need to improve this code.

UserLoginBean.java




UserLoginServlet



UserDao




index.jsp



kunal
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2476
    
    7

By not taking the user type from a parameter.
Someone can post a bogus request to your application and set r1 to "Add", and bypass security.

OCUP UML fundamental and ITIL foundation
youtube channel
Kunal Lakhani
Ranch Hand

Joined: Jun 05, 2010
Posts: 618
Jan,its not clear to me. Please elaborate.
Kaustubh G Sharma
Ranch Hand

Joined: May 13, 2010
Posts: 1268

use some framewoek..it makes flow easy


No Kaustubh No Fun, Know Kaustubh Know Fun..
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Use PreparedStatements.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2476
    
    7

Use container security
http://download.oracle.com/javaee/6/tutorial/doc/bnbxj.html
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Use a proper logging framework, don't just call printStackTrace();

Change the authenticateUser method so it authenticates the user, rather than returning a ResultSet.

Don't use an int where a boolean variable makes more sense.

Consider returning a 403 code rather then redirecting to a hard coded error JSP (unless you take Jan's much better advice about container managed security).

If you don't want to use container managed security, set your security code in a filter rather than a Servlet.

Don't use tables to positioning elements in your HTML. Use CSS instead.

Don't set the user's credentials in the session.

Kaustubh G Sharma
Ranch Hand

Joined: May 13, 2010
Posts: 1268

I think you'd got less reponses if you asked to fix the problems in your code instead asking only problems
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How this code can be improved?
 
Similar Threads
Getting the name of the requesting page
Problem in Login page
NumberFormatException while inserting data into database
Login Validation In JSP
Help with this code!