aspose file tools*
The moose likes JDBC and the fly likes How this code can be improved? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Databases » JDBC
Bookmark "How this code can be improved?" Watch "How this code can be improved?" New topic
Author

How this code can be improved?

Kunal Lakhani
Ranch Hand

Joined: Jun 05, 2010
Posts: 622
I have created a login page. The application has different users. For this, i have created 5 radio buttons.

This code is working fine, but, i need to improve this code.

UserLoginBean.java




UserLoginServlet



UserDao




index.jsp



kunal
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2510
    
  10

By not taking the user type from a parameter.
Someone can post a bogus request to your application and set r1 to "Add", and bypass security.

OCUP UML fundamental and ITIL foundation
youtube channel
Kunal Lakhani
Ranch Hand

Joined: Jun 05, 2010
Posts: 622
Jan,its not clear to me. Please elaborate.
Kaustubh G Sharma
Ranch Hand

Joined: May 13, 2010
Posts: 1281

use some framewoek..it makes flow easy


No Kaustubh No Fun, Know Kaustubh Know Fun..
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Use PreparedStatements.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2510
    
  10

Use container security
http://download.oracle.com/javaee/6/tutorial/doc/bnbxj.html
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Use a proper logging framework, don't just call printStackTrace();

Change the authenticateUser method so it authenticates the user, rather than returning a ResultSet.

Don't use an int where a boolean variable makes more sense.

Consider returning a 403 code rather then redirecting to a hard coded error JSP (unless you take Jan's much better advice about container managed security).

If you don't want to use container managed security, set your security code in a filter rather than a Servlet.

Don't use tables to positioning elements in your HTML. Use CSS instead.

Don't set the user's credentials in the session.

Kaustubh G Sharma
Ranch Hand

Joined: May 13, 2010
Posts: 1281

I think you'd got less reponses if you asked to fix the problems in your code instead asking only problems
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How this code can be improved?