aspose file tools*
The moose likes Security and the fly likes web app security how to? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "web app security how to?" Watch "web app security how to?" New topic
Author

web app security how to?

Hengki Widjaja
Ranch Hand

Joined: Oct 31, 2011
Posts: 44
I'm building a java web app. I'm still struggling with security issues. I've read somewhere that I just need to use https for all requests since nowadays it doesn't consume much resources as it used to be (says google). Is this true? I want to guard my req and resp from being read by eavesdropper. I'm thinking that encryption alone will do the trick. It might not stop the eavesdropper from intercepting my req and resp, but at least they won't understand the content. Is this true? or are there other things in this security equation? and how do I achieve this encryption? I mean encryption in server side is easy, but how does the client side(browser) decrypt? using script? if so, wouldn't others be able to download and analyze the script to break the encryption technique? need enlightment here. thanks
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
There are no scripts involved. If the site is set up for HTTPS, then the browser does all the work. There's lots more involved in web app security, though; some useful starting points can be found at http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: web app security how to?
 
Similar Threads
Alice v/s Sally
Front controller and DAO, design question!
How does it work, being monitored by an eavesdropper?
A question about HttpSessionActivation Listener
web service security : question for Mr. Lai