File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes web app security how to? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "web app security how to?" Watch "web app security how to?" New topic

web app security how to?

Hengki Widjaja
Ranch Hand

Joined: Oct 31, 2011
Posts: 44
I'm building a java web app. I'm still struggling with security issues. I've read somewhere that I just need to use https for all requests since nowadays it doesn't consume much resources as it used to be (says google). Is this true? I want to guard my req and resp from being read by eavesdropper. I'm thinking that encryption alone will do the trick. It might not stop the eavesdropper from intercepting my req and resp, but at least they won't understand the content. Is this true? or are there other things in this security equation? and how do I achieve this encryption? I mean encryption in server side is easy, but how does the client side(browser) decrypt? using script? if so, wouldn't others be able to download and analyze the script to break the encryption technique? need enlightment here. thanks
Tim Moores

Joined: Sep 21, 2011
Posts: 2415
There are no scripts involved. If the site is set up for HTTPS, then the browser does all the work. There's lots more involved in web app security, though; some useful starting points can be found at
I agree. Here's the link:
subject: web app security how to?
It's not a secret anymore!