aspose file tools*
The moose likes Security and the fly likes Securing a servlet-JSP based website Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Securing a servlet-JSP based website" Watch "Securing a servlet-JSP based website" New topic

Securing a servlet-JSP based website

M Burke
Ranch Hand

Joined: Jun 25, 2004
Posts: 382
I would like to secure a web site, so I would like some opinions and advice on how to proceed. The site is in the public domain, so there are no company firewall safeguards.
I do have some security already built in. I use a filter to check each call. I make certain an active session is present and the relevant user data is bound to it. I also log the last IP someone logged in from.

I would like to do the following:
Secure the WWW transmission of the site's user's name-password.
Prevent bots from registering.
Safely reset passwords for users that request it.
Tim Moores

Joined: Sep 21, 2011
Posts: 2408
You could read up on the usual security issues with web apps in general:
M Burke
Ranch Hand

Joined: Jun 25, 2004
Posts: 382
Thank you, Tim. I will
I agree. Here's the link:
subject: Securing a servlet-JSP based website
Similar Threads
REFERER parameter in URL object
This weeks giveaway : "JSP Examples and Best Practices".
Login to a ssl enabled site using encrypted password
using paypal accounts for making payment
secure access and struts