This week's book giveaway is in the Android forum.
We're giving away four copies of Head First Android and have Dawn & David Griffiths on-line!
See this thread for details.
The moose likes Security and the fly likes Securing a servlet-JSP based website Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Securing a servlet-JSP based website" Watch "Securing a servlet-JSP based website" New topic

Securing a servlet-JSP based website

M Burke
Ranch Hand

Joined: Jun 25, 2004
Posts: 391
I would like to secure a web site, so I would like some opinions and advice on how to proceed. The site is in the public domain, so there are no company firewall safeguards.
I do have some security already built in. I use a filter to check each call. I make certain an active session is present and the relevant user data is bound to it. I also log the last IP someone logged in from.

I would like to do the following:
Secure the WWW transmission of the site's user's name-password.
Prevent bots from registering.
Safely reset passwords for users that request it.
Tim Moores

Joined: Sep 21, 2011
Posts: 2409
You could read up on the usual security issues with web apps in general:
M Burke
Ranch Hand

Joined: Jun 25, 2004
Posts: 391
Thank you, Tim. I will
I agree. Here's the link:
subject: Securing a servlet-JSP based website
It's not a secret anymore!