aspose file tools*
The moose likes Security and the fly likes Securing a servlet-JSP based website Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Securing a servlet-JSP based website" Watch "Securing a servlet-JSP based website" New topic
Author

Securing a servlet-JSP based website

M Burke
Ranch Hand

Joined: Jun 25, 2004
Posts: 388
I would like to secure a web site, so I would like some opinions and advice on how to proceed. The site is in the public domain, so there are no company firewall safeguards.
I do have some security already built in. I use a filter to check each call. I make certain an active session is present and the relevant user data is bound to it. I also log the last IP someone logged in from.

I would like to do the following:
Secure the WWW transmission of the site's user's name-password.
Prevent bots from registering.
Safely reset passwords for users that request it.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
You could read up on the usual security issues with web apps in general: http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
M Burke
Ranch Hand

Joined: Jun 25, 2004
Posts: 388
Thank you, Tim. I will
 
wood burning stoves
 
subject: Securing a servlet-JSP based website