This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes web application security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "web application security" Watch "web application security" New topic
Author

web application security

caleb momanyi
Ranch Hand

Joined: Jun 17, 2012
Posts: 43

Hello ranchers. Hope yall doing great. So I have been trying to figure out the best way to secure a web application and i don't know if to go with Declative or Programatic Security. Anybody care to explain to me the advantages and disadvantages of each. And my other question is, if i choose Form based Authentication, how will i have to add each user that registers on my site manually to the server or are there ways i can use to check the username and password from the database? Please bear with me if this is a stupid question :)
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41125
    
  45
Declarative security is great in that it's already debugged and working and secure, something that can not necessarily be said of whatever you intend to put in place. But it's only the beginning, there's much more to securing a web app than that. Start reading at http://www.coderanch.com/how-to/java/SecurityFaq#web-apps for all the other things you need to do, like preventing SQL injection and XSS attacks. A library like Apache Shiro can do a lot of the things that you'll likely need to do in that respect.


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: web application security
 
Similar Threads
J2EE Security vs Spring Security
Security principal propagation accross ejb3 modules
Spring Security or Acegi Security ?
Security Filter
Web Service Security