Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Agile forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Is using Spring Security more secure than providing your own simple authentication?

 
Monica Shiralkar
Ranch Hand
Posts: 826
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is using Spring Security more secure than providing your own simple authentication(login logout using session).?
 
Prasad Krishnegowda
Ranch Hand
Posts: 665
4
Eclipse IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It depends on what's your definition of secure?

If only login/logout is you definition, then we cant compare, both may be same.
one reason, which i can think of to using spring security, even in this case is, session fixation problem can be easily solved using spring security, which may not be case if we just use our own login mechanism.

Using spring security is always recommended, instead of we implementing login/logout functionality, why do you want to reinvent the wheel when its already invented?
It helps in future to implement SSO and so on..
 
Monica Shiralkar
Ranch Hand
Posts: 826
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks.I got the answer to some extent.i meant to ask are applications with Spring Security integrated more secure than normal Applications?What did you mean by 'session fixation problem'
 
Prasad Krishnegowda
Ranch Hand
Posts: 665
4
Eclipse IDE Java Spring
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Monica. Shiralkar wrote:are applications with Spring Security integrated more secure than normal Applications?

We can frame this sentence as "applications with Spring Security integrated are more easier to be made secure than normal Applications."

However as i wrote earlier..
Prasad Krishnegowda wrote:It depends on what's your definition of secure?


Monica. Shiralkar wrote:What did you mean by 'session fixation problem'

See this http://en.wikipedia.org/wiki/Session_fixation


 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic