Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

What security issues do I need to be aware of?

 
Mark McKay
Greenhorn
Posts: 26
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm fairly new to web programming, and am wondering what are the more important security issues I ought to be aware of. I'm considering hosting rich web applications backed by JSP and servlets in a Debian/Tomcat environment. I might also add in a database to store user information. I know from the C side of things that you need to be paranoid in checking any request info you're given to guard against buffer overruns, but I would think that particular issue is precluded in Java.

Are there any good resources out there for securing your webserver?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64967
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are lots and lots of security concerns. Two primary ones you need to watch out for are script injections and SQL injections. The former is pretty much handled by making sure that any data displayed on a page from an untrusted source is HTML-encoded (<c:out> takes care of that automatically), while the latter is generally handled by use of PreparedStatements for SQL.

And, of course, always use SSL to prevent snooping.

You might want to check out the Security forum for more information, or research articles dedicated to Web security.

 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Start reading here: http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic