GeeCON Prague 2014*
The moose likes Servlets and the fly likes What security issues do I need to be aware of? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Servlets
Bookmark "What security issues do I need to be aware of?" Watch "What security issues do I need to be aware of?" New topic
Author

What security issues do I need to be aware of?

Mark McKay
Greenhorn

Joined: Mar 20, 2011
Posts: 24
I'm fairly new to web programming, and am wondering what are the more important security issues I ought to be aware of. I'm considering hosting rich web applications backed by JSP and servlets in a Debian/Tomcat environment. I might also add in a database to store user information. I know from the C side of things that you need to be paranoid in checking any request info you're given to guard against buffer overruns, but I would think that particular issue is precluded in Java.

Are there any good resources out there for securing your webserver?


Games, art, code:
http://www.kitfox.com
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61315
    
  66

There are lots and lots of security concerns. Two primary ones you need to watch out for are script injections and SQL injections. The former is pretty much handled by making sure that any data displayed on a page from an untrusted source is HTML-encoded (<c:out> takes care of that automatically), while the latter is generally handled by use of PreparedStatements for SQL.

And, of course, always use SSL to prevent snooping.

You might want to check out the Security forum for more information, or research articles dedicated to Web security.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42056
    
  64
Start reading here: http://www.coderanch.com/how-to/java/SecurityFaq#web-apps


Ping & DNS - my free Android networking tools app
 
GeeCON Prague 2014
 
subject: What security issues do I need to be aware of?