File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes What security issues do I need to be aware of? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "What security issues do I need to be aware of?" Watch "What security issues do I need to be aware of?" New topic

What security issues do I need to be aware of?

Mark McKay

Joined: Mar 20, 2011
Posts: 25
I'm fairly new to web programming, and am wondering what are the more important security issues I ought to be aware of. I'm considering hosting rich web applications backed by JSP and servlets in a Debian/Tomcat environment. I might also add in a database to store user information. I know from the C side of things that you need to be paranoid in checking any request info you're given to guard against buffer overruns, but I would think that particular issue is precluded in Java.

Are there any good resources out there for securing your webserver?

Games, art, code:
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63540

There are lots and lots of security concerns. Two primary ones you need to watch out for are script injections and SQL injections. The former is pretty much handled by making sure that any data displayed on a page from an untrusted source is HTML-encoded (<c:out> takes care of that automatically), while the latter is generally handled by use of PreparedStatements for SQL.

And, of course, always use SSL to prevent snooping.

You might want to check out the Security forum for more information, or research articles dedicated to Web security.

[Asking smart questions] [About Bear] [Books by Bear]
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42959
Start reading here:
I agree. Here's the link:
subject: What security issues do I need to be aware of?
It's not a secret anymore!