• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

What security issues do I need to be aware of?

 
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm fairly new to web programming, and am wondering what are the more important security issues I ought to be aware of. I'm considering hosting rich web applications backed by JSP and servlets in a Debian/Tomcat environment. I might also add in a database to store user information. I know from the C side of things that you need to be paranoid in checking any request info you're given to guard against buffer overruns, but I would think that particular issue is precluded in Java.

Are there any good resources out there for securing your webserver?
 
Sheriff
Posts: 67746
173
Mac Mac OS X IntelliJ IDE jQuery TypeScript Java iOS
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There are lots and lots of security concerns. Two primary ones you need to watch out for are script injections and SQL injections. The former is pretty much handled by making sure that any data displayed on a page from an untrusted source is HTML-encoded (<c:out> takes care of that automatically), while the latter is generally handled by use of PreparedStatements for SQL.

And, of course, always use SSL to prevent snooping.

You might want to check out the Security forum for more information, or research articles dedicated to Web security.

 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Start reading here: https://coderanch.com/how-to/java/SecurityFaq#web-apps
 
Consider Paul's rocket mass heater.
reply
    Bookmark Topic Watch Topic
  • New Topic