|
![]() |
Freelancer for life!
Sometimes the only way things ever got fixed is because people became uncomfortable.
Freelancer for life!
Ekrem Dkyc wrote:Thanks Tim; I tried to implement it but wasn't very successful. I found this to be more straightforward but I will at some point try it again, perhaps after finish coding the application.
Too much documentation lying around but hard to find good tutorials
Thanks, leo
Sometimes the only way things ever got fixed is because people became uncomfortable.
Like optimization, security should be allowed for when an app is designed
Thanks, leo
Freelancer for life!
leo donahue wrote:When you design a web application that will require security, you don't first define your user users, roles, realms (active directory vs database), authentication methods, navigation of the web app in general, etc? How would you know what you need to implement without first knowing where you are going?
I think you agree with me?Like optimization, security should be allowed for when an app is designed
I realize most of the items I just listed can be "added" by configuring the container, without any *code* at all, but you still have configuration/security of the container to think about. I'm just saying that security should not be an afterthought once your webapp is finished.
Sometimes the only way things ever got fixed is because people became uncomfortable.
the security exists to support the business, not the other way around
Thanks, leo
leo donahue wrote:I rarely answer anyone's questions in this forum for over 7 years. It is mostly because for some reason I can not convey correctly what I'm trying to say and/or I just don't understand what people are asking.
Ekrem, I never used the word "crappy". That was your word. What I'm trying to suggest is that implementing security is not a "quick and dirty" process. There is alot of information to digest. If you have a specific quesiton about implmenting something you have read in the Servlet Spec, or in the Java EE Tutorial, please ask.
Freelancer for life!
leo donahue wrote:
Did I infer that that it was the othe way around? If I said that, I'm sorry. I dont' think I said that.
Ekrem Dkyc wrote:
And that's exactly why I choose this route, tehre is so much information to digest at once. Just did it like this for now, later I'll make the effort to make a real security.
Sometimes the only way things ever got fixed is because people became uncomfortable.