[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Security Aspects

Posted on 2004-03-22
3
Medium Priority
?
366 Views
Last Modified: 2010-04-01
I'm now developing a web based application (Dental Practice Management System) for the customers. This application should be able to cater for the multiple locations accessing,
which means the database server, the webserver will be located at the main clinic only. Then the clinic branches (more than one) can access in.
I'm using jsp,mysql and tomcat. I wish to find the security aspects of data transmission in a multiple locations environment. How easy is it for unauthorized users to steall the data(e.g Patient Data) when there is data transmissoon? How to enhance the security? Please advise.
Thank you.
0
Comment
Question by:boyyle
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 1

Accepted Solution

by:
nixj14 earned 400 total points
ID: 10657733
The answer to most of your questions lies in SSL (Secure Sockets Layer).  Your web applications needs to be running over a secure connection (https).  Basically, you will need to create a certificate and assign it to your SSL connector.  Then, modify your web application deployment descriptor file (web.xml) to contain a security constraint similar to the following:
<security-constraint>
      <web-resource-collection>
            <web-resource-name>AllResources</web-resource-name>
            <url-pattern>/*</url-pattern><!--Forces all resources to require SSL -->
      </web-resource-collection>
      <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>

By forcing users to come over a secure socket, you are preventing hackers from "peeking" at the transmission packets as they are sent via the internet.  Now, there are still additional security measures that your application will need to consider.  The basic, being a user authentication process (forcing users to login to your system).  This can (and has) been done in a number of different ways.  But, for simplicity sakes, by creating some sort of a user table that matches a user with their password.  You should use some logic password policies: 6+ characters long, alpha-numeric, and possibly expire the password every so often.  

References:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
http://java.sun.com/webservices/docs/1.2/tutorial/doc/Security.html
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=java+Web+Application+User+Authentication

Hope this helps
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here in this article, you will get a step by step guidance on how to restore an Exchange database to a recovery database. Get a brief on Recovery Database and how it can be used to restore Exchange database in this section!
As much as Microsoft wants to kill off PST file support, just as they tried to do with public folders, there are still times when it is useful or downright necessary to export Exchange mailboxes to PST files. Thankfully, it is still possible to e…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question