Solved

Security Aspects

Posted on 2004-03-22
3
358 Views
Last Modified: 2010-04-01
I'm now developing a web based application (Dental Practice Management System) for the customers. This application should be able to cater for the multiple locations accessing,
which means the database server, the webserver will be located at the main clinic only. Then the clinic branches (more than one) can access in.
I'm using jsp,mysql and tomcat. I wish to find the security aspects of data transmission in a multiple locations environment. How easy is it for unauthorized users to steall the data(e.g Patient Data) when there is data transmissoon? How to enhance the security? Please advise.
Thank you.
0
Comment
Question by:boyyle
3 Comments
 
LVL 1

Accepted Solution

by:
nixj14 earned 100 total points
ID: 10657733
The answer to most of your questions lies in SSL (Secure Sockets Layer).  Your web applications needs to be running over a secure connection (https).  Basically, you will need to create a certificate and assign it to your SSL connector.  Then, modify your web application deployment descriptor file (web.xml) to contain a security constraint similar to the following:
<security-constraint>
      <web-resource-collection>
            <web-resource-name>AllResources</web-resource-name>
            <url-pattern>/*</url-pattern><!--Forces all resources to require SSL -->
      </web-resource-collection>
      <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>

By forcing users to come over a secure socket, you are preventing hackers from "peeking" at the transmission packets as they are sent via the internet.  Now, there are still additional security measures that your application will need to consider.  The basic, being a user authentication process (forcing users to login to your system).  This can (and has) been done in a number of different ways.  But, for simplicity sakes, by creating some sort of a user table that matches a user with their password.  You should use some logic password policies: 6+ characters long, alpha-numeric, and possibly expire the password every so often.  

References:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
http://java.sun.com/webservices/docs/1.2/tutorial/doc/Security.html
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=java+Web+Application+User+Authentication

Hope this helps
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jAVA SERVLETS CODE FOR ONLINE SUPERMARKE 2 196
password protect pdf 11 74
Set up Wildfly 10 8 359
IE doesn't Invoke servlet in iframe 1 100
We need a new way to communicate time sensitive or critical info.   The best part of my role at xMatters is visiting our clients all over the world to learn about how they operate their businesses, share insights that xMatters has gleaned across…
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now