Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 367
  • Last Modified:

Security Aspects

I'm now developing a web based application (Dental Practice Management System) for the customers. This application should be able to cater for the multiple locations accessing,
which means the database server, the webserver will be located at the main clinic only. Then the clinic branches (more than one) can access in.
I'm using jsp,mysql and tomcat. I wish to find the security aspects of data transmission in a multiple locations environment. How easy is it for unauthorized users to steall the data(e.g Patient Data) when there is data transmissoon? How to enhance the security? Please advise.
Thank you.
0
boyyle
Asked:
boyyle
1 Solution
 
nixj14Commented:
The answer to most of your questions lies in SSL (Secure Sockets Layer).  Your web applications needs to be running over a secure connection (https).  Basically, you will need to create a certificate and assign it to your SSL connector.  Then, modify your web application deployment descriptor file (web.xml) to contain a security constraint similar to the following:
<security-constraint>
      <web-resource-collection>
            <web-resource-name>AllResources</web-resource-name>
            <url-pattern>/*</url-pattern><!--Forces all resources to require SSL -->
      </web-resource-collection>
      <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
      </user-data-constraint>
</security-constraint>

By forcing users to come over a secure socket, you are preventing hackers from "peeking" at the transmission packets as they are sent via the internet.  Now, there are still additional security measures that your application will need to consider.  The basic, being a user authentication process (forcing users to login to your system).  This can (and has) been done in a number of different ways.  But, for simplicity sakes, by creating some sort of a user table that matches a user with their password.  You should use some logic password policies: 6+ characters long, alpha-numeric, and possibly expire the password every so often.  

References:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
http://java.sun.com/webservices/docs/1.2/tutorial/doc/Security.html
http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=java+Web+Application+User+Authentication

Hope this helps
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now