need guide/help in finding out about JSP/Servlet security

Posted on 2006-05-03
Last Modified: 2010-04-01
Hi, I'm new to JSP/Servlet, or can say web application development. So I am very much interested (or needed) to know about the security issue, password encryption, how to prevent some one else from accessing my database from JSP/Servlet... and so on.

I run a search in google, EE and the result just make my head grows bigger. All those results of hash your password, usage of MD5, DES just don't make sense for my fragile little mind.

So what I need is maybe some introduction to some important security issue and some links that can be a help to me.

Question by:InNoCenT_Ch1ld
    LVL 23

    Accepted Solution


    refer the above source

    and to secure your password ans user name of the database you need to use some kind of effective encryption technique.

    java provides all many of the standard encryption implementations.

    check here to know how to use them.

    LVL 3

    Author Comment

    j2ee... hmm, can they be use if I run my web apps on tomcat? or other web server?
    LVL 3

    Author Comment

    btw, does each different type of webserver provide their own type of security?
    LVL 23

    Expert Comment

    >>webserver provide their own type of security

    yes but all the webservers must provide the standard J2EE security specified.

    and about Tomcat, Tomcat is a java servlet engine which are part of J2ee(servlets).

    Thank You.
    LVL 3

    Author Comment

    well, I'll let this question open for another day to close it.

    Tks for your swift respond. ;-)
    LVL 11

    Assisted Solution


    For some simplified information as an overview you  may look at

    Also as I said before if you using https then you have a secure connection between your client and server, so the username and password are not visible for everyone that may be hacking in the middle.

    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    It Is not possible to enable LLDP in vSwitch(at least is not supported by VMware), so in this article we will enable this, and also go trough how to enabled CDP and how to get this information in vSwitches and also in vDS.
    This is an issue that we can get adding / removing permissions in the vCSA 6.0. We can also have issues searching for users / groups in the AD (using your identify sources). This is how one of the ways to handle this issues and fix it.
    This video discusses moving either the default database or any database to a new volume.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now