[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 231
  • Last Modified:

need guide/help in finding out about JSP/Servlet security

Hi, I'm new to JSP/Servlet, or can say web application development. So I am very much interested (or needed) to know about the security issue, password encryption, how to prevent some one else from accessing my database from JSP/Servlet... and so on.

I run a search in google, EE and the result just make my head grows bigger. All those results of hash your password, usage of MD5, DES just don't make sense for my fragile little mind.

So what I need is maybe some introduction to some important security issue and some links that can be a help to me.

Tks
0
InNoCenT_Ch1ld
Asked:
InNoCenT_Ch1ld
  • 3
  • 2
2 Solutions
 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security4.html#wp473533

refer the above source

and to secure your password ans user name of the database you need to use some kind of effective encryption technique.

java provides all many of the standard encryption implementations.

check here to know how to use them.

http://www.java2s.com/Code/Java/Security/CatalogSecurity.htm

0
 
InNoCenT_Ch1ldAuthor Commented:
j2ee... hmm, can they be use if I run my web apps on tomcat? or other web server?
0
 
InNoCenT_Ch1ldAuthor Commented:
btw, does each different type of webserver provide their own type of security?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
>>webserver provide their own type of security

yes but all the webservers must provide the standard J2EE security specified.

and about Tomcat, Tomcat is a java servlet engine which are part of J2ee(servlets).

Thank You.
0
 
InNoCenT_Ch1ldAuthor Commented:
well, I'll let this question open for another day to close it.

Tks for your swift respond. ;-)
0
 
WelkinMazeCommented:
Hi,

For some simplified information as an overview you  may look at wikipedia.org
http://en.wikipedia.org/wiki/MD5
http://en.wikipedia.org/wiki/Data_Encryption_Standard

Also as I said before if you using https then you have a secure connection between your client and server, so the username and password are not visible for everyone that may be hacking in the middle.
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now