need guide/help in finding out about JSP/Servlet security

Hi, I'm new to JSP/Servlet, or can say web application development. So I am very much interested (or needed) to know about the security issue, password encryption, how to prevent some one else from accessing my database from JSP/Servlet... and so on.

I run a search in google, EE and the result just make my head grows bigger. All those results of hash your password, usage of MD5, DES just don't make sense for my fragile little mind.

So what I need is maybe some introduction to some important security issue and some links that can be a help to me.

Tks
LVL 3
InNoCenT_Ch1ldAsked:
Who is Participating?
 
Siva Prasanna KumarConnect With a Mentor Principal Solutions ArchitectCommented:
http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security4.html#wp473533

refer the above source

and to secure your password ans user name of the database you need to use some kind of effective encryption technique.

java provides all many of the standard encryption implementations.

check here to know how to use them.

http://www.java2s.com/Code/Java/Security/CatalogSecurity.htm

0
 
InNoCenT_Ch1ldAuthor Commented:
j2ee... hmm, can they be use if I run my web apps on tomcat? or other web server?
0
 
InNoCenT_Ch1ldAuthor Commented:
btw, does each different type of webserver provide their own type of security?
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
Siva Prasanna KumarPrincipal Solutions ArchitectCommented:
>>webserver provide their own type of security

yes but all the webservers must provide the standard J2EE security specified.

and about Tomcat, Tomcat is a java servlet engine which are part of J2ee(servlets).

Thank You.
0
 
InNoCenT_Ch1ldAuthor Commented:
well, I'll let this question open for another day to close it.

Tks for your swift respond. ;-)
0
 
WelkinMazeConnect With a Mentor Commented:
Hi,

For some simplified information as an overview you  may look at wikipedia.org
http://en.wikipedia.org/wiki/MD5
http://en.wikipedia.org/wiki/Data_Encryption_Standard

Also as I said before if you using https then you have a secure connection between your client and server, so the username and password are not visible for everyone that may be hacking in the middle.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.