I have written many web based application but none required any real security. My current project requires SSL encryption and digital signing of an online document. I am using a Tomcat server and have the following questions....
1. Since this is a JSP WEB app is it ok to use Tomcat alone or should I use Tomcat within an Apache or IIS server.
2. Will I need any other encryption tools other than SSL for the HTML page
3. When a signature is captured using a signature pad how is it stored for retrieval when needed to sign a document.
4. Is there an advantage to using an independent company providing an online signature capture server to handle the document signing rather than saving the signature on the application server
5. Is there a book or online documentation that I be viewed or purchase that will give me a sound understanding of all of the above plus anything of concern that I may have failed to list.
I hope this question makes sense to someone out there but if not perhaps I can find a way to better word it.