J2EE Security

S

Sezer Yilmaz

Hello !
Some months ago we began to learn Java in University.
I know there's enough to learn in that field, but know I got in my head to
learn
implementing J2EE applications because I'm very interested in Client-Server
programming and distributed systems. So I managed to run some example
applications and now I want to write my first own J2EE code.
Since I need some motivation, the application I write must not be nonsense
and I want to learn some important J2EE basics. So the project I chose
is the following:

- Application Name: Internet Adressbook
- Application Server: JBoss 4.04
- DB Server: MySQL
- Authentication and Authorization functions ( Has anyone ideas ? JAAS
perhaps ? )
- Frontend: Java Application, no Web-Tier

Now my question or problem is the following:
The Applicationserver must be on the Internet so that I can logon
with the Client from anywhere. Is this a bad idea (concerning security) ?
Can I secure the communication between the client and the
"business logic", the EJB's ? And what about the JNDI lookups ?
What if someone else overwrites my registred objects to sniff
important information etc. Is it possible to secure the JNDI
lookups or is it even possible to "hardcode" the requests so
that the JNDI lookups are no longer necessary and the security gap is closed
?

I'm very interested in your opinion about all that.
Thank you for your advices in advance.

Greetings
Sezer
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top