servlet, jsp, secure login

Discussion in 'Java' started by Ghost, Jun 23, 2005.

  1. Ghost

    Ghost Guest

    I am trying to set up a secure website. Each page will require user
    authentication. The majority of this website is written in servlets
    and JSPs. I was wondering what the most secure approach would be.

    If I use a login page, that login page will need to send the parameter
    values: "name" and "password" over an HTTP request to a servlet that
    would query a database to see if that user is a registerd user. This
    does not seem very secure.

    Is there a more secure way to do this? How secure is it to use web.xml
    to store user names and passwords? Is it better to use a database to
    store these values?

    Any suggestions would be appreciated. Thanks in advance.
    Ghost, Jun 23, 2005
    #1
    1. Advertising

  2. Ghost

    SMC Guest

    On Fri, 24 Jun 2005 04:43:27 +1000, Ghost wrote:

    > I am trying to set up a secure website. Each page will require user
    > authentication. The majority of this website is written in servlets and
    > JSPs. I was wondering what the most secure approach would be.
    >
    > If I use a login page, that login page will need to send the parameter
    > values: "name" and "password" over an HTTP request to a servlet that
    > would query a database to see if that user is a registerd user. This
    > does not seem very secure.


    And you'd be right. Look up SSL. Practically all web/application servers
    support it.

    > Is there a more secure way to do this? How secure is it to use web.xml
    > to store user names and passwords?


    As secure as the system it resides on and as secure as the application
    server that uses it.

    From a design and maintenance perspective, not such a good idea IMHO.

    > Is it better to use a database to
    > store these values?


    There are many solutions, this can be a good one.

    Do some Googling.

    Cheers
    --
    Sean

    There's no place like 127.0.0.1
    SMC, Jun 23, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,425
    Teemu Keiski
    Jun 8, 2004
  2. Mladen Adamovic
    Replies:
    3
    Views:
    4,148
    Mladen Adamovic
    Nov 16, 2003
  3. circuit_breaker
    Replies:
    2
    Views:
    1,989
    Jack Jia
    Apr 4, 2004
  4. javadev
    Replies:
    5
    Views:
    12,870
    javadev
    Nov 16, 2006
  5. Replies:
    4
    Views:
    770
Loading...

Share This Page