how to make a secured application

G

gk

How to make a secured application ?

i have a login.jsp which acepts userid,password and goes to the DB,
verify it and puts a welcome page.

I want to make this application secured.

i have deployed it in tomcat.

in order to make this application secured what are the steps to be
followed ?

i have this :

login.jsp==>uid,pass==>goes to servlet===> goes to
DB===>verify===>success/failure==>welcome/login again.


Question : what are the changes i have to make to make this
application secured ?

Question : do i have to change any configauration in the tomcat ?
 
C

Chris Smith

gk said:
How to make a secured application ?

i have a login.jsp which acepts userid,password and goes to the DB,
verify it and puts a welcome page.

I want to make this application secured.
Click to expand...

Please define what you mean by "secured". Do you mean that you want to
place it behind SSL/HTTPS?

--
www.designacourse.com
The Easiest Way To Train Anyone... Anywhere.

Chris Smith - Lead Software Developer/Technical Trainer
MindIQ Corporation
 
O

Oliver Wong

Chris Smith said:
Please define what you mean by "secured". Do you mean that you want to
place it behind SSL/HTTPS?
Click to expand...

Didn't see the original post, but assuming the OP just wants some
general guidelines on making his/her webapp secure...

I read somewhere that the number one most common vulnerability of web
applications is SQL query injection. If you don't know what that term means,
you should probably look it up, and check that your app is not vulnerable.

- Oliver
 
J

Juha Laiho

gk said:
How to make a secured application ?
Click to expand...

As others have countered, please define "secured".
i have a login.jsp which acepts userid,password and goes to the DB,
verify it and puts a welcome page.

I want to make this application secured.
Click to expand...

.... perhaps meaning that the other pages are not accessible
for nonauthenticated users?

If so, please read the documents
- http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html
- chapter SRV.12 (Security) in Java servlet specification, available from
http://www.jcp.org/aboutJava/communityprocess/final/jsr053/
.... and use what the servlet environment provides, instead of rolling
your own.
 
G

gk

Please define what you mean by "secured". Do you mean that you want to
place it behind SSL/HTTPS?
Click to expand...

Yes.....absolutely correct. i want it behind SSL/HTTPS.

i am not worried about SQL injection or other kind of vulnerability. i
can defend those.

but my concern is , how could i place my application behind SSL/HTTPS.


right now, login page calls a servlet and the servlet forwards a
welcome page upon verification on the DB side.


in this artitecture, what changes i have to do, so that my application
is placed behind SSL/HTTPS ?

thank you
 
D

Dag Sunde

gk said:
Yes.....absolutely correct. i want it behind SSL/HTTPS.

i am not worried about SQL injection or other kind of vulnerability. i
can defend those.

but my concern is , how could i place my application behind SSL/HTTPS.


right now, login page calls a servlet and the servlet forwards a
welcome page upon verification on the DB side.


in this artitecture, what changes i have to do, so that my application
is placed behind SSL/HTTPS ?
Click to expand...

A web-app/servlets?

You don't need to change anything in your code at all!

That is a question of setting up and configuring your
web server/servlet container ty use ssl...
 
G

gk

A web-app/servlets?

yes....its a JSP+ servlet application.


You don't need to change anything in your code at all!

That is a question of setting up and configuring your
web server/servlet container ty use ssl...
Click to expand...


what ? try use with what ?

1) is it possible in Tomcat ?


Do you use yahoo mail....you might see, when you log in....the url in
the address bar changes to https://.....that means they have made
their site behind a SSL.

How they do it ? who is responsible for this ?

what code i should add in my program ?

what changes i have to do in the servlet container (in TOMCAT)


will you please answer these questions ?

thank you
 
D

Dag Sunde

gk said:
yes....its a JSP+ servlet application.





what ? try use with what ?
Click to expand...

not try, but to...

If you run tomcat behind Apache, it is enough to configure
Apache to use SSL. If you use Tomcat standalone, you must
configure Tomcat to use ssl.
1) is it possible in Tomcat ?


Do you use yahoo mail....you might see, when you log in....the url in
the address bar changes to https://.....that means they have made
their site behind a SSL.

How they do it ? who is responsible for this ?
Click to expand...

The webserver
what code i should add in my program ?
Nothing

what changes i have to do in the servlet container (in TOMCAT)
Click to expand...

Open your TomCat documentation, and click on the link called
"ssl-howto". On my computer, it is here:
C:\Tomcat.4.1\webapps\tomcat-docs\ssl-howto.html
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to make portfolio 0
How to effectively develop a web application from scratch? 0
Java Application 1
How to make a div select work? 5
How to make the tip of a QSlider in PySide2 look like a triangle? 1
I am trying to make an auto-play thing. How do I make it work? 5
How to make a fully functional deployable restaurant management system with c++? 0
How to specify a search query when I want to create an application in C++ with the option to open files? 0

Members online

Total: 20 (members: 1, guests: 19)
Robots: 111

Forum statistics

Threads
473,772
Messages
2,569,593
Members
45,111
Latest member
KetoBurn

Latest Threads

Top