Designing a secure web application

Hi, I have just started out on jsp and servlet programming and currently am developing a web application for a friend of mine. I have successfully created a login form, a subscription form and a servlet to handle validation and database connections using Javabeans. I would like to get some suggestions on how to implement secure session tracking, since the database (mysql) has some sensitive information which must be viewed only by the administrator. I am using hidden fields to pass parameters and I read that this is not a good idea since these parameters can be viewed in the html source generated at the client. Can someone please explain to me which is the best to use for my sitiuation, session vars, hidden fields, url rewriting or cookies, and perhaps give me some ideas?

[789 byte] By [newtona] at [2007-11-26 20:28:20]

«« Replacing a JLabel
»» jsp, bean

# 1

First thought would be to use session attributes to store that info. Cookies can be viewed on the client and to secure them you would/should encrypt them. URL rewriting... dunno, AFAIK it's not meant to do that ;-)

benubacha at 2007-7-10 0:56:06 >

top of Java-index,Enterprise & Remote Computing,Web Tier APIs...

# 2

Hi,You can pass through the parameter by query encryption and decryption. It meant that you can pass through the param by encrypted it. While it reach to your back end codes, you may decrypted it back to the original text which are your demand. So it can be secure. Thanks.

ViQuEnYeEa at 2007-7-10 0:56:07 >

# 3

Thank you all, I will try to use encryption.

newtona at 2007-7-10 0:56:07 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Designing a secure web application

Enterprise & Remote Computing New Topic

Enterprise & Remote Computing Hot Topic

Enterprise & Remote Computing

All Classified