Best way to secure server
hi ! well my servlet app in done, but Im worried about security and how sensible data can be reached by people who shouldnt be accessing it.
So my question is, wich is the best way to ensure that the data will not be readed by someone else? I have crypted things like database fields, but Im interested in the data that is being handled by the server and the client and possible attacks.
All recomendations are welcome.
Thanks!
# 1
dunno if u did it but first thing to do is prevent sql injection ie forbiding usernames password and all other form feild or in fact any stringish data u accept form clients to start with unwanted chars like (' or " or ;) and end with things like sql comment mark (i think its --).
next thing that can come in handy is forbiding HttpSession to be created in all servlets exept in login servlet. this is done by:
HtttpSession session=request.getSession(false);
this disables HttpSession to be created but still making if avaliable if it is created some time earlier (depeniding on session-timout tag in web.xml, default is 10 or 30 minutes).
hope i helped
auZa at 2007-7-12 22:11:48 >
