O'Reilly logo

Head First Servlets and JSP, 2nd Edition by Bert Bates, Bryan Basham, Kathy Sierra

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 12. Web App Security: Keep it secret, keep it safe

image with no caption

Your web app is in danger. Trouble lurks in every corner of the network, as crackers, scammers, and criminals try to break into your system to steal, take advantage, or just have a little fun with your site. You don’t want the Bad Guys listening in to your online store transactions, picking off credit card numbers. You don’t want the Bad Guys convincing your server that they’re actually the Special Customers Who Get Big Discounts. And you don’t want anyone (good OR bad) looking at sensitive employee data. Does Jim in marketing really need to know that Lisa in engineering makes three times as much as he does? And do you really want Jim to take matters into his own hands and login (unauthorized) to the UpdatePayroll servlet?

OBJECTIVES

Web Application Security

5.1

Based on the servlet specification, compare and contrast the following security issues: (a) authentication, (b) authorization, (c) data integrity, and (d) confidentiality.

5.2

In the deployment descriptor, declare the following: a security constraint, a Web resource, the transport guarantee, the login configuration, and a security role.

5.3

Given an authentication type (BASIC, DIGEST, FORM, and CLIENT-CERT), describe its mechanism.

Coverage Notes:

All of the objectives in this section are covered completely in this chapter, including security-related DD elements that were NOT ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required