Your web app is in danger. Trouble lurks in every corner of the network, as crackers, scammers, and criminals try to break into your system to steal, take advantage, or just have a little fun with your site. You don’t want the Bad Guys listening in to your online store transactions, picking off credit card numbers. You don’t want the Bad Guys convincing your server that they’re actually the Special Customers Who Get Big Discounts. And you don’t want anyone (good OR bad) looking at sensitive employee data. Does Jim in marketing really need to know that Lisa in engineering makes three times as much as he does? And do you really want Jim to take matters into his own hands and login (unauthorized) to the UpdatePayroll servlet?
Web Application Security
Based on the servlet specification, compare and contrast the following security issues: (a) authentication, (b) authorization, (c) data integrity, and (d) confidentiality.
In the deployment descriptor, declare the following: a security constraint, a Web resource, the transport guarantee, the login configuration, and a security role.
Given an authentication type (BASIC, DIGEST, FORM, and CLIENT-CERT), describe its mechanism.
All of the objectives in this section are covered completely in this chapter, including security-related DD elements that were NOT ...