security « Security « JSP-Servlet Q&A

1. Java webstart Security

What is the option in Java Webstart command line to skip the security check? This is for testing purposes only.

javaws myfile.jar

2. Alternate solution for RSA security ID

Do we have any alternate solution to replace RSA Security ID for the web-application developed in JAVA-Servlet? More Details: The Current application uses RSA Security ID for authentication. Now we are planning to ...

3. Security issue on web application using Firebug

I have developed a web application in JSP. I have many JavaScript validation for text validation in the JSP page. During the testing, I enabled Firebug in Firefox and cleared a ...

4. System.exit in servlet

What would happen if someone writes System.exit() in a servlet would the server or the application crash?

5. Is remote file execution attack possible in Java based web applications (servlet/java)?

Unless there is a programming error like executing commands that user supplies or there is service (a servlet or struts action or any thing) that retrieves a file whatever user passes ...

6. JSP Security

7. jsp security

9. Security issue with my javabean

10. Suggestions on security issues when using telnet

Hello Marty, I mean from the browser. I used "JSP" since I was handling login functions in the JSP. To rephrase the question, what would be the security issues when allowing a user to "telnet" to the webserver from the browser? I am trying to do this by an available telnet applet "JTA". Is this a good practice at all? I ...

11. Security

12. Urgent please -Security setting in Jsp

13. Implementing security

Hi all, Another design question. Assume I have a Security Bean which, among other duties, checks to see if a user is properly logged in on each page load. The user is modeled with an Employee object, within a WebEntity Bean. Now, if a user avoids the login page, and attempts to "cut and paste" a URL to go somewhere else ...

14. j_security_check question

15. Redicting with

16. jsp security plug-in

Hello everybody, I really really need some help regarding the security plug-ins at server side using jsp. I was told that, "using arrays at client side makes it very difficult to plug-in the security features at the server side". Also, what are the general plug-ins that are generally used at server side. Please, I really need some info ASAP. Please Please ...

17. j_security_check issue

Hi, I am using j_security_check for security. It is working as expected except for one small issue - Images I have on my login page are not displaying. Has anyone ever had this happen? I am thinking the reason might be that the images are being restricted. Any help would be appreciated! Thanks.

18. security in JSPs

19. security related

20. problem with j_security_check

hi all.. I have got Form base login in Tomcat 4 In order to encrypt the password, I take password in a index.jsp and modified it. then I have to send this user name & modified password to j_security_check without intimating user i.e. server side redirection......... can any body help me out.... thanks

21. A question about security

22. JSP security

23. application to application security

25. featchin security info. in jsp

26. how to maintain security in jsp

Welcome to JavaRanch. Is the requirement that view.jsp should only ever be accessed through login.jsp? Or that view.jsp should only be accessed after a user has logged in (i.e., possibly some time after visiting login.jsp)? If the former, you can set a request parameter for which you check in view.jsp. If it's missing, you redirect to login.jsp. If the latter, then ...

27. j_security_check

28. Security issues with JSPs

I'd like to know what your concerns are with JSP files. Seems like you're a little coy with components that the industry has wholeheartedly endorsed. Are you just worried about people seeing your scripts in your JSP? Are you worried about clients downloading your JSP files from the war? You can certainly secure JSPs in the same manner you secure Servlets ...

29. security Implementation

30. Security Problem with my app

Hi All, I am studying the security chapter on HFSJ, and trying to do a simple secured web app. Basically i have 2 jsp's constrained. So when i type the following I expect the login page to appear. But its not happening. 1. In browser I type http://localhost:8080/ari/welcome.jsp Result - HTTP Status 404 - /ari/welcome.jsp (Resource not available) I assure you ...

31. security in JSP

32. Security in JSP

33. problem with j_security_check

Hi This Tomcat thing is driving me insane, i don't know what else to do after exhausting the google database looking for an answer. I'm using Tomcat 6.0 with jre1.6.0 and mySQL 5.0. Everything was installed fine and the systems seem to communicate fine. I can execute java code in my JSP files with no problem. The problem is with my ...

34. jsp security

35. Servlet security and digital Certificates

Hello friends, I have just developed a small financial portal wherein the client wants additional security in terms of Digital Certificate and Https. Honestly, i haven`t got a clue about these things. Can someone help me providing me some links from where I can read \ download simple but detail tutorials on digital certificate \ Security \ HTTPS ..etc.Also if some ...

36. Security Issues in JSPs

When jsp's get compiled , is the service() method the only one that's generated ?? My doubt was can we not ensure that a jsp can be accessed only thru post method for security concerns. Secondly, If that's not possible why does not a jsp support a tag or smthg that allows the developer to specify the method thru which it ...

37. Implementing a security policy for JSPs

38. JSP source code security

39. Servlet Security

40. Servlet Security

41. MultiPartRequest Servlet & Security

42. Servlet Security

43. How about Servlet security?

45. security problem about servlet

46. Security in Servlet

47. Invoke servlet security flaw

48. servlet security

49. servlet security

50. Security Issue with Servlets and *.do

Hi. I have a webapplication that under its context has two diffenent maps, one is admin and the other one is user. I use an ActionRouter and has actions like The admin map is restricted area described in web.xml. You have to be in AdminRole to get access. My problem is that if I log in as user, I can ...

51. Servlet Security

I meant broad in the sense that without specific information there are too many things that could be going wrong. As a comparison, it would be like someone saying "this program won't work", without being able to investigate it, we can offer broad suggestions but no specific help. With regards to automated tools, I am not aware of any. My impression ...

52. call j_security_check from within a servlet

(Reply to David O'Meara) You are right. We did it in that way. The problem is when a user has just registered. In that case we don't want him to go to the login screen and type his password again. After the registration the user is directly forwarded to the protected area. Therefore our idea was to simulate the login screen ...

53. Servlets BASIC security question

55. Applying Security to Servlets

I am studying the security part of HFSJ. In that they have mapped the users in tomcat-users.xml to DD element in web.xml. I am wondering how can we add all the user id and their password in the tomcat-users.xml. whenever a new user is registering, we have to edit the tomcat-users.xml and restart the application will be painful. Although it ...

56. Aplication Servers and Row/Column level security

In oracle database there are three methods for implementing row/column level security : - views and access control over these views. - Virtual Private Database. - Oracle Label Security. But all of them use the user account utilized to logging into database. The context of my question is : user --> webServer --> EJBserver --> DataBase In a application server (oracleAS, ...

57. generating security tokens in servlets

59. How to implement j_security_check

60. Security in servlets

61. Security implementation in Servlet

62. j_security

Hey guys.. The Application i'm working on uses j_security for login. Now i have to implement a check instantly after login for various statuses (like, verify, deactivated, etc) and i don't have any idea how to do.. Do you know where the login itself is implemented when using j_security or how i could realize this feature?

63. Workin' with j_security_check

64. ACL Security

We implement a new Enterprise Application on EE6 and JSF2.0. Is there a good ACL security framework available which we can integrate in our application? Acegi looks good but we didnt use the Spring framework. Ive seen some other frameworks but nothing seems to fit our requirements. Perhaps there is another security mechanism we can use? Our security model uses roles. ...

65. Servlet security

66. Security Mechanism suggestion?

Here is the way how i would implement security in my application , I would love to hear your suggestions and feasibility of this approach All the secure pages will be in a folder say secure. so the tree looks like this |_login.jsp |_Secure |_secure_page1.jsp |_secure_page2.jsp Now the actual way things are going to work is , the user goes to ...

68. Security Issues

69. Servlet Security

Generally the trick is to use a ServletFilter. The filter is intercepts all transactions to protected pages. It checks the user is logged in (at the simplest, using login status stored in session attributes). If not the cleanest way is for the filter to throw a specific exception (which you should define yourself). You then configure the error pages facility in ...

70. Servlet security

Hi! I have the following questions: 1)How can I prevent someone from submitting POST/GET parameters to my servlet, from a different server? I mean, can I guarantee that the requests come only from the submits made in my jsp page? How? Would a solution based on the usage of the method javax.servlet.ServletRequest.getServerName() be reliable? 2)Does HTTPS protocol (SSL or TLS) guarantee ...