security « Security « JSP-Servlet Q&A





1. Java webstart Security    stackoverflow.com

What is the option in Java Webstart command line to skip the security check? This is for testing purposes only.

javaws myfile.jar

2. Alternate solution for RSA security ID    stackoverflow.com

Do we have any alternate solution to replace RSA Security ID for the web-application developed in JAVA-Servlet? More Details: The Current application uses RSA Security ID for authentication. Now we are planning to ...

3. Security issue on web application using Firebug    stackoverflow.com

I have developed a web application in JSP. I have many JavaScript validation for text validation in the JSP page. During the testing, I enabled Firebug in Firefox and cleared a ...

4. System.exit in servlet    stackoverflow.com

What would happen if someone writes System.exit() in a servlet would the server or the application crash?

5. Is remote file execution attack possible in Java based web applications (servlet/java)?    stackoverflow.com

Unless there is a programming error like executing commands that user supplies or there is service (a servlet or struts action or any thing) that retrieves a file whatever user passes ...

6. JSP Security    coderanch.com

7. jsp security    coderanch.com

9. Security issue with my javabean    coderanch.com





10. Suggestions on security issues when using telnet    coderanch.com

Hello Marty, I mean from the browser. I used "JSP" since I was handling login functions in the JSP. To rephrase the question, what would be the security issues when allowing a user to "telnet" to the webserver from the browser? I am trying to do this by an available telnet applet "JTA". Is this a good practice at all? I ...

11. Security    coderanch.com

12. Urgent please -Security setting in Jsp    coderanch.com

13. Implementing security    coderanch.com

Hi all, Another design question. Assume I have a Security Bean which, among other duties, checks to see if a user is properly logged in on each page load. The user is modeled with an Employee object, within a WebEntity Bean. Now, if a user avoids the login page, and attempts to "cut and paste" a URL to go somewhere else ...

14. j_security_check question    coderanch.com

15. Redicting with java.security.Principal    coderanch.com

16. jsp security plug-in    coderanch.com

Hello everybody, I really really need some help regarding the security plug-ins at server side using jsp. I was told that, "using arrays at client side makes it very difficult to plug-in the security features at the server side". Also, what are the general plug-ins that are generally used at server side. Please, I really need some info ASAP. Please Please ...





17. j_security_check issue    coderanch.com

Hi, I am using j_security_check for security. It is working as expected except for one small issue - Images I have on my login page are not displaying. Has anyone ever had this happen? I am thinking the reason might be that the images are being restricted. Any help would be appreciated! Thanks.

18. security in JSPs    coderanch.com

19. security related    coderanch.com

20. problem with j_security_check    coderanch.com

hi all.. I have got Form base login in Tomcat 4 In order to encrypt the password, I take password in a index.jsp and modified it. then I have to send this user name & modified password to j_security_check without intimating user i.e. server side redirection......... can any body help me out.... thanks

21. A question about security    coderanch.com

22. JSP security    coderanch.com

23. application to application security    coderanch.com

25. featchin security info. in jsp    coderanch.com

26. how to maintain security in jsp    coderanch.com

Welcome to JavaRanch. Is the requirement that view.jsp should only ever be accessed through login.jsp? Or that view.jsp should only be accessed after a user has logged in (i.e., possibly some time after visiting login.jsp)? If the former, you can set a request parameter for which you check in view.jsp. If it's missing, you redirect to login.jsp. If the latter, then ...

27. j_security_check    coderanch.com

28. Security issues with JSPs    coderanch.com

I'd like to know what your concerns are with JSP files. Seems like you're a little coy with components that the industry has wholeheartedly endorsed. Are you just worried about people seeing your scripts in your JSP? Are you worried about clients downloading your JSP files from the war? You can certainly secure JSPs in the same manner you secure Servlets ...

29. security Implementation    coderanch.com

30. Security Problem with my app    coderanch.com

Hi All, I am studying the security chapter on HFSJ, and trying to do a simple secured web app. Basically i have 2 jsp's constrained. So when i type the following I expect the login page to appear. But its not happening. 1. In browser I type http://localhost:8080/ari/welcome.jsp Result - HTTP Status 404 - /ari/welcome.jsp (Resource not available) I assure you ...

31. security in JSP    coderanch.com

32. Security in JSP    coderanch.com

33. problem with j_security_check    coderanch.com

Hi This Tomcat thing is driving me insane, i don't know what else to do after exhausting the google database looking for an answer. I'm using Tomcat 6.0 with jre1.6.0 and mySQL 5.0. Everything was installed fine and the systems seem to communicate fine. I can execute java code in my JSP files with no problem. The problem is with my ...

34. jsp security    coderanch.com

35. Servlet security and digital Certificates    coderanch.com

Hello friends, I have just developed a small financial portal wherein the client wants additional security in terms of Digital Certificate and Https. Honestly, i haven`t got a clue about these things. Can someone help me providing me some links from where I can read \ download simple but detail tutorials on digital certificate \ Security \ HTTPS ..etc.Also if some ...

36. Security Issues in JSPs    coderanch.com

When jsp's get compiled , is the service() method the only one that's generated ?? My doubt was can we not ensure that a jsp can be accessed only thru post method for security concerns. Secondly, If that's not possible why does not a jsp support a tag or smthg that allows the developer to specify the method thru which it ...

37. Implementing a security policy for JSPs    coderanch.com

38. JSP source code security    coderanch.com

39. Servlet Security    coderanch.com

40. Servlet Security    coderanch.com

41. MultiPartRequest Servlet & Security    coderanch.com

42. Servlet Security    coderanch.com

43. How about Servlet security?    coderanch.com

45. security problem about servlet    coderanch.com

46. Security in Servlet    coderanch.com

47. Invoke servlet security flaw    coderanch.com

48. servlet security    coderanch.com

49. servlet security    coderanch.com

50. Security Issue with Servlets and *.do    coderanch.com

Hi. I have a webapplication that under its context has two diffenent maps, one is admin and the other one is user. I use an ActionRouter and has actions like list-clients.do. The admin map is restricted area described in web.xml. You have to be in AdminRole to get access. My problem is that if I log in as user, I can ...

51. Servlet Security    coderanch.com

I meant broad in the sense that without specific information there are too many things that could be going wrong. As a comparison, it would be like someone saying "this program won't work", without being able to investigate it, we can offer broad suggestions but no specific help. With regards to automated tools, I am not aware of any. My impression ...

52. call j_security_check from within a servlet    coderanch.com

(Reply to David O'Meara) You are right. We did it in that way. The problem is when a user has just registered. In that case we don't want him to go to the login screen and type his password again. After the registration the user is directly forwarded to the protected area. Therefore our idea was to simulate the login screen ...

53. Servlets BASIC security question    coderanch.com

55. Applying Security to Servlets    coderanch.com

I am studying the security part of HFSJ. In that they have mapped the users in tomcat-users.xml to DD element in web.xml. I am wondering how can we add all the user id and their password in the tomcat-users.xml. whenever a new user is registering, we have to edit the tomcat-users.xml and restart the application will be painful. Although it ...

56. Aplication Servers and Row/Column level security    coderanch.com

In oracle database there are three methods for implementing row/column level security : - views and access control over these views. - Virtual Private Database. - Oracle Label Security. But all of them use the user account utilized to logging into database. The context of my question is : user --> webServer --> EJBserver --> DataBase In a application server (oracleAS, ...

57. generating security tokens in servlets    coderanch.com

59. How to implement j_security_check    coderanch.com

60. Security in servlets    coderanch.com

61. Security implementation in Servlet    coderanch.com

62. j_security    coderanch.com

Hey guys.. The Application i'm working on uses j_security for login. Now i have to implement a check instantly after login for various statuses (like, verify, deactivated, etc) and i don't have any idea how to do.. Do you know where the login itself is implemented when using j_security or how i could realize this feature?

63. Workin' with j_security_check    coderanch.com

64. ACL Security    coderanch.com

We implement a new Enterprise Application on EE6 and JSF2.0. Is there a good ACL security framework available which we can integrate in our application? Acegi looks good but we didnt use the Spring framework. Ive seen some other frameworks but nothing seems to fit our requirements. Perhaps there is another security mechanism we can use? Our security model uses roles. ...

65. Servlet security    coderanch.com

66. Security Mechanism suggestion?    coderanch.com

Here is the way how i would implement security in my application , I would love to hear your suggestions and feasibility of this approach All the secure pages will be in a folder say secure. so the tree looks like this |_login.jsp |_Secure |_secure_page1.jsp |_secure_page2.jsp Now the actual way things are going to work is , the user goes to ...

68. Security Issues    java-forums.org

69. Servlet Security    forums.oracle.com

Generally the trick is to use a ServletFilter. The filter is intercepts all transactions to protected pages. It checks the user is logged in (at the simplest, using login status stored in session attributes). If not the cleanest way is for the filter to throw a specific exception (which you should define yourself). You then configure the error pages facility in ...

70. Servlet security    forums.oracle.com

Hi! I have the following questions: 1)How can I prevent someone from submitting POST/GET parameters to my servlet, from a different server? I mean, can I guarantee that the requests come only from the submits made in my jsp page? How? Would a solution based on the usage of the method javax.servlet.ServletRequest.getServerName() be reliable? 2)Does HTTPS protocol (SSL or TLS) guarantee ...