servlet, jsp, secure login

Thread view:

Ghost - 23 Jun 2005 19:43 GMT

I am trying to set up a secure website. Each page will require user
authentication. The majority of this website is written in servlets
and JSPs. I was wondering what the most secure approach would be.

If I use a login page, that login page will need to send the parameter
values: "name" and "password" over an HTTP request to a servlet that
would query a database to see if that user is a registerd user. This
does not seem very secure.

Is there a more secure way to do this? How secure is it to use web.xml
to store user names and passwords? Is it better to use a database to
store these values?

Any suggestions would be appreciated. Thanks in advance.

Reply to this Message

SMC - 23 Jun 2005 23:56 GMT

> I am trying to set up a secure website. Each page will require user
> authentication. The majority of this website is written in servlets and
[quoted text clipped - 4 lines]
> would query a database to see if that user is a registerd user. This
> does not seem very secure.

And you'd be right. Look up SSL. Practically all web/application servers
support it.

> Is there a more secure way to do this? How secure is it to use web.xml
> to store user names and passwords?

As secure as the system it resides on and as secure as the application
server that uses it.

From a design and maintenance perspective, not such a good idea IMHO.

> Is it better to use a database to
> store these values?

There are many solutions, this can be a good one.

Do some Googling.

Cheers

Signature

Sean

There's no place like 127.0.0.1

Reply to this Message

servlet, jsp, secure login

Free Magazines