Java Web Programming with Eclipse contents
Last modified February 13, 2009 05:40 pm
Web Application Security (continued)
Web applications are made secure in the following ways:
- The environment in which the web application executes is made secure.
This is sometimes referred to as hardening the system.
(This is a system administration topic and is not covered in this book.)
- HTTP exchanges between browser and server take place within the SSL/TLS communications protocol.
(The combined use of both protocols is referred to as HTTPS.)
- Users identify themselves to the application by submitting a username and password;
the server identifies itself to connecting browsers with the use of the public key infrastructure (PKI).
These two procedures are referred to as user authentication and server authentication, respectively.
- Authorization to access web application resources (identified by the resource component of the URL)
is enforced according to a security policy.
- Data submitted into the web application from connecting clients is validated before being accepted.
The list presented above is the foundation of web application security; however, it does not cover all security concerns.
For a more complete list of issues and measures to take, consult other sources.
Copyright 2007-2009 David Turner and Jinseok Chae. All rights reserved.