开发者

Are servlets good to use for my websites login confirmation page?

开发者 https://www.devze.com 2023-03-14 08:00 出处:网络
I am creating a web site in which user will be registered and he/she will be redirected if he/she has account.
相关专题:securityservletstomcat

I am creating a web site in which user will be registered and he/she will be redirected if he/she has account.

So I was thinking to use servlet to link开发者_JAVA百科 form and database.

Is it safe to use from hacking.?

Which is the best language which has less chances to get hacked than servlets ?

Well I am quite exicited to create it but I really don't want hacking my site very easy task.

As long as you are using Java for web forms, at some point any framework you use is based on servlets. So if you use them properly, yes it is safe.

The main point to keep in mind to prevent cracking your authentication (if database based) is SQL injection. As long as you use Hibernate, JPA or prepared statements you should be safe.

If using Tomcat, you can also start with Tomcat native authentication.

Just like any other framework, it's reasonably safe from hacking and not totally immune. You will be vulnerable to:

  • mistakes in your code/logic;
  • vulnerabilities in Tomcat/your servlet runner as they are discovered;
  • vulnerabilities in the JVM as they are discovered;
  • vulnerabilities in the OS;
  • vulnerabilities in... well, you get the idea...

In other words, it's essentially not so different anything else you might decide to use (be it PHP etc). I personally prefer Java to e.g. PHP because I have more confidence that there isn't some random default setting that's going to put the app at risk. But that's also because I'm far more of an expert in Java than PHP-- "use the technology you know best" is also another strategy...

Main things to keep in mind, apart from keeping your infrastructure updated:

  • don't use "raw" SQL to access the DB: at least use prepared statements, and for good measure implement some sensible validation on user input;
  • look at the Servlet Session API;
  • you generally want to check the logged in user for every page request: not sure exactly what you meant by "redirection";
  • if possible, firewall off "raw" access to the database, so that only localhost/the app server (if hosting DB on a separate server-- guess you won't to start off with) can access your DB (if you need to access remotely, consider a VPN connection).

I also wouldn't necessarily just "dive in": have more of a read round the subject.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

关注公众号

热门标签

图文推荐

Delphi - Custom drawing a message list

Delphi - Custom drawing a message list
C++ header-only include pattern

C++ header-only include pattern
IE7 Margin Collapses Into Padding

IE7 Margin Collapses Into Padding
in CoffeeScript, how can I use a variable as a key in a hash?

in CoffeeScript, how can I use a variable as a key in a hash?
Interactive visualization of a graph in python [closed]

Interactive visualization of a graph in python [closed]
How to customise PHP MYSQL tables?

How to customise PHP MYSQL tables?
High quality, simple random password generator

High quality, simple random password generator
Image Recognition ApI in android

Image Recognition ApI in android

开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9