Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How secure a Servlet is?

 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Can anyone tell me how secure a servlet is?
By that I mean that is it safe to send credit card numbers over the net to a servlet using html form or an applet?
Thanx in advance
[ July 06, 2002: Message edited by: Maki Jav ]
 
Randall Twede
Ranch Hand
Posts: 4442
3
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
servlets are neither secure or non-secure. it is the server that must be secure. that means SSI (secure socket layer) which encripts the info, and a digital signature (like verisign) proving the site is a real company.
sorry SSL not SSI
[ July 06, 2002: Message edited by: Randall Twede ]
 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What about "rumours" we hear that hackers can get card numbers from the servers, located on the way to the server, they are intended to go to.
What about the https protocol?
Thanx for your answer in advance
 
Randall Twede
Ranch Hand
Posts: 4442
3
Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i have heard that the 128-bit encription used is virtually impossible to crack. to learn more, try searching Google for SSL
 
chanoch wiggers
Author
Ranch Hand
Posts: 245
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
servlets arent secure at all - as was said, its the server that has to be secure. When people hack into a machine, they are often using well known weaknesses in the server rather than in the application, although any ASP 3 application is also itself very vulnerable to SQL attack.
When you have heard of people hacking into a server to get credit cards, this is often buffer overflow attacks in IIS and Apache - although the New York Times seems to manage to get compromised via its CMS every time.
As far as securing servlets is concerned, you can specify in web.xml that the conversation with the user should be secure which will usually mandate SSL sockets
have a look around for security in J2EE
 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanx alot folks for your help.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic