Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

secure- login approach

 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

please suggest some inputs for developing a good Login module in a web application

for example-

1) how to maintain session identity.
2.) how to pass data from login to db for uname/pswd validation
3.) how to keep data secure from hacking

and so on..


Thanks,
Neeraj.


 
Nishan Patel
Ranch Hand
Posts: 689
Eclipse IDE Java Scala
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

In general login module you don't have to do more. First get user name and password from your login page and make one select query with that user name and password.

If you are getting result from the database then user registered with your application.

Now you just have to registered session with user object. That session identify with user trough out you application.

If you want to make login process still secure then you Https instead of Http. That is the normal process for login.

 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Make sure to store passwords hashed/digested in the database, not as cleartext. That way they can't get stolen.
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your inputs.

It wil be a help if more advanced feature like session time out, user being not allowed to login from 2 different m/c, counting the number of active session etc can also be provided.

similar guidelines which are followed in big ecommerce banking applications for login procedure for authentication, authorization, secure coding etc..


Thanks,
Neeraj.
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
please guide or help to move my thread to a different group like design patterns on the site. I am unable to find an appropriate group in for posting my query.

Thanks,
Neeraj.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your question is very generic, and would take a book to answer comprehensively. But since you know a lot of the things that you intend to do (like authentication, authorization, etc.), what keeps you from implementing them? Have you worked on web apps before, and are familiar with form processing, sessions, database storage etc.? How about SSL, encryption in general, XSS and SQL injection?

Some reading material to get you started on web app security matters can be found at http://faq.javaranch.com/java/SecurityFaq#web-apps
 
Neeraj Vij
Ranch Hand
Posts: 315
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks a ton Ulf for giving the link.

I wanted the main or very important things one need to keep in mind while implementing authentication, authorization etc.

I have worked on web application. I have knowledge of "form processing, sessions, database storage, SSL, encryption in general, XSS and SQL injection"


But now I need to work on making secure web application. So I was looking for some basics points to keep in mind to prevent session hijack, secure authentication etc.

This is the site which I always put my queries for guidance and then google for more details.

Regards,
Neeraj.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic