• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

how can we secure our application server and DB server

 
Ranch Hand
Posts: 66
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear All,
We are working on a Online Payment Transactions system , we are developing it in JSP , struts , beans and servlets , our end database is SYBASE and our server is WebSphere , our whole product is complete and we are about to launch it , I have two questions :

1- How can we make our server (WebSphere) secure so that the end users using our web application cannot access it , if some haker kind of user attempts to access our server , what security frameworks , security mechanisms are available for online web servers which we should adopt or integrate in our application to make our server more and more secure , if know about some industry standard security frameworks or techniques which are being used by banks or financial institutes than please suggest.

2- Same is the question for out DB Server that how can we make it secure so that no end user can access , what can be possiable security threats for a DB server of web applications and how can we minimize these threats , are there any security frameworks or techniques available , please suggest.

Your prompt response would be highly appreciated.

Regards,
Bilal.
 
Rancher
Posts: 4803
7
Mac OS X VI Editor Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I think its way too late to suddenly decide that security is a requirement. Proper, professional security had to be built in, not slapped on at the end.

Its fairly easy to add some firewall and other ideas so that its hard to get into your site. But systems protected solely by firewalls are considered "hard on on the outside and soft and chewy on the inside' because once the bad guy gets into the system, often there is nothing else to protect your site.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

I think its way too late to suddenly decide that security is a requirement. Proper, professional security had to be built in, not slapped on at the end.


+1

Considering that the system will handle payments, it's likely that its release will need to be postponed by a significant amount of time whilst security features are added to its architecture, design and implementation.
 
Ranch Hand
Posts: 603
Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can you let me know which would be the Feasible Security Implementation in this regard.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's impossible to say in general without knowing the specifics of the application and the possible threats to it. Reading through the SecurityFaq will give you some appreciation for what's involved in securing a system. (It also has a link to Schneier's book Secrets & Lies that is recommend reading, IMO.)
 
This one time, at bandcamp, I had relations with a tiny ad.
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic