• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

web app security how to?

 
Hengki Widjaja
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm building a java web app. I'm still struggling with security issues. I've read somewhere that I just need to use https for all requests since nowadays it doesn't consume much resources as it used to be (says google). Is this true? I want to guard my req and resp from being read by eavesdropper. I'm thinking that encryption alone will do the trick. It might not stop the eavesdropper from intercepting my req and resp, but at least they won't understand the content. Is this true? or are there other things in this security equation? and how do I achieve this encryption? I mean encryption in server side is easy, but how does the client side(browser) decrypt? using script? if so, wouldn't others be able to download and analyze the script to break the encryption technique? need enlightment here. thanks
 
Tim Moores
Bartender
Posts: 2946
46
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There are no scripts involved. If the site is set up for HTTPS, then the browser does all the work. There's lots more involved in web app security, though; some useful starting points can be found at http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic