Win a copy of Hands On Software Engineering with Python this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Bear Bibeault
  • Knute Snortum
  • Liutauras Vilda
Sheriffs:
  • Tim Cooke
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Tim Moores
  • Frits Walraven
  • Ron McLeod
  • Ganesh Patekar
  • salvin francis
Bartenders:
  • Tim Holloway
  • Carey Brown
  • Stephan van Hulst

Login System Question (somewhat advanced?)  RSS feed

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am a beginner in Java Web Application.

I am using JSP, Servlet, and Tomcat.

I made a login system using ajax. However I found out that the json/post message goes to the back end when people submit their username and passworod is exposed/unecrypted when analyzed via  Network Console (the stuff that tells you how many POST/GET requests you made)

So I realized that we need some kind of encryption, or security measures for this.

I am using bare tomcat/jsp/serlvet. Should I learn to use Spring or what are the list of things I need to do to secure this particular ajax communication.

I know I need SSL. But how do we ensure the ajax communication(POST) is secure in this case.

Thanks and love you all,
Eddy
 
Marshal
Posts: 67192
169
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't need Spring to start using SSL.
 
Eddy Haryanto
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:You don't need Spring to start using SSL.



Hi Bear,

Thank you, and I appreciate the reply.

Other than SSL, do we need something like JWT to futher secure login system.

Thanks,
Ed
 
author & internet detective
Posts: 39054
714
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To get started, take a look at the Tomcat SSL page. Also, have you requested a SSL certificate yet?

Ajax doesn't do anything special to hide the password other than point to a valid https URL.
 
That feels good. Thanks. Here's a tiny ad:
RavenDB is an Open Source NoSQL Database that’s fully transactional (ACID) across your database
https://coderanch.com/t/704633/RavenDB-Open-Source-NoSQL-Database
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!