• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

Login System Question (somewhat advanced?)  RSS feed

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am a beginner in Java Web Application.

I am using JSP, Servlet, and Tomcat.

I made a login system using ajax. However I found out that the json/post message goes to the back end when people submit their username and passworod is exposed/unecrypted when analyzed via  Network Console (the stuff that tells you how many POST/GET requests you made)

So I realized that we need some kind of encryption, or security measures for this.

I am using bare tomcat/jsp/serlvet. Should I learn to use Spring or what are the list of things I need to do to secure this particular ajax communication.

I know I need SSL. But how do we ensure the ajax communication(POST) is secure in this case.

Thanks and love you all,
Eddy
 
Author and ninkuma
Marshal
Posts: 66806
168
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't need Spring to start using SSL.
 
Eddy Haryanto
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:You don't need Spring to start using SSL.



Hi Bear,

Thank you, and I appreciate the reply.

Other than SSL, do we need something like JWT to futher secure login system.

Thanks,
Ed
 
author & internet detective
Sheriff
Posts: 38569
659
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To get started, take a look at the Tomcat SSL page. Also, have you requested a SSL certificate yet?

Ajax doesn't do anything special to hide the password other than point to a valid https URL.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!