Win a copy of Production-Ready Serverless (Operational Best Practices) this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Junilu Lacar
  • Paul Clapham
  • Knute Snortum
Saloon Keepers:
  • Stephan van Hulst
  • Ron McLeod
  • Tim Moores
  • salvin francis
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Vijitha Kumara

Login System Question (somewhat advanced?)  RSS feed

 
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am a beginner in Java Web Application.

I am using JSP, Servlet, and Tomcat.

I made a login system using ajax. However I found out that the json/post message goes to the back end when people submit their username and passworod is exposed/unecrypted when analyzed via  Network Console (the stuff that tells you how many POST/GET requests you made)

So I realized that we need some kind of encryption, or security measures for this.

I am using bare tomcat/jsp/serlvet. Should I learn to use Spring or what are the list of things I need to do to secure this particular ajax communication.

I know I need SSL. But how do we ensure the ajax communication(POST) is secure in this case.

Thanks and love you all,
Eddy
 
Marshal
Posts: 67254
170
IntelliJ IDE Java jQuery Mac Mac OS X
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You don't need Spring to start using SSL.
 
Eddy Haryanto
Greenhorn
Posts: 6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:You don't need Spring to start using SSL.



Hi Bear,

Thank you, and I appreciate the reply.

Other than SSL, do we need something like JWT to futher secure login system.

Thanks,
Ed
 
author & internet detective
Posts: 39195
725
Eclipse IDE Java VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To get started, take a look at the Tomcat SSL page. Also, have you requested a SSL certificate yet?

Ajax doesn't do anything special to hide the password other than point to a valid https URL.
 
Do not set lab on fire. Or this tiny ad:
global solutions you can do in your home or backyard
https://coderanch.com/t/708587/global-solutions-home-backyard
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!