Security in Java EE Application with JBoss

Question

Security in Java EE Application with JBoss

What are the main and obvious security considerations and best practices in a Java EE web application?

0

Fernando briano 04 dec. '08 at 18:14

2 answers

Don't trust anyone outside of your control. The main, most important aspect of this: Don't believe that the input for your POST / GET handlers comes from the forms you design.

Confirm all client input, especially before using it to interact with SQL, HQL, other external data sources, or the command line.

+1

Steve Dec 16 '08 at 3:31

source to share

Loki · Accepted Answer · 2008-12-04T20:30:23+0000

Use HTTPS
Use Jasypt to simplify some things.
Restrict external access point.
Make sure you don't have a single point of failure.
Make sure the communication channels are properly secured when needed.
Safe access to components by whitelisting (grant access instead of removing access).
Make sure the state is saved on the server side.
Test test test ...
Keep updating security vulnerabilities .
The rest is good design.

Security in Java EE Application with JBoss

More articles: