Discussions

Web tier: servlets, JSP, Web frameworks: Security on Web.Needed Urgently

Bookmark and Share Get thread feed

  1. Security on Web.Needed Urgently (2 messages)

    • Posted by: vicky kak
    • Posted on: November 21 2001 06:03 EST
    Hi folks,
        I have been creating the web applications and I had never worked with the security and hope this query may be
     helpful to various developers.What is required is to send
     the data from the CLIENTS side to SERVER in the secure
     format.
       So as per the basics we require to send the coded data
      from the client side and the data reaching the server
      should be decoded.So what we require is some logic at
      the client side for generating the data to be send to
     server and the logic at serverside which will decode the
     encoded data.
      Considering the case where client is sending the credit
     card number 111 through the network.Since the number being
     the crucial data it should be sent in the encrypted format.
     Today if he is entering the account no as 111 it goes as
     76898909 and next time it goes as 89788887.So at the server
     side the eight digig number is fed to the logic which yields 111 all the times.The account number travelling through the network is different and will not be detected
     if properly implemented.This concept is enforcing your security.
       i also configured the JWS with https protocol and sent the request to https://localhost:7070/examples/jsp/login.jsp?account=111.
    Every time I am entering the account id the same format comes https://localhost:7070/examples/jsp/login.jsp?account=111. which I dant expect with https protocol.Does that mean the encryption of data not occuring at the client
     side?
      Please response in detail.
     regards vicky
    Reply to this

    Threaded Messages (2)

  2. Security on Web.Needed Urgently[ Go to top ]

    Hi Vicky, The data is being encrypted...its encrypted when it is sent through the network...but when it reaches its destination, it is decrypted...so that is the reason you are seeing the correct account number instead of the encrypted version. If u don't want even the user to see the Account info, u may have to do some other encryption ur self...hope this helps..
    Thanks,
    Uday
    Reply to this Reply to original

  3. Security on Web.Needed Urgently[ Go to top ]

    Hi Uday,
     That means the data which is displayed at the top of the
     browser shows the actual data reached to the server port,not the data going from the client side,Any way I
     constructed the applet doing the encryption of password
     and at the serverside the jsp is comparing the encrypted
     password with the encrypted format of the password which
     i get from the database.Is this level of security good
     enough to keep or should i go for the ssl.
     thanks
     regards vicky
    Reply to this Reply to original