Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

JSP and secure servers

  • 05-02-2005 6:53pm
    #1
    Closed Accounts Posts: 658 ✭✭✭


    Hi

    I have a website that includes a feature whereby users can register themselves and sign in. When they register, their details are stored in a mysql database, and when they login their details are retrieved and shown to them. This is all done using JSP. Is there anyway I can make this more secure without having to alter the code too much ? For instance, will it suffice to put the jsp files and the class files i use on a secure server ?

    Here is an example

    from -> http://localhost:8080/example_site/jsp/add_user.jsp

    to

    https://localhost:8080/example_site/jsp/add_user.jsp

    I am using the tomcat engine as my jsp server.

    Thanks for your help in advance


Comments

  • Closed Accounts Posts: 209 ✭✭flangeman


    hiya,
    do you have apache in front of Tomcat or just Tomcat?

    Normally only the sensitive transaction is put over a secure connection i.e. the logon and then transported back to unsecure.

    You will have to have two different listeners (ports with a web server listening on them) to achieve this.

    Most important thing is that a browser (well 99%) of them will look for SSL (secure) on the port you tell it (in your example thats 8080), but if you don't specify the port it will default to 443. So put a secure server on that port.

    Have a look at this HOWTO Tomcat SSL Configuration

    8080 is normally for admin purposes, to clean things up create another listener on 80 and 443. Dump the code on 443, I have a pretty cool tight we html code that can do the redirect on 80 for you. That way you don't have to have the 'orrible :8080 at the end of your urls.


  • Closed Accounts Posts: 658 ✭✭✭pontovic


    Thanks flangeman.

    I have just Tomcat installed at the moment. Im in the process of developing a site for somebody and I want to implement it on my local development machine before sending the lot over to a web host. The site will also include credit card management, and thats the part I need to make secure. I have had my client setup a merchant account, and I have been talking to realex payments about handling credit card transactions. Im not using Servlets at all, only JSP.

    Thanks anyway for all your help.


Advertisement