Security In this chapter: HTTP Authentication
Security In this chapter: HTTP Authentication Digital Certificates Secure Sockets Layer (SSL) Running Servlets Securely So far we have imagined that our servlets exist in a perfect world, where everyone is trustworthy and nobody locks their doors at night. Sadly, that’s a 1950s fantasy world: the truth is that the Internet has its share of fiendish rogues. As companies place more and more emphasis on online commerce and begin to load their Intranets with sensitive information, security has become one of the most important topics in web programming. Security is the science of keeping sensitive information in the hands of authorized users. On the web, this boils down to three important issues: Authentication Being able to verify the identities of the parties involved Confidentiality Ensuring that only the parties involved can understand the communication Integrity Being able to verify that the content of the communication is not changed during transmission A client wants to be sure that it is talking to a legitimate server (authentication), and it also want to be sure that any information it transmits, such as credit card numbers, is not subject to eavesdropping (confidentiality). The server is also concerned with authentication and confidentiality. If a company is selling a service or providing sensitive information to its own employees, it has a vested interest in making sure that nobody but an authorized user can access it. And both sides need integrity to make sure that whatever information they send gets to the other party unaltered. Authentication, confidentiality, and integrity are all linked by digital certificate technology. Digital certificates allow web servers and clients to use advanced cryp tographic techniques to handle identification and encryption in a secure manner. Thanks to Java’s built-in support for digital certificates, servlets are an excellent platform for deploying secure web applications that use digital certificate technology. We’ll be taking a closer look at them later. Security is also about making sure that crackers can’t gain access to the sensitive data on your web server. Because Java was designed from the ground up as a secure, network-oriented language, it is possible to leverage the built-in security features and make sure that server add-ons from third parties are almost as safe as the ones you write yourself.
Note: If you are looking for good and high quality web space to host and run your java application check Vision java hosting services