Security Issues
·
Irrespective of how good your Servlet Engine is,
if your servlet program is not well written to handle security related aspects,
your application is exploited to damage
·
Session information can be retrieved using
'Cookies', 'URL Rewriting', 'Hidden
o Counterfeit
Session State Information: Change userld such details
o Logging
of Sensitive Information: Printing password such info in log ales
o Browser
Residue: Information related to the user's interaction with application is
stored in the browser's cache
·
Session information can be retrieved using
'Cookies', 'URL Rewriting', 'Hidden
o URL
Rewriting: Rewrite the URLs of the links of a web page
o Eg:
A link in page1 which redirects to page2 forms below url
§ http://currentaffairs2you.com/page2.jsp?username=Kiran&SessionId=201402
o Hidden
Fields: Contained in forms that are placed in a common frame of a frameset. A
Java script code at client side can easily read hidden field values
o Cookies:
Enable information to be stored in users' browser. Reading cookies file shows all
the information stored at client side
·
Avoiding above makes your program free from
security issues
