tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: Securing servlets in an application
Date Mon, 21 Oct 2002 16:14:01 GMT


Lior Shliechkorn wrote:

>function SetDomain(d) { document.domain = d; }Hi,
>
>I need help in adding some extra security to the login servlet for my application. I wanted
to know how I can secure servlets without having to declare realms in Tomcat. I have a login
page that posts to a servlet, and I want to make that servlet secure?  The checking for user
and password is performed by a database, and from what I understood realms that are created
prompt a user for information once entering a secure area. Where can I read more information
about security, and what suggestions might you have for me to implement.
>
>Thanks
>  
>
First, I recommend you run Tomcat with the SecurityManager:

http://jakarta.apache.org/tomcat/tomcat-4.1-doc/security-manager-howto.html

Second, you can certainly use a secure transport when interacting with 
your Servlet:

see Servlet 2.4 section SRV.12.8 Specifying Security Constraint.

-- Jeanfrancois


>
>
>---------------------------------
>Do you Yahoo!?
>Y! Web Hosting - Let the expert host your web site
>  
>


--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message