• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

is my application secure enough???

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
Mouadh
Just Arrived
Just Arrived


Joined: 09 Aug 2010
Posts: 0


Offline

PostPosted: Mon Aug 09, 2010 12:03 pm    Post subject: is my application secure enough??? Reply with quote

i have came so far developing my first project using primefaces but i didn't though about securing it. so i have done some search about the available solution like acegi, then i though about implementing my own security solution:
the authentication is done via a simple authentication dialog with login and password (am using for this a bean called connexionBean which store whether the authentication has succeeded or not).
for the authorization part, i add a filter which intercept any request and check the connexionBean related to the session and redirect the request when the client isn't authenticated.
so, is my solution is enough or it can breached???
Back to top
View user's profile Send private message
CoreDefend
Forum Fanatic
Forum Fanatic


Joined: 25 May 2010
Posts: 16777215
Location: USA

Offline

PostPosted: Tue Aug 10, 2010 4:22 pm    Post subject: Reply with quote

Within your java bean, are you storing your login credentials within a database?

If so, you might be vulnerable to SQL injection attacks. Make sure you sanitize all user input.

Also, have you configured account lockouts for multiple unsuccessful login attempts.

There are many things to consider when assessing your application's security.

PM me if you wish to discuss further.
Back to top
View user's profile Send private message Visit poster's website
Mouadh
Just Arrived
Just Arrived


Joined: 09 Aug 2010
Posts: 0


Offline

PostPosted: Wed Aug 11, 2010 9:49 am    Post subject: Reply with quote

thanks for replying, i have already sanitized my inputs for SQL injection, i think that i still have to lock accounts for multiple unsuccessful login attempts, that didn't came to my mind.
Back to top
View user's profile Send private message
Boerniko
Just Arrived
Just Arrived


Joined: 04 Nov 2010
Posts: 0


Offline

PostPosted: Wed Nov 17, 2010 4:26 pm    Post subject: Reply with quote

@coredefend wow that's cool. can i ask help also? like simple pc errors
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter