Denis Pilupchuk looks at the problems of the Java permissions model and considers some alternatives.
Eric Speigelberg shows how to use JSTL's URL encoding and a servlet filter to obfuscate or even encode parameters in each direction to thwart parameter-hacking.
The all-Java database JavaDB is known for its embeddability, but what about security? Can you put it out there for enterprise applications and keep data safe? Masoud Kalali shows the steps you can take to secure your JavaDB data.
JAAS' limitations and assumptions have made it difficult to integrate with other enterprise technologies. However, by exposing it as a service, you can rely on JAAS in your SOA. Denis Pilipchuk shows how it's done.
Denis Pilipchuk looks at JAAS' incomplete integration with Java EE And SOA, and assesses future directions for JAAS.
Zarar Siddiqi shows how to instrument your web application for remote monitoring with a variety of JMX tools.
Stephen Enright shows strategies of server-side input validation to prevent attackers from gaining unintended access to your web application and its back end.
Want to support login and controlled access to your JSPs? LDAP is great, but configuring OpenLDAP for use with Tomcat is not straightforward. In this article, Darren Duke shows you how to bring the two together.
This article considers
code obfuscation for what it is: an attempt to make the bad guy's
job harder. If you lock your front door at night, you agree. That lock
won't stop even a slightly determined person--yet you do it. Why?
Because it stops some professionals and sends some to easier targets.
If you have code to protect (not everyone does), obfuscating it is
a cheap, fast step...
In this excerpt from his book <i>J2EE Security: For Servlets, EJBs, and Web Services</i>, author Pankaj Kumar describes Java APIs for securing items that are sent over the network where others may be snooping.