220 Security in web application Advanced java Servlet programming tutorial | Advanced java Servlet

Published: 05 June 2020
on channel: tech fort
991
12

#Security in web-application: What is security?
Ans : Security refers to protection from hostile forces.
freedom from anxiety, potential harm, caused by others.
phenomeno vulnerable to unwanted change.

Security of two types/levels:

1) Network Level Security : (Will be taken care by Network Administrator)

2) Application Level Security : (Will be taken care by Programmer/Developer)

Application security = Authentication + Authorization

Checking the identity of a user is called "Authentication".

Checking the access permission of user to access certain resources is called "Authorization".

Every bank employee must be authenticated to use banking application/software.

But only certain employees are authorized to use "loan" module of the bank aplication/software project.

Application level security also covers data integrity and data privacy.

Data Integrity: Not allowing data tampering(Not allowing to change 10000.Rs to 1000000.Rs). That means it should not allow over the network.

Data Privacy: Data should not be visible to others(unauthorized).(Like hackers) when travelling over the network.

There are two types of Application level security:
--------------------------------------------------
1) Programmatic Security:
By adding java statement in web resource programs(like Servlet, JSP...) for authentication and authorization operations.

2) Declarative Security:
By Configuring server supplied middleware services in web.xml and in other server related files.

To perform declarative authentication operations, Server supports 4 models of authentication.

a) BASIC model:
Uses Base64 encoding & decoding algorithm.

b) DIGEST model:
Uses MD5 endcoding & decoding algorithm.
Its same as BASIC model but encoding & decoding algorithm are different.

c) FORM model:
Same as BASIC Model but it allows programmers to configure user-defined form pages and error pages that are required in authentication process.

d) CLIENT_CERT model:
Uses digital signature/certificates for protecting and sending client data.

Note: BASIC, DIGEST models use browser supplied dialog boxes and error pages to complete process of authentication.


On this page of the site you can watch the video online 220 Security in web application Advanced java Servlet programming tutorial | Advanced java Servlet with a duration of hours minute second in good quality, which was uploaded by the user tech fort 05 June 2020, share the link with friends and acquaintances, this video has already been watched 991 times on youtube and it was liked by 12 viewers. Enjoy your viewing!