#Security in web-application: What is security?
Ans : Security refers to protection from hostile forces.
freedom from anxiety, potential harm, caused by others.
phenomeno vulnerable to unwanted change.
Security of two types/levels:
1) Network Level Security : (Will be taken care by Network Administrator)
2) Application Level Security : (Will be taken care by Programmer/Developer)
Application security = Authentication + Authorization
Checking the identity of a user is called "Authentication".
Checking the access permission of user to access certain resources is called "Authorization".
Every bank employee must be authenticated to use banking application/software.
But only certain employees are authorized to use "loan" module of the bank aplication/software project.
Application level security also covers data integrity and data privacy.
Data Integrity: Not allowing data tampering(Not allowing to change 10000.Rs to 1000000.Rs). That means it should not allow over the network.
Data Privacy: Data should not be visible to others(unauthorized).(Like hackers) when travelling over the network.
There are two types of Application level security:
--------------------------------------------------
1) Programmatic Security:
By adding java statement in web resource programs(like Servlet, JSP...) for authentication and authorization operations.
2) Declarative Security:
By Configuring server supplied middleware services in web.xml and in other server related files.
To perform declarative authentication operations, Server supports 4 models of authentication.
a) BASIC model:
Uses Base64 encoding & decoding algorithm.
b) DIGEST model:
Uses MD5 endcoding & decoding algorithm.
Its same as BASIC model but encoding & decoding algorithm are different.
c) FORM model:
Same as BASIC Model but it allows programmers to configure user-defined form pages and error pages that are required in authentication process.
d) CLIENT_CERT model:
Uses digital signature/certificates for protecting and sending client data.
Note: BASIC, DIGEST models use browser supplied dialog boxes and error pages to complete process of authentication.
En esta página del sitio puede ver el video en línea 220 Security in web application Advanced java Servlet programming tutorial | Advanced java Servlet de Duración hora minuto segunda en buena calidad , que subió el usuario tech fort 05 junio 2020, comparta el enlace con amigos y conocidos, en youtube este video ya ha sido visto 991 veces y le gustó 12 a los espectadores. Disfruta viendo!