220 Security in web application Advanced java Servlet programming tutorial | Advanced java Servlet

Pubblicato il: 05 giugno 2020
sul canale di: tech fort
991
12

#Security in web-application: What is security?
Ans : Security refers to protection from hostile forces.
freedom from anxiety, potential harm, caused by others.
phenomeno vulnerable to unwanted change.

Security of two types/levels:

1) Network Level Security : (Will be taken care by Network Administrator)

2) Application Level Security : (Will be taken care by Programmer/Developer)

Application security = Authentication + Authorization

Checking the identity of a user is called "Authentication".

Checking the access permission of user to access certain resources is called "Authorization".

Every bank employee must be authenticated to use banking application/software.

But only certain employees are authorized to use "loan" module of the bank aplication/software project.

Application level security also covers data integrity and data privacy.

Data Integrity: Not allowing data tampering(Not allowing to change 10000.Rs to 1000000.Rs). That means it should not allow over the network.

Data Privacy: Data should not be visible to others(unauthorized).(Like hackers) when travelling over the network.

There are two types of Application level security:
--------------------------------------------------
1) Programmatic Security:
By adding java statement in web resource programs(like Servlet, JSP...) for authentication and authorization operations.

2) Declarative Security:
By Configuring server supplied middleware services in web.xml and in other server related files.

To perform declarative authentication operations, Server supports 4 models of authentication.

a) BASIC model:
Uses Base64 encoding & decoding algorithm.

b) DIGEST model:
Uses MD5 endcoding & decoding algorithm.
Its same as BASIC model but encoding & decoding algorithm are different.

c) FORM model:
Same as BASIC Model but it allows programmers to configure user-defined form pages and error pages that are required in authentication process.

d) CLIENT_CERT model:
Uses digital signature/certificates for protecting and sending client data.

Note: BASIC, DIGEST models use browser supplied dialog boxes and error pages to complete process of authentication.


In questa pagina del sito puoi guardare il video online 220 Security in web application Advanced java Servlet programming tutorial | Advanced java Servlet della durata di ore minuti seconda in buona qualità , che l'utente ha caricato tech fort 05 giugno 2020, condividi il link con amici e conoscenti, su youtube questo video è già stato visto 991 volte e gli è piaciuto 12 spettatori. Buona visione!