Servlet Security

Google

Mailing List

Home

Forum Home

JBoss - Java Application Server

Tomcat - JSP/Servlet container

Struts - A MVC web framework

iText - An open source PDF Java Library

JDOM - JDOM XML Parser

JSP - A mailing list about Java Server Pages specification and reference

J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition

J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog

Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology

Struts & Hibernate

Subjects

•	JSP editor plugin for eclipse ?
•	org apache jasper JasperException: Unable to compile class for JSP
•	Tomcat: Connection reset by peer: socket write error
•	Cannot retrieve definition for form bean null
•	Struts Tiles Tutorial (free Struts training)
•	Where do I download Tomcat 4 0 6?
•	Data Access Object (DAO) pattern, example DAO 's
•	Where to download Tomcat v 4 1 24 from?
•	Tomcat 5 0 16 Requested resource not available
•	Subject: Servlet : Session invalidate
•	Oracle Connection Pooling in 3 2 2
•	Servlet action is currently unavailable
•	Tomcat/Struts Unicode Encoding/Decoding problems
•	Subject: Running a Simple JMS Example
•	Tomcat and webapplication specific java library path
•	Mapping in workers2 properties
•	org apache jasper JasperException
•	problem with html:text bean throwing exception
•	Cannot find message resources under key org apache struts action MESSAGE
•	Cannot find message resources under key org apache struts action MESSAGE
•	invalid direct reference problem with solution
•	Tool for jsp debug Try Sysdeo Eclipse Plugin
•	Tomcat 5 Cannot load JDBC driver class 'null ' SQL state: null
•	weblogic ejbc
•	java properties file
•	Jboss 3 2 3 Coyote Can 't re
•	Tomcat 5, Apache2 and mod jk2 integration problem
•	JBoss example problem new to J2EE
•	Value attribute of <html:checkbox
•	url string for connecting jboss to oracle
•	javax servlet ServletException: BeanUtils populate
•	5 0 18: Windows XP Pro vs Windows 2000
•	HTTP Status 404 The requested resource is not available

Servlet Security

Servlet Security

2004-09-30 - By Henry Reardon

Back

Reply: 1 2 3 4 5 6 7 8 9 10 >>

We are giving some thought to putting a CGI-based Wiki, specifically
OddMuse, on a website that runs on a Linux server. In 'Using Linux (Fourth
Edition)', the authors warn that "The biggest cause for concern about
protecting your site from external threats is CGI scripts." They go on to
suggest various precautions that will reduce the risk.

This has me wondering if servlets are equally insecure or have a much
stronger security model. I also have Jason Hunter's 'Java Servlet
Programming (Second Edition)' which has a 30 page chapter on Security that
details how various forms of authentication take place in servlets. However,
I can't find any categorical statement that says servlets are actually any
more secure than CGI.

I was wondering if someone with extensive experience with the security
aspects of both servlets and CGI can give me any sense of which is more
secure and why? I need this information so that we can choose the right
approach for our wiki.

---
Henry

__ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ __
Take advantage of powerful junk e-mail filters built on patented Microsoft?
SmartScreen Technology.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http:/
/hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSN? Premium right now and get the
first two months FREE*.

__ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ __
To unsubscribe, send email to listserv@(protected) and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html