Tag Archives: security

SafeEquals

I’m currently designing a user-authentication OAuth2 based service. I’m trying very hard never ever to reveal anything about users or passwords. Credential-lookup by userid is always done twice. If the user is not found a known dummy-user is looked up … Continue reading

Posted in Java, Open Source | Tagged , | Leave a comment

Securing J[2]EE applications, part 3

In this third article, the samples are modified to be run on JBoss (4.0.3+) and JavaDB (Derby version 10.2). The first article showed how to setup Glassfish authentication with only a single database table. The second article evovled the simple … Continue reading

Posted in Databases, Java, Open Source | Tagged , , , | Leave a comment

Securing J[2]EE applications, part 2

The first part, Securing J[2]EE applications, part 1, discusses a simple setup where a single database table, 2 views and a correctly configured jdbcRealm could handle the most basic authentication and authorization requirements. This second article discusses a few enhancements … Continue reading

Posted in Databases, Java, Open Source | Tagged , , , | Leave a comment

Securing J[2]EE applications, part 1

I’m writing a few articles about securing J2EE applications. The setup is a Glassfish v2 as application server and PostgreSQL v8.3 as database server, keeping it open-source and free 🙂 This first part discusses a simple setup where only a … Continue reading

Posted in Databases, Java, Open Source | Tagged , , , | Leave a comment

Trusting any “secure” host

My main concern is developing server-side JAVA-applications: J[2]EE applications. When working with hobby-projects, I’m often faced with situations where I need to call other “third-party” applications over HTTP, in order to obtain some information important to me in specific situations. … Continue reading

Posted in Java | Tagged , , | Leave a comment