You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by Adam Sherman <ad...@teachandtravel.com> on 2002/10/22 17:02:15 UTC

Security Best-Practices?

Can anybody point me to a best practices guide for security in webapps? 
I'm building it from scratch.

Struts 1.1 has integrated support for JAAS, hows does affect Servlet 
"Realm" security?

I'm completly new at this, so just some suggestions would be helpfull. 
Not detailed imlpementation stuff.

Thanks,

A.

-- 
Adam Sherman
Software Developer
Teach and Travel Inc.
+1.613.241.3103



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>

Re: Security Best-Practices?

Posted by Adam Sherman <ad...@teachandtravel.com>.

Adam Sherman wrote:
> Can anybody point me to a best practices guide for security in webapps? 
> I'm building it from scratch.
> 
> Struts 1.1 has integrated support for JAAS, hows does affect Servlet 
> "Realm" security?
> 
> I'm completly new at this, so just some suggestions would be helpfull. 
> Not detailed imlpementation stuff.

Should an application maintain a separate user information database, 
keyed on the username return by the Container?

Some advice would be appreciated.

Thanks,

A.

-- 
Adam Sherman
Software Developer
Teach and Travel Inc.
+1.613.241.3103



--
To unsubscribe, e-mail:   <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>