is my application secure enough???

Networking/Security Forums -> Programming and More

Author: Mouadh PostPosted: Mon Aug 09, 2010 12:03 pm    Post subject: is my application secure enough???
    ----
i have came so far developing my first project using primefaces but i didn't though about securing it. so i have done some search about the available solution like acegi, then i though about implementing my own security solution:
the authentication is done via a simple authentication dialog with login and password (am using for this a bean called connexionBean which store whether the authentication has succeeded or not).
for the authorization part, i add a filter which intercept any request and check the connexionBean related to the session and redirect the request when the client isn't authenticated.
so, is my solution is enough or it can breached???

Author: CoreDefendLocation: USA PostPosted: Tue Aug 10, 2010 4:22 pm    Post subject:
    ----
Within your java bean, are you storing your login credentials within a database?

If so, you might be vulnerable to SQL injection attacks. Make sure you sanitize all user input.

Also, have you configured account lockouts for multiple unsuccessful login attempts.

There are many things to consider when assessing your application's security.

PM me if you wish to discuss further.

Author: Mouadh PostPosted: Wed Aug 11, 2010 9:49 am    Post subject:
    ----
thanks for replying, i have already sanitized my inputs for SQL injection, i think that i still have to lock accounts for multiple unsuccessful login attempts, that didn't came to my mind.

Author: Boerniko PostPosted: Wed Nov 17, 2010 4:26 pm    Post subject:
    ----
@coredefend wow that's cool. can i ask help also? like simple pc errors



Networking/Security Forums -> Programming and More


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group