Is application developed by servlet more secure than jsp?
jsp has appeared, but someone still use servlet.
Those reason is that servlet can make application higher security. Is it true?
Servlets are no more secure than JSPs, because JSPs are servlets - they're just another way of building the same thing. There is nothing you can do in a JSP that you can't do in a servlet or vice versa.
Why switch to or from JSPs or servlets? - you should be using both. Use servlets for heavy processing logic and JSPs for presentation (MVC pattern). That way you get maximum separation of logic and presentation. You can pretty much let HTML developers work normally, then come along afterwards and stick a little bit of Java code in the page to make it all dynamic. Better still, you can create easy-to-use custom tags that your HTML developers can easily understand without needing any programming experience. This leaves you free to work on the logic in the back-end.
Similar Messages
-
Should I upgrade to Mavericks now from 10.6.8 (i-Mac, mid 2007, core 2 duo)? Will Mavericks be more secure than 10.6.8 ? I have the latest version of 10.6.8 and have upgraded my memory to 4GB. This could be one reason for me to make the move now.
10.6.8 has been great, it runs great with all my apps but am concerned about lack of support now. I know my PC apps will not work but maybe some apps that work now will "walk away" from 10.6.8 and then there's the security question of above.
I am also concerned about iPhoto 9 transition to i-Photo 11 and compatibility of my Time Machine WD Passport HD (format: Mac OS Extended (Journaled) based on several questions in applicable forums.
Thanks for your help in this important decision!If I were you I would stick with Snow Leopard. It's much better suited to your old hardware. That said:
Upgrading from Snow Leopard to Lion or Mavericks
To upgrade to Mavericks you must have Snow Leopard 10.6.8, Lion, or Mountain Lion installed. Purchase and download Mavericks (Free) from the App Store. Sign in using your Apple ID. The file is quite large, over 5 GBs, so allow some time to download. It would be preferable to use Ethernet because it is nearly four times faster than wireless.
OS X Mavericks- System Requirements
Macs that can be upgraded to OS X Mavericks
1. iMac (Mid 2007 or newer) — Model Identifier 7,1 or later
2. MacBook (Late 2008 Aluminum, or Early 2009 or newer) —
Model Identifier 5,1 or later
3. MacBook Pro (Mid/Late 2007 or newer) — Model Identifier 3,1 or later
4. MacBook Air (Late 2008 or newer) — Model Identifier 2,1 or later
5. Mac mini (Early 2009 or newer) — Model Identifier 3,1 or later
6. Mac Pro (Early 2008 or newer) — Model Identifier 3,1 or later
7. Xserve (Early 2009) — Model Identifier 3,1 or later
To find the model identifier open System Profiler in the Utilities folder. It's displayed in the panel on the right.
Are my applications compatible?
See App Compatibility Table — RoaringApps.
Upgrading to Lion
If your computer does not meet the requirements to install Mavericks, it may still meet the requirements to install Lion.
You can purchase Lion at the Online Apple Store. The cost is $19.99 (as it was before) plus tax. It's a download. You will get an email containing a redemption code that you then use at the Mac App Store to download Lion. Save a copy of that installer to your Downloads folder because the installer deletes itself at the end of the installation.
Lion System Requirements
1. Mac computer with an Intel Core 2 Duo, Core i3, Core i5, Core i7,
or Xeon processor
2. 2GB of memory
3. OS X v10.6.6 or later (v10.6.8 recommended)
4. 7GB of available space
5. Some features require an Apple ID; terms apply. -
Is Arch's future more secure than Gentoo's present???
I just took a look at distrowatch and read this article:
http://distrowatch.com/weekly.php?issue=20070312#future
So I just thought by myself "What the **** is going on with Gentoo?"...
The next thought was "What would the Arch community do if there would ever be some situation like that???".
And now here I am, looking for an answer.
I mean up to now the Arch developers and the community around them are the most friendly ones I have ever seen. But I was also worried how things would develop in future. I mean as mentioned in this article Gentoo was once the fastest growing Disto known to mankind and now according to this article they're messing up with all the potential the have had.
So since I think that Archlinux has the potential to be even better than Gentoo I was wondering how the people behind Arch will prevent situations like this? I mean compared to Gentoo Arch currently is rather small (like Gentoo also was in the beginning), but who knows what will happen in the future? And with more people there will be more different opinions. So besides the KISS philosophy is there anything else written down to secure the future of Arch so Gentoo's current problems won't happen?
Anyway, I was just thinking about that and wanted to ask the people in here and mainly the developers what they think about it? Does there exist something to prevent the problems Gentoo currently has?
Thanks for every answer!cactus wrote:
haven't watched it yet..but it sounds interesting...
http://video.google.nl/videoplay?docid= … 1522818645
EDIT: Watched it. Turned out..it was pretty awesome.
Thanks for that link. I watched the video and tried to understand all of it, minding the fact, that I am actually not a open source developer - but in the end it turned out to be eligible for each and every type of community (also including the scarce ones where I either am or was in charge of a moderator title). It might be a bit offtopic, but I indeed have to be grateful to have access to material just like that. These are real professionals, which are still down-to-earth (no wonder, if one takes a closer look on what their work is like), sharing their knowledge for free. I have no problem with Google having a copyright on this material, as long as it is accessible for each and everyone and it is for free. In the end it turned out to change my point of view a bit, about what the open source community is really like and how to improve the climate of a community, minding its targets. I will definitely take a closer look at additional material on video.google.com, as this resource seems to be promising.
Thanks for your attention anyhow. Just in case this posting was inappropiate, I would like a TU/moderator to delete it for the community's sake.
Last edited by chaosgeisterchen (2007-03-13 21:44:51) -
Is firefox ACTUALLY more secure than Internet Explorer 8?
Hello Mozilla forum members. I am currently a Firefox user. An NSSLabs test claims Internet Explorer 8 is the most secure web browser. Some other sources also agree. Can anyone tell me if this is true? Thanks!
Here is the link: http://nsslabs.com/test-reports/NSSLabs_Q12010_BrowserSEM_Summ_FINAL.pdf
== I was browsing through the Microsoft site and the NSSLabs site.Depends on how much you want to trust a company that has a history of accepting vendor funding, like from M$.
http://www.thetechherald.com/article.php/200912/3268/Can-you-trust-the-NSS-Labs-report-touting-the-benefits-of-IE8
http://www.networkworld.com/news/2009/091009-nss-labs-independent-testing.html
And you need to question why they were testing Firefox 3.5.7 in January 2010 when the very stable beta 4 of Firefox 3.6 was available at that time. I was using 3.6b4 and <u>'''never'''</u> had a problem.
AND......'''~~red:they were not testing the browsers~~'''. <u>'''What, you say?'''</u>
Look at footnote 1 on page 3 of the full report ( http://nsslabs.com/test-reports/NSSLabs_Q12010_GTRBrowserSEM_FINAL.pdf ):
'''''Note: This study does not evaluate browser security related to vulnerabilities in plug-ins or the browsers themselves.'''''
So what was NSS Labs testing? Section 1 (pages 5-6) explains that. Reading Section 1.2, they were testing the ability of Google Safe-Browsing (in the case of Firefox) and the protection that it affords in keeping users from even getting onto malicious sites. I do not know what the other tested browsers use for comparable protection. Do you? I would not depend on Google Safe Browsing or any other such service for my full protection. Would you?
Moving on, read Section 2.1.1 carefully...."''1,756 potentially malicious sites''" pared down to 562 sites, but their methodology in choosing the 562 sites is not explained. What if the other 1,194 sites had been included? Would it have changed the results or conclusions reached? You should be saying "Hmmmmmmmm" at this point.
Do yourself a favor:
-Read such reports carefully and <u>'''in full'''</u> (not just the summary) with your brain "in-gear".
-Keep all of your system defenses up-to-date, firewall, AV/AS, scan regularly with multiple scanners (none is 100% correct, 100% of the time). IMPORTANT: Never run over-lapping security applications (i.e., 2 firewalls, 2 anti-virus/anti-spyware) at the same time. Two is NOT better than one in this case.
-Do you know what '''services''' and '''processes''' are running on your system, why they are running and what the function of each might be? Do you '''actively''' monitor incoming and outgoing connections? Do you log connections and review them?
-Don't visit questionable sites (porn, warez, less than legal music and video download sites, etc.)
-Base part of your judgement on your own experience; have you experienced any security related problems with what you are using? If so, then make a change <u>'''NOW'''</u>!
Good luck. -
UAG DirectAccess more secure than 2012 DirectAccess in edge scenario by default ?
I installed 2012 DirectAccess in Edge configuration, first interface connected to intranet and second interface connected to internet.
When I did port scanning from internet, to my suprise there is about 1000 port open to internet. 85% are high ports, and rest are well-know ports.
Ports like tcp 3389, tcp 135, tcp 445 are open to everybody by default.
Isn't this enormous security issue ? At least it should be mentioned somewhere ?
So options are, you manually configure windows firewall rules or you put your DirectAccess server behind edge firewall, or you build you DirectAccess with NAT.
With UAG DirectAccess you really did not have this problem, you opened to internet only the few ports that were needed for DirectAccess. UAG DirectAccess was easily built
without an edge firewall.
Thanks,
-oraatHi, Although technically Windows has a very good firewall a DirectAccess Server is an Edge device that should always be located behind a front-end firewall. And optionally in front of a back-end firewall. Maybe the following post I have answered provides
you a bit more information:
UAG to 2012 R2 - Edge Device concern
https://social.technet.microsoft.com/Forums/forefront/en-US/bf3a5e9a-6f06-4e72-a907-67df1672224e/uag-to-2012-r2-edge-device-concerns?forum=forefrontedgeiag
Boudewijn Plomp, BPMi Infrastructure & Security
Please remember, if you see a post that helped you please click "Vote as Helpful" and if it answered your question, please click "Mark as Answer". -
Anything more secure than a password protected .img created in disk utility
subject says all.
Message was edited by: dnaginzter256-bit encryption is what SSL certificates use (the "lock" symbol you see when you go to a banking website). They're highly regarded in the industry as pretty much the pinnacle of practical encryption.
Again, the password is usually the weak spot. Even with 256-bit encryption, if your password is "password" or "12345", a cracker will be able to access your files pretty quickly.
As usual, there's an xkcd page for this situation.
Matt -
Is Firefox x64 more secure against Malware attacks than Firefox x32?
I have a Windows 7 Home Premium SP1 x64 computer. It is my understanding that Windows 7 HP SP1 x64 is more secure against Malware-Virus attacks then Window 7 HP SP1 x32.
I am using Firefox 6.0B2 x32 and just started also using Firefox 8.0A1 x64. Both are working fine.
Is the x64 version of Firefox more secure than the x32 version against Malware-Virus attacks on a Windows 7 SP1 x64 computer simply because it is x64.No, it isn't.
-
IPhone 4 - More secure restrictions passcode
Hello All,
We're just about to equip our 16 year old with an iPhone 4 ... I've gone through and setup certain restrictions on the phone, assigned the required passcode ... however, is there any way at all to enable something more secure than just a 4 digit code? In the end, a 16-year old and enough banging away on it and sooner or later they'll crack it, given only 4 digits.
Appreciate all advise and guidance.
KenI don't believe so. If you have that little trust for your 16 year old, perhaps you should not be giving them a smartphone to begin with.
-
SOA Application development & Security Standards document template
Hi,
I need to create documents on SOA Application development standards and SAO Application Security standards.
Please share document templates if anyone have them.
Thank youHmm, interesting comments. Is it really a Standard that you're after? Not wishing to ask if you like salt with your eggs but I assume we know the differences between Standard, Policy, Procedure? You'd be surprised with the number of so called Security experts /Consultants that can't articulate this. I have seen big 4 people who are meant to be delivering Policy but actually documenting a Standard, even Procedures
So are you looking at delivering a Standard per Application? You should also have a Generic App Security Standard.
Standard - you're looking to no more than 10-20 pages.
SAP hooks into several other documents so you should be explicitly referencing O/S and Database Standards.
Authenticating against SAP - that should be covered in Access Control Policy /Standard.
Encryption ....? Your encryption doc's and so on.
SAP sits on an O/S, so if you're an IBM house then you're looking at AIX. SAP would assume this as a pre-req. Database? You've got Oracle and if again you're an IBM house you follow DB2.
DB2 inherits numerous priv's from the underlying O/S. So if AIX is poorly configured, then DB2 inherits this. Of course there's a bunch of stuff that you can do from SYS* parameters etc.
I've just put together a bunch of stuff for an Org. The actual SAP piece is actually not that hard. The Procedure is a little more specific e.g. specific Install Accounts /Passwords that need to be changed, how you secure external interfaces.
Please let me know if you need anything further.
Cheers, N -
My ipod touch 4g just updates today on itunes and the update caused more trouble than good for me. My ipod will no longer show me the battery percentage in the top right hand corner and I am not allowed to drag other applications to the bottom panel. Also my itunes doesn't allow "enable disk use" anymore. Can anyone help? My ipod now says that it's the 4.3.4 version
- Unjailbroken iPod never showed % battery. Just the icon.
- Unjailbroken iPod Touches never had a disk mode.
- What happens when you try to drag a wiggling app to a empty space in the bottom? Does it move and snap back? -
I am looking for a very simple home accounting application. iBank seems to not be very intuitive and it has more features than I need. I am looking for the ability to create a budget and keep a bank register with the ability to connect to my bank and do updates.
I have a small business, I chose Quickbooks because anything else cost much more. That triggered the hiring of a bookkeeper who knew how to use it. It was not the cheapest choice after all.
-
Hi i insttalled the free trial 3O days MacScan on OsX10.5 is it normal that for full scaning it takes so long time more even than one day?! on the other hand this application hasn't any uninstaller on image disc ,so how can i uninstal it from my hard?Thanks
Get rid of the tracking cookies. They are used to profile and track your browsing history. While they are privacy invading, by calling them spyware, MacScan is being a little dramatic in trying to sell you its crap. And in the future, for whatever browser you use, don't allow third-party cookies.
To prevent tracking, get Ghostery. In addition to having Ghostery and forbidding third-party cookies, I clear out all cookies from one browsing session to another. If you always do that, you won't have any tracking cookies to worry about, so you won't need MacScan to find them for you. Btw, MacScan finds the tracking cookies in the first few minutes of scanning; if you want to use it for that, then that's all the time you need to run it for. But, as I said, you won't have any tracking cookies around if you just remove all cookies and don't allow third-party cookies. As soon as you visit a site that needs them, you'll just get new ones. No problem.
Read all about cookies here.
http://en.wikipedia.org/wiki/HTTP_cookie -
I want application name can display more than 13 character.
Could you tell me how to fix this problem?Backup and restore your software via iTunes. If the problem continues, restore as a NEW device. If this solves it, that means there is some corruption in your backup file. If the problem is still there, you should take it to the Genius Bar at an Apple Store for evaluation.
-
7 Things every Adobe AIR Developer should know about Security
7 Things every Adobe AIR Developer should know about Security
1. Your AIR files are really just zip files.
Don't believe me? Change the .air extension to zip and unzip
it with your favorite compression program.
What does this mean for you the developer? What this means is
that if you thought AIR was a compiled protected format, alas it is
not.
2. All your content is easily accessible in the AIR file.
Since we now that the AIR file is really just a zip file,
unzip it and see what's inside. If you have added any content
references when you published the AIR file, voila, there it all is.
What does this mean for you the developer? Well, you content
is sitting there ripe for the picking, and so is everything else
including you Application descriptor file, images etc.
3. Code signing your Air app does nothing as far as security
for you.
All code signing your app does is verify to the end user that
someone published the app. I does nothing as far as encryption and
does nothing to project your content.
What does this mean for you the developer? We'll you should
still do it, because getting publisher "unknown" is worse. It also
means that joe hacker would not be able decompile your entire app
and republish it with the same certificate, unless they
somehow got a hold of that too.
4. All your AIR SWF content is easily decompilable.
Nothing new here, it's always been this way. Type flash
decompiler into google and you'll find a variety of decompilers for
under $100 that will take your AIR content swf and expose all your
source code and content in no time.
What does this mean for you the developer? All you content,
code, urls and intellectual property is publicly available to
anyone with a decompiler, unless you do some extra work and encrypt
your swf content files, which is not currently a feature of AIR,
but can be done if you do your homework.
5. Your SQLite databases are easy to get at.
SQLite datatbases can be accessed from AIR or any other
program on you computer that knows how to work with it. Unless you
put your database in the local encrypted datastore, or encrypt your
entire database it's pretty easy to get at, especially if you
create it with a .db extension.
What does this mean for you the developer? We'll SQLite is
very useful, but just keep in mind that your data can be viewed and
altered if you're not careful.
6. The local encrypted datastore is useful, but....
The local encrypted datastore is useful, but developers need
a secure way of getting information into it. Storing usernames,
passwords and urls in clear text is a bad idea, since as we
discussed, you code is easy to decompile an read. By putting info
into the local encrypted datastore, the data is encrypted and very
difficult to get at. The problem is, how do you get it into there,
without have to store any info that can be read in the air file and
without the necessity of communicating with a web server? Even if
you called a web service and pushed the returned values into the
datastore, this is not ideal, since you may have encoded the urls
to you web service into your code, or they intercept the results
from the web service call.
What does this mean for you the developer? Use the local
datastore, and hope that we get some new ways of protecting content
and data form Adobe in the next release of AIR.
7. There are some things missing form the current version of
AIR (1.1) that could really help ease the concerns of people trying
to develop serious applications with AIR.
Developers want more alternatives for the protection of local
content and data. Some of us might want to protect our content and
intellectual property, remember not all of us are building toys
with AIR. Other than the local encrypted datastore there are not
currently any built in options I'm aware of for encrypting other
content in the AIR file, unless you roll your own.
What does this mean for you the developer? We'll I've been
told that Adobe takes security very seriously, so I'm optimistic
that we'll see some improvements in this area soon. If security is
a concern for you as much as it is for me, let them know.Putting "secret data" as a clear text directly in your code
is a broken concept in every environment, programing language.
Every compiled code is reversible, especially strings are really
easy to extract.
There is no simple, straightforward way to include secret
data directly with your app. This is a complicated subject, and if
you really need to do this, you'll need to read up on it a bit.
But in most cases this can be avoided or worked around
without compromising security. One of the best ways is to provide
the user with a simple "secret key" alongside the app (best way is
the good old login/password). The user installs the app, and
provides his "secret key", that goes directly into
EncryptedLocalStore, and then you use this "secret key" to access
the "secret data" that's stored on your server. Then you can
transfer the "secret data" directly into EncryptedLocalStore.
As for the whole thread:
Points 1-5 -> Those points do not concern AIR apps only.
If you are developing an application in any language, you should
follow those rules, meaning:
- Code installed on users computer is easy accessible
- Data stored locally is easy accessible, even if it
encrypted using any symmetric-key encryption, because the
encrypting algorithm and encryption key is in your source code (you
could probably write a book on using public-key encryption so let's
just leave it for now ;)
Point 6 -> Is a valid one. All your app security should
relay on the EncryptedLocalStore. But it is your job to get the
data securely into the ELS, because there is no point to encrypt
data that can be intercepted. -
Why PHP is better than JSP,Servlet(Java Web Apps) ?
Well, my heart says JSP, Servlets are better but rent a coder and job market, demand-supply seems to be saying a different story... ? Why we should not learn PHP then ?
dcminter wrote:
You can develop web sites in PHP in two shakes of a lambs tail. But they aren't maintainable as they would be in .NET or J2EE and again the performance (which dicates what you can do as well as scalability) is between a scripted language with buggy runtime and a compiled language with an optimized runtime so you tell me. Yes, but rather like Spinoza's argument for the existence of God, an application that has existence is more perfect than one which exists only in the conception. Even if the conceptual one is faster.
I don't denigrate languages like PHP that help novices get stuff done.
To address the OP's complaint: If one language was objectively "best" then we would only need one language. In practice they all have strengths. The more you learn the more you'll know which to use for the task at hand. That said, to learn any language (even PHP) in profound depth will take the best part of ten years and maybe longer. Sometimes expediency leads us to use the language we understand better to solve a problem for which it is not ideally suited.Eloquent - well said.
Bonus points for that Spinoza reference.
%
Maybe you are looking for
-
Is enable disk use on iPod Touch possible?
I need to copy the content on my 16GB 2nd gen. iPod Touch back to my computer which was lost with a HD failure. All of the programs I found that will copy content from iPod to computer need to have "enable Disk Use" checked. I do not have that option
-
ITunes 10 slow when writing to disk
Hi Folks, I'm running a pretty stout machine (by iTunes standards) and am having serious user experience issues. Whenever I try to play a new song, change the rating, checkmark, etc. and iTunes has to write to the disk (I assume to the library file)
-
Aperture and PhotoStream - too big images?
Just updated my Lion workstation and Aperture to 3.2. Merged to iCloud the whole and I was trying to get a grip on PhotoStream. While taking a picture with my iPhone and having it everywhere right away seems cool, as a photographer with a Canon 1Ds M
-
Help! I lost my ipod!!!
I lost my iPod on tuesday at school this week in the girl's locker room. I check any lost and found i can find, set an annoucement over the loud speakere, and still, no god news so far. I didn't set it up on iCloud for i didn't know how to at first.
-
Register iphone on two computers
Is there a way to register/sync my iphone 4gs to two pcs?