Java Reference
In-Depth Information
• The architecture uses Form Based authentication for the web
tier and the security logic is implemented in reusable business
component (UserManager) in the application tier.
• SSL will provide the desired security for sending sensitive
information
to
critical
systems
like
Merchant
Bank
and
Market Place
•
JMS
Message-level
(Using
Encryption
and
Digital
signatures) and Transport-layer security (Using SSL).
• The application will use LDAP for authentication at the web
tier and will use role based security at the web and business
tier for authorization.
Best Practices:
SQL Injection: Prepared or Dynamic SQL Statements
Cross Site Scripting: JSF Validation, Avoid JavaScript's, and
Avoid Frame/iFrames
Denial of Service: Service Request Queue Technique.
Limiting the number of Concurrent Request and queuing all
excess requests.
Man-in-the-Middle:
Using
SSL,
Avoid
Frames/iFrames,
Avoid URL Rewriting
Reliability
The following mechanisms were recommended for Zamco
Application architecture to achieve reliability:
