Manualshelf

User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - PROGRAMMER GUIDE TO SERVLETS
31323334353637383940
J2EE Application
1-9
Possible Countermeasures
The following outlines possible countermeasures against security risks. For further details, refer to the
descriptions for each component.
Table 1-6 Countermeasures
Possible threat Countermeasures
Decryption of passwords Encryption of passwords
Exploitation of passwords Setting access permissions of the file storing the
password information
Tampering of data recorded in the file Setting access permissions on the file storing the
information
Periodic data backup
Exploitation of information recorded in files Setting access permissions on the file storing the
information
Damage to data Periodic data backup
Damage to files Setting access permissions on the file
Countermeasures Against Decryption of Passwords
In an environment open to the public like the Internet, passwords may be decrypted on their
transmission route. You can minimize this risk by encrypting passwords. Using the https protocol via a
Web browser is an example of this measure.
Countermeasures Against Exploitation of Passwords
In an environment open to limited users like an intranet, it is not likely that passwords will be decrypted.
Such an environment may be the management base of the passwords, and password information is
often saved in a file. If this file is accessible by unauthorized users, there is a high risk of exploitation of
the information in the file. An effective countermeasure against this threat is to set appropriate access
permissions on this type of file.
Countermeasures Against Tampering of Data Recorded in Files
There are environment definition files and other such files in the operating environment of a J2EE
application. If the information in these files is illicitly tampered with, it may disable a J2EE application
and cause various problems. An effective countermeasure against this threat is to set appropriate
access permissions on these files. Periodic backups in preparation for tampering is also an effective
measure.
Countermeasures Against Exploitation of Information Recorded in Files
There are files storing information necessary for operation of a J2EE application. The contents of these
files are also a part of resources, it is important to prevent their exploitation by setting appropriate
access permissions.