Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Arup Nanda has a paper on Oracle Security Auditing part 1 on dbazine.com"] [Next entry: "Amis blog talks about SQuirrel - an open source database tool"]

Frank has a nice post about improvements to web application security



I was surfing this evening and found a nice entry in Frank Nimphius's weblog from about a week ago. The entry is entitled "J2EE Security: Struts “Shale” proposal does improve web application security."

This is an excellent short article that looks at J2EE security in web applications. Frank notes that current frameworks do not integrate well with the tools needed to build secure applications. He goes on to note that the current implementations of having security in the client, controller and business model is not ideal and multiple non synchronised configuration files or repositories are needed. Frank suggests that JAAS is suitable but doesn't implement end top end security. He talks about JSF and its problems of no application security integration and he goes on to introduce Asegi's security architecture.

Frank discusses Asegi framework and the issues of JAAS and discusses the Struts 2.x 'Shale' proposal. Frank finishes with his views of the possible future of this area. Interesting post, again its here.