[Previous entry: "Arup Nanda has a paper on Oracle Security Auditing part 1 on dbazine.com"] [Next entry: "Amis blog talks about SQuirrel - an open source database tool"]
Frank has a nice post about improvements to web application security
December 15th, 2004 by Pete
Post to del.icio.us
Post to Furl
I was surfing this evening and found a nice entry in Frank Nimphius's weblog from about a week ago. The entry is entitled "J2EE Security: Struts “Shale” proposal does improve web application security."
This is an excellent short article that looks at J2EE security in web applications. Frank notes that current frameworks do not integrate well with the tools needed to build secure applications. He goes on to note that the current implementations of having security in the client, controller and business model is not ideal and multiple non synchronised configuration files or repositories are needed. Frank suggests that JAAS is suitable but doesn't implement end top end security. He talks about JSF and its problems of no application security integration and he goes on to introduce Asegi's security architecture.
Frank discusses Asegi framework and the issues of JAAS and discusses the Struts 2.x 'Shale' proposal. Frank finishes with his views of the possible future of this area. Interesting post, again its here.
