 |
Tutorial Overview. This tutorial will guide you through the
steps required to set up secure cookies. To complete this tutorial you
need to have an understanding of Java servlets and Tomcat. This tutorial
is divided into three sections. The first section is a brief overview of
cookies and the resources used. The second section will cover the
installation and configuration of Tomcat, an application server used to
serve the java servlet. The final section will cover the creation and
use of a cookie, created using java. This tutorial is used in
IS2771 Security
in E-Commerce.
Cookies. Cookies serve as a facility for servers to send
information to a client, which is housed on the client’s machine from
which the server can later retrieve it. Cookies are part of the header
information that when used with https has decent security. There is a
significant problem with using cookies, which is that a user can turn
cookies off. As a developer you cannot be sure that state information is
always available. A cookies value is normally an ID that is used by the
server to query a database to obtain detailed information. To improve
the security of a cookie, the value it holds should always be encrypted
before being sent to the client, which should be base64 encoded before
it is transmitted. In addition to encryption data should only be sent
via a secure connection.
Java Servlets. Java servlets support the use of cookies through
the ServletResponce and ServeltRequest interface. The response interface
has a setCookie(cookie) method, which sets values for the cookie. The
request interface has a getCookie() method, which will return a cookie.
Tomcat. Tomcat will be used as a standalone Web server, which
will act as a servlet container that is used to reference Java Servlets
and JavaServer Pages.
 |
|
 |
|
