摘要
由于网络开放性、程序缺陷和黑客的攻击,基于Servlet/JSP技术的Java Web应用面临安全控制的重大挑战。针对系统部署,提出了通过声明方式在web.xml文件中指定安全处理机制,为Web资源设置安全约束,指定Web资源访问权限;从程序语言本身,分析了如何对跨站脚本攻击和注入缺陷等安全隐患进行最大程序的防范,根据各种攻击方式的原理及其攻击过程,进行了更细粒度的安全控制。
Java Web, based on Servelet/JSP is now facing a great challenge because of the network's openness, procedure flaw and hacker's attack. For the system deployment, a statement is given for the safety processing mechanism in web. xml file to constrain the safety of web recourses and assign the access to web recourses; the program language itself, it also analyses how to guard most from the hidden danger such as cross-script attack and attacks, and gives more secure control according to the principals and procedures of the attacks.
出处
《萍乡高等专科学校学报》
2008年第6期49-52,共4页
Journal of Pingxiang College
