Server-side plug-Ins

By: aathishankaran Emailed: 1599 times Printed: 2046 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

Netscape and Microsoft Web servers provide other server-side programming features, such as Java and server-side plug-ins. In general, any server-side programming mechanism has the potential to be exploited. 

Server-side plug-ins are compiled and integrated with the Web server software. They allow server-side applications to be developed that perform better than server-side JavaScript applications and CGI programs. This is because they are called directly by the server instead of being run as a separate process. 

The performance gain of server-side plug-ins is offset by the difficulty of developing them. Because server-side plug-ins are closely integrated with the server, any errors in the plug-in could easily result in the complete failure of the server. 

Web Application Access Controls 

Most Web servers provide the capability to control access to certain Web pages and their associated Web applications. These controls may be based on host name, IP address, user name and password, or other identification and authentication mechanisms. Failure to implement restrictions on some applications, such as your server's management software, could lead to serious security holes. 

File Permissions 

Operating-system file permissions are closely related to Web-Application access controls. These permissions determine which Files users and applications are able to read, write and execute. These controls are important to protecting your Web site. In Particular, write permission to the directories containing CGI Programs and server-configuration files should be limited to the most trusted users. Failure to do so weakens the security of your Web server, opening it up to a broader spectrum of attacks. 

If your server stores financial information, such as credit card Data, the permissions of these files should be set to prevent them from being read by other applications. If at all possible, these files should be made write-only. 

In the event that your server is penetrated, the privileges of your server become those of the penetrator. Therefore, the login privileges of the Web server itself should be limited to the minimum needed to perform its function. 

Other Server-Side Security Considerations 

In addition to the vulnerability mentioned in the previous articles, Web servers are vulnerable to a wide range of attacks aimed at their application services and communication protocols. If a Web server supports other Internet services, such as telnet or FTP, then the server inherits all of the vulnerabilities of these services. The good news is that you can eliminate these vulnerabilities by turning off the additional services.

            If a Web server is on the Internet, then it, by definition, must support the Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP is notorious for its security vulnerabilities. These vulnerabilities include susceptibility to spoofing, session hijacking, and session monitoring. While these vulnerabilities are common to all systems that are on the Internet, they need to be considered when assessing the risk of setting up a Web server. If the perceived risk is too high, then you may want to implement a firewall or another network security countermeasure. 

As a final consideration, the operating system platform on which the Web server runs is also a potential source of security vulnerabilities. In general, multi-user operating systems, such as UNIX, pose a higher risk than single-user systems, such as the Macintosh and Windows 98. The security of most multi-user systems depends on the reliability and trustworthiness of all system users. If a single user is careless or untrustworthy, then the security of the entire system could be jeopardized. Most multi-user operating systems provide security controls, such as file permissions, that prevent a user from viewing or modifying the files of others. However, to be effective, these controls must be correctly applied. 

Although Web servers exist for the Macintosh, Windows 98, and Windows 95 platforms, most midlevel-to-high-end servers run on Windows NT and UNIX platforms. This is because Windows NT and Unix provide a fuller set of operating system services for implementing more complex and capable server software. 

Both Windows NT and Unix' have advantages and disadvantages as far as security goes. The main advantage of Windows NT is that it does not support (without additional software purchases) many of the services, such as Telnet, Internet mail and the X Windows System, that are provided out of the box with UNIX systems. These services may be used by a penetrator to gain remote access to a UNIX system. The primary advantage of UNIX is its maturity. It has been subjected to hacking for many years, including years before Windows NT was conceived. As a result, most of the UNIX security bugs have been identified and countermeasures have been implemented. Under a security-conscious system administrator, a UNIX Web site can be made as secure as it would be using other operating-System platforms


JSP Home | All JSP Tutorials | Latest JSP Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.



Bookmark and Share

Comments(0)


Be the first one to add a comment

Your name (required):


Your email(required, will not be shown to the public):


Your sites URL (optional):


Your comments:



More Tutorials by aathishankaran
Web Security Issues
The Web User's Perspective
Server-side plug-Ins
The best way to avoid security vulnerabilities with new server
JavaScript Security
Window Object
Working with Status Bar Messages
Retrieving a Portion of a String
Referencing Windows
Math Object
Frame Object
Document Object
Closing Windows
Built-in Object in Javascript
Textarea Object

More Tutorials in JSP
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: `java.net.BindException: Permission denied <null>:80
JSP Alert Example
JSP CheckBox Example
Uploading an Image to a Database using JSP
Uploading a file to a server using JSP
A JSP page that gets properties from a bean
The page Directive in JSP
The taglib, tag, include, attribute and the variable Directive in JSP
Declarations in JSP
Scriptlets and Expressions in JSP
Tag Libraries in JSP
The Request Object in JSP
The Response Object in JSP
The Out Object in JSP
The Session Object in JSP

More Latest News
Most Viewed Articles (in JSP )
JSP Example to connect to MS SQL database and retrieve records
JSP Program for display Date
What are the different scopes in JSP?
Embedding java codes in jsp sciptlets
JSP Example to connect to MS SQL database using Tomcat Connection Pool
Getting Started with JSP
JSP Alert Example
What is JSP?
Cookies using JSP or Java Bean
Tags using in jsp
Form processing in JSP
Protecting your website with a login page
Tag libraries
A Simple Servlet Generating Plain Text
Basic Servlet Structure
Most Emailed Articles (in JSP)
Enable/Disable Scripting Elements in JSP
What are the different scopes in JSP?
A JSP page that gets properties from a bean
The Advantages of JSP
Document Object
Syntax For JSP Declaratives
Sessions in JSP
Packaging Servlets
The Advantages of Servlets Over “Traditional” CGI
Using a DataSource from WebLogic in a JSP
The Application Object in JSP
Embedding java codes in jsp sciptlets
Tags using in jsp
A Servlet That Generates HTML
Example Using Initialization Parameters