Server-side plug-Ins

By: aathishankaran Emailed: 1768 times Printed: 2516 times    

Latest comments
By: rohit kumar - how this program is work
By: Kirti - Hi..thx for the hadoop in
By: Spijker - I have altered the code a
By: ali mohammed - why we use the java in ne
By: ali mohammed - why we use the java in ne
By: mizhelle - when I exported the data
By: raul - no output as well, i'm ge
By: Rajesh - thanx very much...
By: Suindu De - Suppose we are executing

Netscape and Microsoft Web servers provide other server-side programming features, such as Java and server-side plug-ins. In general, any server-side programming mechanism has the potential to be exploited. 

Server-side plug-ins are compiled and integrated with the Web server software. They allow server-side applications to be developed that perform better than server-side JavaScript applications and CGI programs. This is because they are called directly by the server instead of being run as a separate process. 

The performance gain of server-side plug-ins is offset by the difficulty of developing them. Because server-side plug-ins are closely integrated with the server, any errors in the plug-in could easily result in the complete failure of the server. 

Web Application Access Controls 

Most Web servers provide the capability to control access to certain Web pages and their associated Web applications. These controls may be based on host name, IP address, user name and password, or other identification and authentication mechanisms. Failure to implement restrictions on some applications, such as your server's management software, could lead to serious security holes. 

File Permissions 

Operating-system file permissions are closely related to Web-Application access controls. These permissions determine which Files users and applications are able to read, write and execute. These controls are important to protecting your Web site. In Particular, write permission to the directories containing CGI Programs and server-configuration files should be limited to the most trusted users. Failure to do so weakens the security of your Web server, opening it up to a broader spectrum of attacks. 

If your server stores financial information, such as credit card Data, the permissions of these files should be set to prevent them from being read by other applications. If at all possible, these files should be made write-only. 

In the event that your server is penetrated, the privileges of your server become those of the penetrator. Therefore, the login privileges of the Web server itself should be limited to the minimum needed to perform its function. 

Other Server-Side Security Considerations 

In addition to the vulnerability mentioned in the previous articles, Web servers are vulnerable to a wide range of attacks aimed at their application services and communication protocols. If a Web server supports other Internet services, such as telnet or FTP, then the server inherits all of the vulnerabilities of these services. The good news is that you can eliminate these vulnerabilities by turning off the additional services.

            If a Web server is on the Internet, then it, by definition, must support the Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP is notorious for its security vulnerabilities. These vulnerabilities include susceptibility to spoofing, session hijacking, and session monitoring. While these vulnerabilities are common to all systems that are on the Internet, they need to be considered when assessing the risk of setting up a Web server. If the perceived risk is too high, then you may want to implement a firewall or another network security countermeasure. 

As a final consideration, the operating system platform on which the Web server runs is also a potential source of security vulnerabilities. In general, multi-user operating systems, such as UNIX, pose a higher risk than single-user systems, such as the Macintosh and Windows 98. The security of most multi-user systems depends on the reliability and trustworthiness of all system users. If a single user is careless or untrustworthy, then the security of the entire system could be jeopardized. Most multi-user operating systems provide security controls, such as file permissions, that prevent a user from viewing or modifying the files of others. However, to be effective, these controls must be correctly applied. 

Although Web servers exist for the Macintosh, Windows 98, and Windows 95 platforms, most midlevel-to-high-end servers run on Windows NT and UNIX platforms. This is because Windows NT and Unix provide a fuller set of operating system services for implementing more complex and capable server software. 

Both Windows NT and Unix' have advantages and disadvantages as far as security goes. The main advantage of Windows NT is that it does not support (without additional software purchases) many of the services, such as Telnet, Internet mail and the X Windows System, that are provided out of the box with UNIX systems. These services may be used by a penetrator to gain remote access to a UNIX system. The primary advantage of UNIX is its maturity. It has been subjected to hacking for many years, including years before Windows NT was conceived. As a result, most of the UNIX security bugs have been identified and countermeasures have been implemented. Under a security-conscious system administrator, a UNIX Web site can be made as secure as it would be using other operating-System platforms

JSP Home | All JSP Tutorials | Latest JSP Tutorials

Sponsored Links

If this tutorial doesn't answer your question, or you have a specific question, just ask an expert here. Post your question to get a direct answer.

Bookmark and Share


Be the first one to add a comment

Your name (required):

Your email(required, will not be shown to the public):

Your sites URL (optional):

Your comments:

More Tutorials by aathishankaran
Web Security Issues
The Web User's Perspective
Server-side plug-Ins
The best way to avoid security vulnerabilities with new server
JavaScript Security
Window Object
Working with Status Bar Messages
Retrieving a Portion of a String
Referencing Windows
Math Object
Frame Object
Document Object
Closing Windows
Built-in Object in Javascript
Textarea Object

More Tutorials in JSP
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: ` Permission denied <null>:80
JSP Alert Example
JSP CheckBox Example
Uploading an Image to a Database using JSP
Uploading a file to a server using JSP
A JSP page that gets properties from a bean
The page Directive in JSP
The taglib, tag, include, attribute and the variable Directive in JSP
Declarations in JSP
Scriptlets and Expressions in JSP
Tag Libraries in JSP
The Request Object in JSP
The Response Object in JSP
The Out Object in JSP
The Session Object in JSP

More Latest News
Most Viewed Articles (in JSP )
What are the different scopes in JSP?
JSP Example to connect to MS SQL database and retrieve records
Sending Email using JSP
Automatically Refreshing a JSP
LifecycleException: service.getName(): "Catalina"; Protocol handler start failed: ` Permission denied <null>:80
Click to Activate and Use this control
The JSP Program running first Time.
Embedding java codes in jsp sciptlets
JSP pages in servlet
JSP Program for display Date
Protecting your website with a login page
The Advantages of Servlets Over “Traditional” CGI
The Servlet Life Cycle
Built-in Object in Javascript
Most Emailed Articles (in JSP)
What is JSP?
Declaring variable in JSP
Techniques for form editing
A Simple Servlet Generating Plain Text
An Example Using Servlet Initialization and Page Modification Dates
Text Object
The Basic Syntax Expression Language in JSP
Disabling Scriptlets in JSP using web.xml
The BodyTag Interface in JSP
What are the different scopes in JSP?
Sending Email using JSP
Using a DataSource from WebLogic in a JSP
Getting HTTP Request Headers in a JSP