Implement Security for Applications

Following is a summary of some of the best practices that concern application security.

Set the FrontEndHost Attribute

Because it's possible to spoof the host header, set the FrontEndHost attribute on the WebServerMBean or the ClusterMBean. When a request on a web application is redirected to an alternate location, the server uses the host you specify through the FrontEndHost attribute instead of accepting the hostname contained in the original request.

Use JSP Comment Tags

If comments in JSP files contain sensitive data, use the JSP syntax for comments instead of HTML syntax, as the JSP style comments disappear after the JSP is compiled.

use Precompiled JSPs

Consider precompiling JSPs and installing them ...

Get Oracle WebLogic Server 11g Administration Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Oracle WebLogic Server 11g Administration Handbook by Sam R. Alapati

Implement Security for Applications

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly