- Authentication with Resin
Authentication provides a method for a username and password
combination to be provided by a user and then verified by the web
server. By using Resin's Authenticator API for login support,
applications can add security without writing an entire
- Digest Passwords
Digest passwords enable an application to avoid storing and even
transmitting the password in a form that someone can read.
- Authorization with Resin
Authorization is used to mark sections and resources of a web site
that have limited access.
are used to indicate
the criteria for access, typically the constraint is based on a
user login, but it can also include such things as limiting access
to clients from a certain ip address and requiring that a secure
transport such as SSL is in use.
- SSL with Resin
SSL (Secure Sockets Layer) is a commonly-used protocol
for managing the security of message transmission on the
Internet. SSL in your web server provides support for the
familiar https:// protocol.
- Security Manager with Resin
In ISP environments, it's important that each user have
restricted permissions to use the server. Normally, the
web server will be run as a non-root user so the users can't
read system files, but that user will still have read access. The use of RMI
also requires a security manager.
- Malicious Attacks
Resin is a very mature product, and has not had any security
reports in a long time. Here we discuss some common methods
used to attack web servers, and how they are handled by Resin
and how they apply to your applications.
- Security Tutorials
- Basic Security and Resin's XmlAuthenticator
This tutorial covers the basics of JSP and
Servlet security and the use of Resin's XmlAuthenticator.
- Security FAQ
- Can I use different SSL certificates for each virtual host?
We have two domains on one server.
- Why does Resin say I need OPENSSL_THREADS when I try to use OpenSSL?
Resin dies with an error on startup "Resin requires a threaded version of OpenSSL.
- What is the sequence of handshakes for an SSL connection?
- Security Scrapbook
A repository of notes and comments that will
eventually make their way into the documentation. Please
treat the information here with caution, it has often not been
- How do I handle port 80 and root issues on Linux?
When using the 2.6 Linux kernel or RedHat 9.0, you can use
the standard user-name configuration.
- Where can I learn more about SSL?
- Converting a JSSE Keystore to OpenSSL
- How can I handle SSL for virtual hosts if I have a separate IP for each host?
I have different IP's, but am trying to avoid using them in the config
files as we have a
develepment, staging and production environment each of which would have
|Copyright © 1998-2005 Caucho Technology, Inc. All rights reserved.|
Resin® is a registered trademark,
and HardCoretm and Quercustm are trademarks of Caucho Technology, Inc.