Thursday, 10 September 2009


Well, I am again doing more courses, this time I have been re-learning JSP and servlets in Apache Tomcat.

To this end I have written and updated my assignment for the subject which is online at the following link:

I have added a number of additional controls to those required by the assignment (being the development of a simple forms based confirmation page - again overkill). The issue I see is again a lack of note for security.

We are using an early version of Tomcat for the assignment and we have set the Servlets to run without all of the new checks that are completed in Tomcat. As the course is more focused on Java, we totally seem to bypass the configuration of WebXML files that define how an application should run.

Am I the only one who thinks this is a little problematic?

If we teach insecure coding practice, we will not have the budding professionals of the future know what they should be doing.

No comments: