stackoom
  简体   繁体   中英

Cryptography sensitive information using spring

 原文  2015-09-08 10:41:38       java/ spring/ spring-security

Question

According to OWASP top 10 sensitive information like id need to be encrypted through the pass between clients and server. With spring how do that? I mean : Is it possible with spring and how ? How generate keys? Key vault needed (like oracle) or a key generator ?

edit:

Example :

I write an API : http://localhost:8080/Estate/api/estates/ {id}

User 'A' can access to id 12 but I should prevent to access to id 14,15,16 So for that i should encrypt id .

1 answers

solution1
 1 ACCPTED  2015-09-09 11:54:47

As security base for a webapp you probably want to use HTTPS.

You can force Spring Security to use HTTPS with a config like this: 

<http>
  <intercept-url pattern="/**" access="ROLE_ANONYMOUS" requires-channel="https"/>
  ...
</http>

This doesn't setup HTTPS for you, you will need to do it in Tomcat or the servlet container you use.

For a public valid server you need to order a certificate from a security company, for internal and testing you can create keystore using for example Portecle .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question spring boot external config with sensitive information not working wanted to replace mask sensitive information ***** by using Regex How to store sensitive information using java? Hiding sensitive information in response Hiding sensitive information that is in the response Using PKCS 7 Cryptography Is the permission parameter case-sensitive when using with hasPermission in spring security? Spring Security Case Sensitive Encrypting sensitive information in JBoss configuration Java 11 - How to overwrite sensitive information in JVM- AND System-Memory (perhaps using System.gc()?)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM