Secure That Session Bean!
By Geertjan-Oracle on Jul 25, 2005
When I decoded the garbled authorization string (as described in step 6 here), the IDE's Output window displayed the username and password that the server requires in order for the web application to access the session bean:
The point is this: HTTP Basic Authentication is useful for illustrative purposes only. To really secure an application, a far more robust security strategy should be adopted -- and that strategy is Secure Socket Layer (SSL). SSL provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection. It includes support for a public key certificate, which is the digital equivalent of a passport. It is issued by a trusted organization, which is called a certificate authority (CA), and provides identification for the bearer. For details, read the Understanding Login Authentication section in the J2EE Tutorial.