Reputation: 84
Cryptography sensitive information using spring
According to OWASP top 10 sensitive information like id need to be encrypted through the pass between clients and server. With spring how do that? I mean : Is it possible with spring and how ? How generate keys? Key vault needed (like oracle) or a key generator ?
edit:
Example :
I write an API : http://localhost:8080/Estate/api/estates/{id}
User 'A' can access to id 12 but I should prevent to access to id 14,15,16 So for that i should encrypt id .
Upvotes: 0
Views: 102
Answers (1)
Reputation: 16644
As security base for a webapp you probably want to use HTTPS.
You can force Spring Security to use HTTPS with a config like this:
<http>
<intercept-url pattern="/**" access="ROLE_ANONYMOUS" requires-channel="https"/>
...
</http>
This doesn't setup HTTPS for you, you will need to do it in Tomcat or the servlet container you use.
For a public valid server you need to order a certificate from a security company, for internal and testing you can create keystore using for example Portecle.
Upvotes: 1
Related Questions
- Spring Security : Encrypt password
- Password Encryption / Decryption using Spring
- Password encryption in Spring MVC
- Best place to keep secure information in java spring web application
- Spring security_Password Encryption
- Simple Spring Security requirement
- Java Spring Security PasswordEncoder
- Password encryption/decryption Spring security
- Spring MVC and Encryption at Rest
- Spring Security: Step by Step