Home > Ask the Software Quality Experts > Application Security Questions & Answers > What's a good authentication method for Java?
Ask The Software Quality Expert: Questions & Answers
EMAIL THIS

What's a good authentication method for Java?

Ramesh Nagappan EXPERT RESPONSE FROM: Ramesh Nagappan

Pose a Question
Other Software Quality Categories
Meet all Software Quality Experts
Become an Expert for this site


Software quality news and advice
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


>
QUESTION POSED ON: 22 August 2006
I'm searching for a good authentication method for Java, and I've been looking at RSA and biometric. Which would you recommend?

>
EXPERT RESPONSE
It is a tricky question. Frankly speaking, I haven't seen a single "good" authentication solution that identifies without potential vulnerabilities or compromises. Each authentication method has its own strengths and weaknesses, and there is no vendor exception as well. To me, all authentication methods are susceptible to at least one or more of possible frauds because they can be possibly stolen, predicted, manipulated, forged, impersonated or hacked.

If you are seriously looking for a trustworthy authentication solution equivalent to a face-to-face verification by a security official, then you may need to consider multifactor authentication methods commonly referred to as strong authentication. This means verifying a person's identity credentials using his/her proof-of-knowledge (password, PIN, mother's maiden name), proof-of-possession (Smartcards, Drivers license, Digital Certificates) and proof-of-physiological/behavioral characteristics (biometrics).

Using any two or more of those authentication mechanisms often is considered a good authentication practice. In Java/J2EE environments, Java Authentication and Authorization Service (JAAS) plays a vital role for implementing authentication mechanisms within Java/J2EE applications. It also allows multiple authentication chaining for enabling a multifactor authentication-based single sign-on solution. For implementation details, refer to my article, "Building Biometric Authentication for J2EE, Web, and Enterprise Applications," on biometric single sign-on authentication in a J2EE environment particularly using JAAS.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Application Security
PCI DSS compliance: WAF, code review or both?
Application security careers have bright future
How to prevent anti-DNS pinning attacks
Open source application security testing tools
Java application security features and measures
Web application security testing basics
Password recovery with .NET 2.O using C#
Free load and performance testing tools
The most effective time to do security testing
Finding backdoor threats within applications

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2006 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts