I have a passkey to authenticate access to a web service in the code of one of my java serlvets. How easy is it for someone to view the code for my java servlet when it is on my web server? It would pose a security risk to my entire web application if someone was able to find out my passkey. Should i try to find some way around putting this information in my servlet? Does it matter which folder on my web server I put the servlet?
What do you mean you store your password in the servlet? Is it a field of the class or directly typed in the source code?
If so then maybe your not doing it the way it meant to be...
Use a doPost (not doGet )method do get the username and pass from a form that's located on the site. Save these in static class fields, or better, in a database!
The most secure way i can think of is getting your password and username from a database ant compare them with the form's input parameters.
If you don't know what is doPost, html form then i suggest googl'ing. Then tell me about your results.
Ps: hope you know about databases too.
