labs / tiddlywiki / tiddlers / content / labs / lab13 /
Last week, we worked on finding and fixing security flaws in the web application.  This week we will do the same with the database.  We need to address the following problems:

   * Use transport encryption to secure data as it travels over the network.
   * Use accounts with appropriate privileges to connect to and run the SQL statements on the database.
   * Check our JDBC DAOs for SQL injections.
   * Check our JDBC DAOs for dangerous use of the `merge` statement.
   * Encrypt the database files.
   * Using transport encryption to secure JDBC operations.
   * Salt and hash the customer's passwords.