Planning WebLogic Portal Security, Page 3
Follow all of the standard secure development practices. Always validate submitted inputs both client and server side before passing the values to the back end. Make sure your databases are well secured. If a portlet is calling for sensitive data, it is a good idea to have your back end services check data entitlements as well. Although checking entitlements twice may be a performance hit, it is a worthwhile expense for securing sensitive data.
Security is part of every project plan where authentication is required. What isn't often planned for is testing the implementation of security. Does it unnecessarily impact usability? Is there a way around it? Is it implemented everywhere it must be? Often these things are covered very thoroughly in a document describing what should be done, but rarely is it verified that it was done. Once you have planned what you need to secure and how you are going to secure it, be sure to also plan on how you will test that the security solutions are implemented properly and function as needed. Then look at it again and see if you missed something. Even the best planned solutions can be improved on once they have been implemented and reviewed.
About the Author
Scott Nelson is a Senior Principal Consultant with well over 10 years of experience designing, developing, and maintaining web-based applications for manufacturing, pharmaceutical, financial services, non-profit organizations, and real estate agencies for use by employees, customers, vendors, franchisees, executive management, and others who use a browser. He also blogs all of the funny emails forwarded to him at Frequently Unasked Questions.