To simplify things and help our users to be more productive, we have archived the current forum and focus our efforts on helping developers on Stack Overflow. You can post new questions on Stack Overflow or join our Discord channel.
Hello, I’m new in Vaadin and have a question regarding the improvement of application security.
Let’s say you have an https secured Vaadin application with a login form. This login form (with two fields: username/password) is prevented from SQL-Injections and properly implemented using setUser(…) and so forth.
The usernames and passwords of registered users are saved as hashed values in a server-side database. After successful authentication (checking username/password as hash values) over https the Vaadin application starts opening the real databases with potentially confidential information and returning some user interfaces with this data.
The business logic of the application is not used by any other service and is only available within this Vaadin application. The successful logged-in-users are considered as trustworthy (there will be only a few of them).