If you create a mission-critical application with just the bare concepts we covered until now, you will not be guaranteed to be shielded from all security threats. For example, if you need to design a payment gateway, where credit card information is transmitted by means of an EJB or servlet, using just the authorization and authentication stack is really not enough.

In order to prevent disclosure of information, you have to use a protocol that provides data encryption. Encryption is the conversion of data into a form that cannot be understood by people or systems eavesdropping on your network. Conversely, decryption is the process of converting encrypted data back into its original form, so it can be understood.

The protocols used to secure communication are SSL and TLS, the latter being considered a replacement for the older SSL.