tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Frank Lawlor" <frank.law...@athensgroup.com>
Subject RE: request for suggestions on how to secure a web application... .
Date Wed, 12 Sep 2001 20:21:52 GMT
Re protection via Realms:
  - a useful mechanism, but by itself might not do the whole job.  For
example, if you
    need to have users log into a specific domain (e.g. different clients
get different data)
    (as happens in many apps) where the userid isn't enough info (one value
of Realms is
    non-unique IDs), then you need to still force people thru a specific
login.
Re object in a session.
  - Note that this can be fabricated by a hacker.  For real security
    you need to look at encrypting it with varying keys.

Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.




Mime
View raw message