tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert r. Sanders" <robert.sand...@ipov.net>
Subject Re: Problem with security?
Date Fri, 10 Jun 2005 16:50:55 GMT
There are some pretty good resources for getting started on Servlet/JSP 
stuff; try the O'Reilly books, especially the latest version of their 
JSP book. 

I suggest that you need to think of what you are wanting to do in 2 phases:
    1. Login
    2. Authenticate (using values supplied by login).


There are a couple of alternatives if you want to save your user's from 
having to type in passwords over and over; since I'm kind of bored, 
here's a brief list:

    1. If you're users are on Windows desktops, then NTLM Auth can get 
the User information from the browser (either IE or Firefox) without the 
user having to login (see http://jcifs.samba.org/src/docs/ntlmhttpauth.html)
    2. If you have then deployed, then you could use client-certificates 
to authenticate users.
    3. You could use a 'remember-me' library (typically uses cookies so 
that user only has to login once).


Gagnon, Joseph M (US SSA) wrote:

>Did I not say that I'm new to this?
>
>I made no mention to whether or not I was trying to make it secure.
>This is only meant to be used within my company's intranet and my
>intention was to take the user account and then compare it with a set of
>registered users in the application's DB.
>
>I am beginning to see that at the very least I need to create some kind
>of mechanism (although I don't understand yet how to go about that, or
>how many different ways it can be done) to perform user authentication.
>
>If anyone can provide information on how to do this (keep in mind I'm
>new at this), please let me know.
>
>-----Original Message-----
>From: Robert Harper [mailto:robert@iat-cti.com] 
>Sent: Friday, June 10, 2005 10:59 AM
>To: 'Tomcat Users List'
>Subject: RE: Problem with security?
>  
>

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message