Security methods [OT]

[Brian Menke]

Hi Everyone, 

I'm doing a project for a client and they want to employ some kind of
security mechanism that will allow a customer can have access to their
content but not their competitors, meaning:

* They have information that resides in a text based database.
* A customer can search for the information through a web form. The
information is returned based on a match of the zip code from the web form.
* They don't want competitors to get this information since it is their
intellectual property.

Currently, a session is set and a servlet makes sure that no one tries to
retrieve information via the web form more than 3 times.

The problem is that someone can close and reopen a browser and start over.
I'm also thinking that a semi smart programmer could bypass the whole
browser and do it programmatically anyway.

Security is new to me, and I'm looking for suggestions on how to solve this.
Can someone suggest some general ideas, a book, or something to get me
started? I would surely appreciate it.

Thanks!

-Brian Menke




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Security methods [OT]

[Justin Ruthenbeck]

Every security method you'll find will revolve around a user login 
(authentication).  If the customer isn't already doing that, you'll run 
into problems.  Once you have established trust between the system and 
the user, you move into the security checks (authorization).  You'll need 
a solution for both.

Many people use security mechanisms built into Tomcat/J2EE.  Many others 
steer clear and implement their own (my preference) or use a different 
framework.  This is a matter of technical/political choice -- neither 
option is inherently better.

For info about J2EE security, see
J2EE Servlet 2.3 Specification SRV 12.1
http://www.jcp.org/aboutJava/communityprocess/final/jsr053/
For info on other security schemes, listen for other responses or read 
the archives ... sorry, don't know of any concise references to point you 
to.

This is a very, very, general topic ... if you come up with some ideas or 
specific questions, feel free to post them and I'm sure people will chime 
in with their opinions.

justin

PS: Happy Halloween to all!

At 01:54 PM 10/31/2003, you wrote:
Hi Everyone,

I'm doing a project for a client and they want to employ some kind of
security mechanism that will allow a customer can have access to their
content but not their competitors, meaning:
* They have information that resides in a text based database.
* A customer can search for the information through a web form. The
information is returned based on a match of the zip code from the web 
form.
* They don't want competitors to get this information since it is their
intellectual property.

Currently, a session is set and a servlet makes sure that no one tries to
retrieve information via the web form more than 3 times.
The problem is that someone can close and reopen a browser and start over.
I'm also thinking that a semi smart programmer could bypass the whole
browser and do it programmatically anyway.
Security is new to me, and I'm looking for suggestions on how to solve 
this.
Can someone suggest some general ideas, a book, or something to get me
started? I would surely appreciate it.

Thanks!

-Brian Menke



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Justin Ruthenbeck
Software Engineer, NextEngine Inc.
justinr - AT - nextengine DOT com
Confidential. See:
http://www.nextengine.com/confidentiality.php

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]