RE: JServ and security

Nathan Feger Tue, 31 Oct 2000 07:09:43 -0800
----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------

I was pretty much inclined to go along with this model of validation 
also.  An I though server-side cookies maintained this kind of session 
state within them, or could?

Nathan


At 04:09 PM 10/30/00 -0800, you wrote:
>----------------------------------------------------------------
>BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
>WHEN YOU POST, include all relevant version numbers, log files,
>and configuration files.  Don't make us guess your problem!!!
>----------------------------------------------------------------
>
>Nathan wrote:
>
> > I am starting to work on an ASP (Application Service Provider)
> > product for
> > my company and I am just beginning to work on the security concerns.  I
> > plan on using server-side cookies for authentication.  As I have yet to
> > even begin I thought I might try and leverage some of your experiences.
>
>We're just starting out in Jserv-land ... but I do know something about this
>issue.
>
>I don't think cookies are a "best pratices" for authentication.
>
>I do see Cookies as a way of recognizing a user ... but the accepted thing
>is to have them sign on ... via. a password ... and then maintain a "session
>state" for all subsquent web pages.  I.E. you assign a session ID for this
>transaction and keep track of that user as long as they stay 'connected'.
>Typically you time out the session after some period of in-activity.
>
>I used to do that my imbedding the session id in all the URL links ... or in
>a hidden form on the web page.  I understand that jserve ... particullary
>the jssi stuff ... has features for maintining session state et. al.
>
>Bill Volk
>
>
>
>--
>--------------------------------------------------------------
>Please read the FAQ! <http://java.apache.org/faq/>
>To subscribe:        [EMAIL PROTECTED]
>To unsubscribe:      [EMAIL PROTECTED]
>Search Archives:
><http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
>Problems?:           [EMAIL PROTECTED]

---
Nathan A. Feger ([EMAIL PROTECTED])
CIO, rightshop.net Inc.
phone +1-610-871-2444 - fax +1-215-893-3849
toll-free 877-736-8735 - http://www.rightshop.net/ 



--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Search Archives: 
<http://www.mail-archive.com/java-apache-users%40list.working-dogs.com/>
Problems?:           [EMAIL PROTECTED]
RE: JServ and security

Reply via email to
