Q. Are there any general, or better still specific, pieces of advice re. use of session scope beans in regard to security. Obviously, a session scope bean will cause an amount of data to persist on a Webserver for the life of a user's session. This means (in my naive understanding) that if the webserver is compromised during such a period\ of time, that any session data could potentially be accessible on the webserver. In general, the advice I am being given is to a) store as little data as possible with session scope on the webserver b) store such data for as short a period of time as possible. The server will be protected by firewall software etc. etc., but we have some pretty rigorous folks who want to see as little data as possible compromised. Comments ? =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". FAQs on JSP can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html
