I dont understand your question.
What do u mean' duplicate _at_ the second page ?'
There is nothing to duplicate. If he has entered his username/pword
correctly on the first page, *only then* does he get access to the second
one. Otherwise there's no chance of his getting to the second page at all.
Which is the part that you dont understand ??
Ravi
Father & Founder
http://BabyNamesIndia.com
At 11:38 AM 2/6/01 +0700, you wrote:
>Hi,
>
>Your answer is interesting, but please tell me how a hacker can duplicate at
>the second page.
>Thankyou.
>ThuLV,
>
>----- Original Message -----
>From: "Ravi Prashanth" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, February 06, 2001 1:49 AM
>Subject: Re: How to secure a page?
>
>
> > In welcom.jsp, first check for 'username' in the session. If there's none,
> > then redirect the user to login page.
> >
> > You can store this 'username' into the session (HttpSession) from the
>login
> > page (login1.jsp).
> >
> > So, if someone directly tries to enter
> > http://localhost:8080/examples/jsp/welcom.jsp , the session wont have
> > 'username' in it, and the user will be forced back to the login page.
> >
> > Dont send the username to the second page as a form element (either hidden
> > field, or directly), because that behaviour can be easily duplicated by a
> > hacker.
> >
> > Let me know if you have any more questions.
> >
> > Ravi
> > Developer & Publisher
> > http://BabyNamesIndia.com
> >
> >
> >
> >
> >
> >
> >
> >
> > At 09:13 AM 2/5/01 -0800, you wrote:
> > >I remember someone posted Login-related question recently. I have a
>newbie
> > >question on this.
> > >
> > >In my web application, I have login1.jsp which calls login2.jsp to handle
> > >the actual login process. I use JDBC-ODBC-Oracle to handle the database
> > >connection. If successfully logged in, the user will be "forwarded" to a
> > >welcome.jsp.
> > >
> > >I am wondering how could I secure welcome.jsp so that a user can ONLY
>access
> > >welcome.jsp by a successful login? I mean a user could just type in
> > >http://localhost:8080/examples/jsp/welcom.jsp, for example, to access it.
> > >
> > >Someone has metioned the secured page. Could someone explain? Where can I
> > >get the information or code example?
> > >
> > >Thanks a lot,
> > >
> > >Roland
> > >
> >
> >===========================================================================
> > >To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > >JSP-INTEREST".
> > >For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
>DIGEST".
> > >Some relevant FAQs on JSP/Servlets can be found at:
> > >
> > > http://java.sun.com/products/jsp/faq.html
> > > http://www.esperanto.org.nz/jsp/jspfaq.html
> > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
> >
>===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
>JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
>DIGEST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
>===========================================================================
>To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
>JSP-INTEREST".
>For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
>Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
