A hacker can duplicate it by typing in the url and adding the ?form-element-name=value; so that it "fakes" out your program into thinking it sees a request parameter. > -----Original Message----- > From: Le van Thu [mailto:[EMAIL PROTECTED]] > Sent: Monday, February 05, 2001 8:39 PM > To: [EMAIL PROTECTED] > Subject: Re: How to secure a page? > > > Hi, > > Your answer is interesting, but please tell me how a hacker > can duplicate at > the second page. > Thankyou. > ThuLV, > > ----- Original Message ----- > From: "Ravi Prashanth" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, February 06, 2001 1:49 AM > Subject: Re: How to secure a page? > > > > In welcom.jsp, first check for 'username' in the session. > If there's none, > > then redirect the user to login page. > > > > You can store this 'username' into the session > (HttpSession) from the > login > > page (login1.jsp). > > > > So, if someone directly tries to enter > > http://localhost:8080/examples/jsp/welcom.jsp , the session > wont have > > 'username' in it, and the user will be forced back to the > login page. > > > > Dont send the username to the second page as a form element > (either hidden > > field, or directly), because that behaviour can be easily > duplicated by a > > hacker. > > > > Let me know if you have any more questions. > > > > Ravi > > Developer & Publisher > > http://BabyNamesIndia.com > > > > > > > > > > > > > > > > > > At 09:13 AM 2/5/01 -0800, you wrote: > > >I remember someone posted Login-related question recently. I have a > newbie > > >question on this. > > > > > >In my web application, I have login1.jsp which calls > login2.jsp to handle > > >the actual login process. I use JDBC-ODBC-Oracle to > handle the database > > >connection. If successfully logged in, the user will be > "forwarded" to a > > >welcome.jsp. > > > > > >I am wondering how could I secure welcome.jsp so that a > user can ONLY > access > > >welcome.jsp by a successful login? I mean a user could > just type in > > >http://localhost:8080/examples/jsp/welcom.jsp, for > example, to access it. > > > > > >Someone has metioned the secured page. Could someone > explain? Where can I > > >get the information or code example? > > > > > >Thanks a lot, > > > > > >Roland > > > > > > >============================================================= > ============== > > >To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > > >JSP-INTEREST". > > >For digest: mailto [EMAIL PROTECTED] with body: "set > JSP-INTEREST > DIGEST". > > >Some relevant FAQs on JSP/Servlets can be found at: > > > > > > http://java.sun.com/products/jsp/faq.html > > > http://www.esperanto.org.nz/jsp/jspfaq.html > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets > > > > > ============================================================== > ============= > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > JSP-INTEREST". > > For digest: mailto [EMAIL PROTECTED] with body: "set > JSP-INTEREST > DIGEST". > > Some relevant FAQs on JSP/Servlets can be found at: > > > > http://java.sun.com/products/jsp/faq.html > > http://www.esperanto.org.nz/jsp/jspfaq.html > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets > > ============================================================== > ============= > To unsubscribe: mailto [EMAIL PROTECTED] with body: > "signoff JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set > JSP-INTEREST DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.html > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets > > ============================================================== > ============= > To unsubscribe: mailto [EMAIL PROTECTED] with body: > "signoff JSP-INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set > JSP-INTEREST DIGEST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.html > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets > =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
