>When using cookies, the session ID is just as easy to
>grab, because it is sent in every request.
>Being "invisible" doesn't make it any more secure.
I know, I also don't like that (storing this in cookies), it seems
unsecure.
>can cut down lots of potential problems. But, the
>more secure protection would be encryption -- then,
>snooping the session ID in the first place becomes
>much more difficult.
IP is a very good solution I guess, but I would like to ensure that by
encrypting the session ID.
Do you know how I can encrypt this session ID in java ? Do you know any
java class/method that does this ?
Thanks ...
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
