Right now, WAP is limited to simple login + password:
<?wml version="1.0"?
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN"
http://www.wapforum.org//DTD/wml_1.1.xml>
<wml>
<card title="login">
<p>
Username:
<input name="user" format="*x* />
</p>
<p>
<Password:
<input name="pass" type="password" />
</p>
<do type="accept" title="Log In">
<go href="login?u=$(user:e)&p=$(pass:e)" />
</card>
</wml>
The username is forced to have entirely lowercase letters and the password
is obscured when entered. WTLS is also supported on most recent WAP devices
to scramble the transaction between the WAP device and the gateway, and then
there's SSL between the gateway and the HTTP server. Be aware, though, that
the translation between WTLS and SSL at the gateway is as yet unsecure -
anybody hacking the gateway can gain access to all messages flowing through
it.
Cheers!
Mark
----- Original Message -----
From: "Nic Ferrier" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, May 09, 2001 8:19 PM
Subject: Re: a small problem with number guess game JSP
> >>> Mark Galbreath <[EMAIL PROTECTED]> 10-May-01 1:00:46 AM >>>
>
> >Strictly speaking, cookies are not part of the
> >WAP 1.1 specification, and it is currently very
> >rare for a WAP device to support them. However,
> >many gateways (most notably the UP.Link, which
> >is what I use) can store cookies on behalf of devices.
> >The main reason for the cookies not to exist on a WAP
> >device is that they are costly (in terms of processing
> >power and memory) to implement.
> >One possible alternative is to implement the hidden
> >field functionality of HTML.
>
> In the past I've used HTTP authentication as a means of creating some
> session semantics. Authenticated users have usernames (and realm names
> and passwords) which allows you to store information in a hash that
> you can reproduce whenever the authenticated person turns up.
>
> Because you know when you get new authentications you can control the
> session environment to a certain extent (ie: you can ensure that only
> one person at a time has the session).
>
> Does WAP have an authentication scheme? If so it could be used in a
> similar way.
>
>
> Nic Ferrier
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
