i need to implement the following security features in my security application.
authentication
which is better - have a login page and keep some sort of bean in session on successful login
and check for the ban in every action(and have no direct links)
OR use realms, define user roles etc
(i have only 2 classes of users at the moment, the max number will be 4)
confidentiality - should i implement my own encryption protocol, like a function that takes a string,
gets a symmetric key(or private key if using public key encryption) and encrypt and send
the data
integrity - again what should be my approach?
non-repudiation - digital signatures????
prevent replay attacks - ???
how do i support ssl in struts?
any pointers and references would be most welcome
thanks ajay
_________________________________________________________________
Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/mobilemania/default.asp
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
