How would the servlet know that the person entering John Doe's information was actually John Doe?
If it were me, I would set it up so that in a letter that each student received, they were given a password that was only valid until a certain date. They would access the site, type in their ID number, their temporary password, and then the system would ask them for information that only they would likely have (like the last four digits of their SSN, the last four digits of their driver license or state ID number, the last four digits of the credit card number used to pay tuition, whatever). At that point, they would be given the chance to set a new password and verify the rest of their information.
If the system doesn't have anything important and is just a training/learning system for school, you could probably get by with just letting them register the first time. You would have no guarantee whatsoever that they were who they said they were, however.
John
On Wed, 2 Apr 2003 10:55:18 -0500, Koes, Derrick <[EMAIL PROTECTED] nephew.com> wrote:
Write a servlet (JSP) to ask for that information from the user on first access.
-----Original Message-----
From: Nancy Crisostomo Martinez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 02, 2003 10:51 AM
To: Tomcat Users List
Subject: Re: How to hand in the passwords to 3000 users [urgent!]
Hi !,
My application is some kind of schoolar system. In it the students could
find all their schoolar information by their own. You know, grades,
schedules, finantial information, etc.. So the user id is given by their
student id... so that is clear... but the problem begin because we need to
give their passwords to enter to the site.... We don't want to give a
general password for all, because some 'bad' friends of some
students could know his/her student id and enter to the site with the
general password and do some 'changes'...
We need some help to find the most secure way to hand in or to let the users
know their password to enter to the site. But we don't have their e- mails.
Thanks!
"Goehring, Chuck Mr., RCI - San Diego" wrote:
Nancy,application, then advertise it through the management chain of command with
Hope I understood you problem correctly. It might be worth doing a signup
a url and instructions. Have the app capture the information to a text file
or database. Get the email, username and password that way. I think I'd
also put password change & mailback capabilities in the app so you don't
have to change passwords for users all the time.
Chuck
-----Original Message----- From: Nancy Crisostomo Martinez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 01, 2003 12:55 PM To: Tomcat Users List Subject: How to hand in the passwords to 3000 users [urgent!]
Hi all!
I'm trying to entablish the best way to hand in their own user_id and password to the 3000 users of an applicattion developed to Internet.
I don't know which could be the best way to do this without forgetting the security because each user has some confidential information in his/her session.
Could you please help me? Any clue could help me! Thanks in advance!
Nancy.
ps. I don't have their e-mails so, descart the email way.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This electronic transmission is strictly confidential to Smith & Nephew and
intended solely for the addressee. It may contain information which is
covered by legal, professional or other privilege. If you are not the
intended addressee, or someone authorized by the intended addressee to
receive transmissions on behalf of the addressee, you must not retain,
disclose in any form, copy or take any action in reliance on this
transmission. If you have received this transmission in error, please
notify the sender as soon as possible and destroy this message.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
