Thom Burnett wrote:
What are the options within Struts (version 1) for passing information
from
one request to the next on a multi-page struts application?
I can pass some information as request parameters and hidden inputs on
forms
but that's not acceptable for credit card numbers, passwords, etc.
What are the other options and how do they work?
The options are about the same as in any web application; there's
nothing Struts-specific here.
1) put sensitive data into the session; make sure you force a secure
transport (HTTPS) to prevent session spoofing
2) store sensitive data into your database or other persistent store,
passing a row key or other identifying information so you can retrieve
it on the next request; of course, you then need to treat that row key
or whatever as sensitive data, and apply one of the other options for that
2) include sensitive data as (one or more) hidden inputs on each form,
but encrypt the data; include a hash/checksum of the encrypted data to
help detect tampering
There may be other approaches I'm not thinking of right now as well :-)
How, if at all, do people manage a single sign on to pages when a user
needs
to sign in.
That's a bit vague... There are countless ways to handle authentication
in a Java web application; it all depends on your requirements. Single
Sign On for a single web app is obviously trivial ;-) so it depends on
what your authentication scheme need to interoperate with, to start with.
L.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
