Use certificates. They almost guarantee you the identity of a person submitting a
request. But you still should not depend on them alone because they can be
copied. Also if they're installed on a browser they can be used by anyone having
access to that machine. In order to minimize this risk the certificate repository
can be password protected but that's going back to square one and the client having
have to enter a password (!).
It's the something-they-have-and-something-they-know type of security that is the
best, meaning certificate as something they have and password as something they
know.
If you can't use certificates you're stuck with the something-they-know part which
is the bare minimum. You shouldn't sacrifice basic security for ease of use.
dave.
Sharat Babu wrote:
> > Hi
> >
> > I want to know is there any way where the application instead of enquiring
> > login information , the application itself should know who the user is .
> >
> > My client don't want all the time giving login and password.
> >
> > so i want to know the userid without asking the user "the user id".
> >
> > thanx in advance.
> >
> > sharat
>
> ===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
> FAQs on JSP can be found at:
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
--
David Mossakowski [EMAIL PROTECTED]
Programmer 212.310.7275
Instinet Corporation
"I don't sit idly by, I'm planning a big surprise"
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
FAQs on JSP can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
