Re: How to secure a page?

Mon, 05 Feb 2001 20:23:22 -0800 

Hi,

Your answer is interesting, but please tell me how a hacker can duplicate at
the second page.
Thankyou.
ThuLV,

----- Original Message -----
From: "Ravi Prashanth" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 06, 2001 1:49 AM
Subject: Re: How to secure a page?


> In welcom.jsp, first check for 'username' in the session. If there's none,
> then redirect the user to login page.
>
> You can store this 'username' into the session (HttpSession) from the
login
> page (login1.jsp).
>
> So, if someone directly tries to enter
> http://localhost:8080/examples/jsp/welcom.jsp , the session wont have
> 'username' in it, and the user will be forced back to the login page.
>
> Dont send the username to the second page as a form element (either hidden
> field, or directly), because that behaviour can be easily duplicated by a
> hacker.
>
> Let me know if you have any more questions.
>
> Ravi
> Developer & Publisher
> http://BabyNamesIndia.com
>
>
>
>
>
>
>
>
> At 09:13 AM 2/5/01 -0800, you wrote:
> >I remember someone posted Login-related question recently. I have a
newbie
> >question on this.
> >
> >In my web application, I have login1.jsp which calls login2.jsp to handle
> >the actual login process.  I use JDBC-ODBC-Oracle to handle the database
> >connection. If  successfully logged in, the user will be "forwarded" to a
> >welcome.jsp.
> >
> >I am wondering how could I secure welcome.jsp so that a user can ONLY
access
> >welcome.jsp by a successful login?  I mean a user could just type in
> >http://localhost:8080/examples/jsp/welcom.jsp, for example, to access it.
> >
> >Someone has metioned the secured page. Could someone explain? Where can I
> >get the information or code example?
> >
> >Thanks a lot,
> >
> >Roland
> >
>
>===========================================================================
> >To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> >JSP-INTEREST".
> >For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
> >Some relevant FAQs on JSP/Servlets can be found at:
> >
> >  http://java.sun.com/products/jsp/faq.html
> >  http://www.esperanto.org.nz/jsp/jspfaq.html
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> >  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
>
===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
>  http://java.sun.com/products/jsp/faq.html
>  http://www.esperanto.org.nz/jsp/jspfaq.html
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
>  http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Reply via email to