Ah, ok, that's another occasional scenario. A good way to resolve this is to have either the student id or their web site registration associated with an email address. The registration for the web site will construct a random password and email it to the user. The user can't log in until they get the password from their email. They can't get the password unless they can get to the email account for that student id (or the address they enter for the registration).
> -----Original Message----- > From: Nancy Crisostomo Martinez [mailto:[EMAIL PROTECTED] > > Thanks David, > Not exactly, > > My application is some kind of schoolar system. In it the students could > find all > their schoolar information by their own. Yor know, grades, schedules, > finantial > information, etc.. So the user id is given by their student id... so that > is > clear... but the problem begin because we need to give their passwords to > enter to > the site.... We don't want to give a general password for all, because > some 'bad' > friends of some students could know his/her student id and enter to the > site with > the general password and do some 'changes'... > We need some help to find the most secure way to hand in or to let the > users know > their password to enter to the site. > > Thanks! > > Nancy > > "Karr, David" wrote: > > > Your requirements aren't quite clear, but it sounds like your > > application security would look like most online vendor sites, where the > > user self-registers themselves, deciding on their own password, but they > > can't get into the rest of the site until they accomplish that. Is that > > what you're looking for? > > > > > -----Original Message----- > > > From: Nancy Crisostomo Martinez [mailto:[EMAIL PROTECTED] > > > > > > I'm trying to entablish the best way to hand in their own user_id and > > > password to the 3000 users of an applicattion developed. > > > > > > I don't know which could be the best way to do this without forgetting > > > the security because each user has some confidential information in > > > his/her session. > > > > > > Could you please help me? > > > Any clue could help me! > > > Thanks in advance! > > > > > ======================================================================== == > = > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP- > INTEREST". > > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > DIGEST". > > > > Some relevant archives, FAQs and Forums on JSPs can be found at: > > > > http://java.sun.com/products/jsp > > http://archives.java.sun.com/jsp-interest.html > > http://forums.java.sun.com > > http://www.jspinsider.com > > ======================================================================== == > = > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP- > INTEREST". > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST > DIGEST". > > Some relevant archives, FAQs and Forums on JSPs can be found at: > > http://java.sun.com/products/jsp > http://archives.java.sun.com/jsp-interest.html > http://forums.java.sun.com > http://www.jspinsider.com =========================================================================== To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST". Some relevant archives, FAQs and Forums on JSPs can be found at: http://java.sun.com/products/jsp http://archives.java.sun.com/jsp-interest.html http://forums.java.sun.com http://www.jspinsider.com