I think the best way would be to send a randomly generated password via
email.
I've used something like this where when the user requests for his passwd
the
passwd is mailed to him...
Tag library could be used to send mail...
----------------------------------------------------
V.T.R.Ravi Kumar
Engineer,CCX,BHEL, Haridwar
Phone : Office-91-01334-285260
Res -91-01334-226121
-----------------------------------------------------
----- Original Message -----
From: "Nancy Crisostomo Martinez" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 02, 2003 3:04 AM
Subject: Re: How to hand in the passwords to users [urgent!]
> Thanks David,
> Not exactly,
>
> My application is some kind of schoolar system. In it the students could
find all
> their schoolar information by their own. Yor know, grades, schedules,
finantial
> information, etc.. So the user id is given by their student id... so that
is
> clear... but the problem begin because we need to give their passwords to
enter to
> the site.... We don't want to give a general password for all, because
some 'bad'
> friends of some students could know his/her student id and enter to the
site with
> the general password and do some 'changes'...
> We need some help to find the most secure way to hand in or to let the
users know
> their password to enter to the site.
>
> Thanks!
>
> Nancy
>
> "Karr, David" wrote:
>
> > Your requirements aren't quite clear, but it sounds like your
> > application security would look like most online vendor sites, where the
> > user self-registers themselves, deciding on their own password, but they
> > can't get into the rest of the site until they accomplish that. Is that
> > what you're looking for?
> >
> > > -----Original Message-----
> > > From: Nancy Crisostomo Martinez [mailto:[EMAIL PROTECTED]
> > >
> > > I'm trying to entablish the best way to hand in their own user_id and
> > > password to the 3000 users of an applicattion developed.
> > >
> > > I don't know which could be the best way to do this without forgetting
> > > the security because each user has some confidential information in
> > > his/her session.
> > >
> > > Could you please help me?
> > > Any clue could help me!
> > > Thanks in advance!
> >
> >
===========================================================================
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
> > For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
> >
> > Some relevant archives, FAQs and Forums on JSPs can be found at:
> >
> > http://java.sun.com/products/jsp
> > http://archives.java.sun.com/jsp-interest.html
> > http://forums.java.sun.com
> > http://www.jspinsider.com
>
>
===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
> For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
>
> Some relevant archives, FAQs and Forums on JSPs can be found at:
>
> http://java.sun.com/products/jsp
> http://archives.java.sun.com/jsp-interest.html
> http://forums.java.sun.com
> http://www.jspinsider.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant archives, FAQs and Forums on JSPs can be found at:
http://java.sun.com/products/jsp
http://archives.java.sun.com/jsp-interest.html
http://forums.java.sun.com
http://www.jspinsider.com
