Re: How risky it is to store passwords in a session variable
It really depends on your company's or your customer's auditors and if they view this as a security exposure. -Original Message- From: Lorena Carlo [mailto:[EMAIL PROTECTED]] Sent: Friday, October 20, 2000 4:19 PM To: [EMAIL PROTECTED] Subject: Re: How risky it is to store passwords in a session variable Hello all, Thanks for the answers, but you haven't really answer me if it is dangerous to do this or not. The reason why I want to do this is for validating a user after he has accessed the program, I want him to re-enter the password for some operations, and I don't want to access again the database, so I want to validate it with the session variable. Please answer me the question, and give alternatives if this is dangerous. Thanks in advance Lorena - Original Message - From: T A Flores <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 20, 2000 3:01 PM Subject: Re: How risky it is to store passwords in a session variable > I am unclear as to why you want to store a password in session. Why > don't you just pass around some type of validated indication and not > the password. Such as login=true; > > - Original Message - > From: Lorena Carlo <[EMAIL PROTECTED]> > Date: Friday, October 20, 2000 12:12 pm > Subject: How risky it is to store passwords in a session variable > > > Hello all, > > > > Can somebody tell me if there is a risk in declaring a session > > variable that > > contains passwords?. > > > > Thanks in advance > > > > Lorena > > > > > > === > > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > > JSP-INTEREST". > > Some relevant FAQs on JSP/Servlets can be found at: > > > > http://java.sun.com/products/jsp/faq.html > > http://www.esperanto.org.nz/jsp/jspfaq.html > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets > > > > === > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.html > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
Re: Writing XML in JSP file
I think you are right, the browser needs to understand the XML. We use IE5.0 as our standard desktop browser, so this isn't an issue for us. However, I have tried Netscape 6.0 PR1, and the XML doesn't seem to work yet. -Original Message- From: Daniel Lopez [mailto:[EMAIL PROTECTED]] Sent: Friday, April 14, 2000 10:02 AM To: [EMAIL PROTECTED] Subject: Re: Writing XML in JSP file Eumm, I might be wrong but... is it possible that this just works if the client browser is capable of doing the transformation of the XML into HTML using XSL? AFAIK, this just works with Explorer 5 and if what you want to do is perform this transformation in the server, you have to do something different as JSP pages are not easily postprocessed in the server. Joe Milora posted a possible solution a couple of days ago that involve using taglibs but this way you lower your requirements in the client and network traffic. Just my 2c, Dan PD: I read somewhere in the spec that this issue of postprocessing JSP pages is going to be addressed in the next version of the specification. Until then, taglibs might be a good solution. "Kaseman, Mark T" escribió: > Yes you can. The main requirement is to include something like the following > > > <<< where the href > points to your XML style sheet > > The style sheet contains all the HTML instead. > > -Original Message- > From: Nishi [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, April 12, 2000 11:54 PM > To: [EMAIL PROTECTED] > Subject: Writing XML in JSP file > > Hi all, >I am wondering if we can write XML in a jsp file in place of HTML. if > yes then how to display it in browser. > > Thanks, > Nishi > > === > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff > JSP-INTEREST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.html > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets > > === > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". > Some relevant FAQs on JSP/Servlets can be found at: > > http://java.sun.com/products/jsp/faq.html > http://www.esperanto.org.nz/jsp/jspfaq.html > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
Re: Writing XML in JSP file
Yes you can. The main requirement is to include something like the following <<< where the href points to your XML style sheet The style sheet contains all the HTML instead. -Original Message- From: Nishi [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 12, 2000 11:54 PM To: [EMAIL PROTECTED] Subject: Writing XML in JSP file Hi all, I am wondering if we can write XML in a jsp file in place of HTML. if yes then how to display it in browser. Thanks, Nishi === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets === To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST". Some relevant FAQs on JSP/Servlets can be found at: http://java.sun.com/products/jsp/faq.html http://www.esperanto.org.nz/jsp/jspfaq.html http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets