) and static html files.
> But there is a requirement to secure many, if not all, these static
> documents/pages.
>
> How would we go about doing that?
>
> I realize, we could change the html files to jsp and add our security
> code but the problem is these html files are gener
My two cents:
First of all make a filter on your webserver which limits access to those
resources
You could store the html text as CLOB in your database. That would add a
barriere between the user and the html
If that is not secure enough: the big databases support encrypted store of
LOB's
ation sitting on WebSphere 4.x (soon to be Websphere 5.x).
On the web application we have many links to various documents (pdfs, docs,
xlsetc) and static html files.
But there is a requirement to secure many, if not all, these static
documents/pages.
How would we go about doing that?
I realize, we
Hi all,
Here's the background to my question.
A web application sitting on WebSphere 4.x (soon to be Websphere 5.x).
On the web application we have many links to various documents (pdfs, docs,
xlsetc) and static html files.
But there is a requirement to secure many, if not all, these s
>
To: <[EMAIL PROTECTED]>
Sent: Sunday, February 23, 2003 5:09 AM
Subject: Secure JSP
> Hi
>
> Is there any standar way to secure jsp pages and define only one entry
point to
> the application??
>
> I can do it using URL rewriting but I don't know how to do it when th
Hi
Is there any standar way to secure jsp pages and define only one entry point to
the application??
I can do it using URL rewriting but I don't know how to do it when the user allows
cokies.
Thanks in advance!
James
When words aren't enough - Vodafone live! A new world of colo
are using
weblogic, an alternative solution is to set the cookieDomain in the
weblogic.xml file.
-Original Message-
From: Mattias Jiderhamn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 05, 2002 7:27 AM
To: [EMAIL PROTECTED]
Subject: Re: Secure server
Read the docs of your conta
tructure (hashtable) in the application scope, and include
a unique key in the secure shopping form, so the new HTTPS session will
retrieve the old data from the application scope. You have to be very
carefull about security though.
> -Original Message-
> From: A mailing list about Jav
05, 2002 2:59 AM
To: [EMAIL PROTECTED]
Subject: Re: Secure server
Yeah good idea - would certainly solve the browser side issue. Does tomcat
(or any aother servlet container) preserve sessions accross http / https?
> -Original Message-
> From: Mattias Jiderhamn [SMTP:[EMAIL PRO
test
===
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archi
D]
> Subject: Re: Secure server
>
> Using URL rewriting when posting from the http session to the https
> session
> should also work ... right?
>
> > -Original Message-
> > From: A mailing list about Java Server Pages specification and reference
> &g
December 05, 2002 7:48 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Secure server
>
>
> Sessions are not shared accross http / https boundries. This is
> an artifact
> of the browser. It will deliberately not recognise http and https pages as
> being in the same "context"
e https seesion.
> -Original Message-
> From: Alireza Nahavandi [SMTP:[EMAIL PROTECTED]]
> Sent: 04 December 2002 06:02
> To: [EMAIL PROTECTED]
> Subject: Secure server
>
> Hi everybody,
>
> I think there was a discussion about this problem before
>
>
Hi everybody,
I think there was a discussion about this problem before
I need some help with secure server.
I have a session object for a shopping cart :
For checking out I need to call programs from a path like :
https://secure.shop.com/chk1.jsp
In chk1.jsp still I have the
Hi all,
I have the following contexts in my server.xml file
(i'm using the internal tomcat which comes with netbeans)
under netscape, konquror, mozzilla and internet explorer browsers going
to localhost:8091 goes to the correct opening index page (which is not
secure).
this page has a
secure server
Hi everybody,
First of all thank you all for responding to my previous questions.
I have a problem for using SSL. There is a session object passing to a jsp
page in secure server. When coming back from
secure server I'll lose the content of the object. Does anybody know how to
Hi everybody,
First of all thank you all for responding to my previous questions.
I have a problem for using SSL. There is a session object passing to a jsp
page in secure server. When coming back from
secure server I'll lose the content of the object. Does anybody know how to
keep the obj
.
-Original Message-
From: A mailing list about Java Server Pages specification and reference
[mailto:[EMAIL PROTECTED]]On Behalf Of Haseltine, Celeste
Sent: Thursday, January 10, 2002 11:46 AM
To: [EMAIL PROTECTED]
Subject: Designing a secure login using JSP's for a public internet si
Does anyone have any good references regarding
developing a public internet login system that would allow a user to assign
his/her own login name and password/pin. I've spent all of my
Java/JSP career doing internal intranet web sites for companies looking to
disseminate information to thei
Hello,
I'd like to know how to get the HTML code from a Secure URL, meaning: do
I have to import any special Java package to do it? If so, which and
why?
If there are some on-line examples could you please inform me.
Thank You,
, 2001 8:39 PM
> To: [EMAIL PROTECTED]
> Subject: Re: How to secure a page?
>
>
> Hi,
>
> Your answer is interesting, but please tell me how a hacker
> can duplicate at
> the second page.
> Thankyou.
> ThuLV,
>
> - Original Message -
> From: "Ra
>
>- Original Message -
>From: "Ravi Prashanth" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, February 06, 2001 1:49 AM
>Subject: Re: How to secure a page?
>
>
> > In welcom.jsp, first check for 'username' in
Hi,
Your answer is interesting, but please tell me how a hacker can duplicate at
the second page.
Thankyou.
ThuLV,
- Original Message -
From: "Ravi Prashanth" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 06, 2001 1:49 AM
Subject: Re: How to
in2.jsp to handle
>the actual login process. I use JDBC-ODBC-Oracle to handle the database
>connection. If successfully logged in, the user will be "forwarded" to a
>welcome.jsp.
>
>I am wondering how could I secure welcome.jsp so that a user can ONLY access
>welcome
"forwarded" to a
welcome.jsp.
I am wondering how could I secure welcome.jsp so that a user can ONLY access
welcome.jsp by a successful login? I mean a user could just type in
http://localhost:8080/examples/jsp/welcom.jsp, for example, to access it.
Someone has metioned the secured p
We're running on SSL and I haven't had to make any modifications to my code, though
I will warn you that sometimes you have to redo all of the settings for where to
pass JSP files to in order to for any SSL pages if a different program is handling
the https than the http.
-Daniel
"[Frank Guchela
> > -Original Message-
> > From: [Frank Guchelaar] [mailto:[EMAIL PROTECTED]]
> > Sent: 04 January 2001 13:43
> > To: [EMAIL PROTECTED]
> > Subject: Secure
> >
> > Hi,
> >
request.getRemoteUser() should give you the login user name.
/Manne
-Original Message-
From: [Frank Guchelaar] [mailto:[EMAIL PROTECTED]]
Sent: 04 January 2001 13:43
To: [EMAIL PROTECTED]
Subject: Secure
Hi,
we're going to develop a sort of e-commerce site. Security will be
Hi,
we're going to develop a sort of e-commerce site. Security will be very
important, so it's decided to use SSL. Are there any specific issues we
should take in mind during the development stage because of the use of ssl?
Also we would like to make use of the 'default' login-dialog which the
b
not
> response.
> On browsers other than Netscape 6.0 everything is OK.(IE4, IE5, IE5.5,
> Netscape 4&5, Netscape Communicator).
> The same program w/o VeriSign SSL in Web Service mode (http, not https
> )
> runs OK on Netscape 6.0.
> But when I try to run JWS w/o VeriSign
e programmers,
again. "they'll be sorry".
> -Original Message-
> From: A mailing list about Java Server Pages specification and reference
> [mailto:[EMAIL PROTECTED]]On Behalf Of Eugene Voznesensky
> Sent: Tuesday, November 21, 2000 10:41 PM
> To: [EMAIL PROTECTED]
IE5, IE5.5,
Netscape 4&5, Netscape Communicator).
The same program w/o VeriSign SSL in Web Service mode (http, not https )
runs OK on Netscape 6.0.
But when I try to run JWS w/o VeriSign SSL in Secure Web Service the
problem happened again.
>From VeriSign Customer support (877 438 8776) wa
Sorry for the irrelevant question but is there a tool or web service that finds the
none secure
items in a web page (for developer use)? I just want to get rid of this annoying pop
up...
Thanks
===
To unsubscribe: mailto
Hi all
I've to developed a secured web site where user can submit some info. it
should be in encrypted form so that while it flows from user's end to server
end nobody can read that. I just know we can do that by using https instead
of http. but I've one doubt whether we need to make any special
Hi!
How do I make my NES or IIS server to accept ftps protocol..
Regards,
Nagendra
===
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http:/
Hi all,
Help needed:
When I run servlets from the Browser, it takes time to load, and at the
same time JSP is giving the following error:
javawebserver : java web server error:can not start Secure Service: No
Key File
Warning: exit code is -1073741819
Thanks in advance
Alan
PLEASE HELP IN IMPLEMENTING THIS.
We've installed all our JSPs in one directory which is
configured for HTTP. Now we've to move the secure
pages to another directory which is configured for
HTTPS. How the unsecure pages can call secure pages
because both are located in two different d
I was not sure what happens to HttpSession when I
switch the URL. I make heavy use of session to keep
some of the user's context in the system. Any
thoughts on that?
Thanks,
Venkat
--- Kevin Duffey <[EMAIL PROTECTED]> wrote:
> How do you make them secure? I thought you just m
How do you make them secure? I thought you just make the link https instead
of http and information is sent securely. I know you need a secure
certificate on the server, but other than that..what is involved?
===
To
Hi,
I would like to make some of my JSP pages secure
(login, registration pages for example). We tried
hard-coding the secure URLs in non-secure pages and
not sure if this is the way to go.
I am wondering how others are doing it.
We are using WebLogic 5.1 under NT.
Thanks,
Venkat
I am developing a merchandise site that need to collect some data from a
secure server ( credit card info, account info etc.). I was going through
the archives and found some useful material from gurus for transferring data
between secure and non-secure servers. After going through the materials
Hello, How can i use thr secure Socket Layer protocol in my jsp
application.
I actually use the class HttpServlet, is there a similar class to SSL?
It is very important for me
thank you very much.
===
To unsubscribe
Hi,
download JSSE. I made it work with JDK 1.3 and some certificate tweaking,
have not had much luck with JDK 1.2.2.
Vadim.
-Original Message-
From: Pablo J. [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 23, 2000 6:52 AM
Subject: How can i use thr secure Socket Layer protocol
Well, there are many ways. But, the way we do it is quite easy actually.
Assuming you have a database set up, and a table called LoginTable, we'll
go from there.
Ideally, you would have a JSP page with a form on it, that allows them to
enter their use name and password. When submitted your JavaBe
Read the JSP faq at esperanto..It is well explained there..
A
> Hi,
>
> How do I make use of JSP to write an application to control access to the
> website? Comments and ideas or examples anyone?
>
> Thanks in advance.
>
> Cheers,
> Jo
>
>
> __
>
Hi,
How do I make use of JSP to write an application to control access to the
website? Comments and ideas or examples anyone?
Thanks in advance.
Cheers,
Jo
__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
Hi,
I was recently lamenting the USA's export law which was stopping me from
downloading J2EE as it contained encryption products, in particular an SSL API.
Well I just heard on the SERVLET-INTEREST list that Sun have got the export
license and we can all get it now.
Hooray!
Karl
==
e
> spec for SSL
> you will see that there is quite a bit of protocol dance that happens
> before you send your password and credit card number to Amazon.com.
> Https is just http over a secure tcp/ip connection provided
> by SSL. SSL
> essentially allows you, the customer, to se
I have som question of secured password.
If I use encryption in JDK Security package( eg. MessageDigest ) how can I decrypt on
the other side?
I think JDK doesn't provide decryption method.
Could anyone give an right answer to me?
ed login
transmission to get you to let them in. If you look at the spec for SSL
you will see that there is quite a bit of protocol dance that happens
before you send your password and credit card number to Amazon.com.
Https is just http over a secure tcp/ip connection provided by SSL. SSL
essenti
loper/jrunreferencedesk/
Allaire Knowledge Base:
http://www1.allaire.com/Support/KnowledgeBase/SearchForm.cfm
> -Original Message-
> From: Stephen M. Gardner [mailto:[EMAIL PROTECTED]]
>
> MD5 is a secure hash not an encryption algorithm. It
> turns arbitrary
> len
Karl Roberts wrote:
> Hi stan,
>
> Well yes it does, but when I tried to download it last week, I was refused
>because
> of American Export law because it contains encription. I am in the UK.
> Is there a (leagal) way to download the J2EE outside of USA?
>
> Karl
The new beta is supposed to
12:41
To: [EMAIL PROTECTED]
Subject: Re: Secure passwords
I didn't try this, but here's the approach I would follow.
The servlet can create a public/private key pair and send the public key to
the applet.
The applet uses this key to encrypt the userid-password and sends this to
the se
I didn't try this, but here's the approach I would follow.
The servlet can create a public/private key pair and send the public key to
the applet.
The applet uses this key to encrypt the userid-password and sends this to
the servlet.
I guess this is already pretty secure. No one will
gt; socket is that user and server may be on the other side of a firewall
> > from each
> > other.
> >
> > The only trouble I'm having at present is how to initialize the applet
> > with it's
> > (unique) encryption key in a secure manner. One idea is t
>
> The only trouble I'm having at present is how to initialize the applet
> with it's
> (unique) encryption key in a secure manner. One idea is to use the
> session id and
> IP address of the request which the applet uses to create it's own key
> on the fly.
&g
ugh
a custom
socket is that user and server may be on the other side of a firewall
from each
other.
The only trouble I'm having at present is how to initialize the applet
with it's
(unique) encryption key in a secure manner. One idea is to use the
session id and
IP address of the request w
Scott Stirling wrote:
> encrypt the
> password using something like an MD5 algorithm, and send that back to the
> server over regular HTTP. Then you'd decrypt the password on the other
> side.
MD5 is a secure hash not an encryption algorithm. It turns arbitrary
lengt
Michael Allen wrote:
> To be pedantically technical, this is no more safe than sending the password
> in plaintext. If you sent plaintext, someone snooping would see something
> like this:
A lot of people get confused about this. You will even see secure
hashes referred to
ck to the server. This can't be
> the norm. How do Yahoo, Excite and others implement this when logging on?
You use the secure server protocol (HTTP over SSL) to talk to the
server. When you are ordering a book next time at amazon notice that
when you are typing your password the
> To make this secure, the server would need to provide some
> sort of "salt" to
> hash in with the user's password.
Right, that's what I had in mind. I guess the correct term is what's know
as an "MD5 hash." What he said. ;-)
Scott Stirling
Alla
ng like this:
Username: foo
Password: 6xFg2HfM
However, the string "6xFg2HfM" would not change, so all the snooper need do
now is send the same username/hashed password combo to break into the
account.
To make this secure, the server would need to provide some sort of "salt"
ledge Base:
http://www1.allaire.com/Support/KnowledgeBase/SearchForm.cfm
> -Original Message-
> From: Bragg, Casey [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, October 21, 1999 4:33 PM
> To: [EMAIL PROTECTED]
> Subject: [JSP-INTEREST] Secure passwords
>
>
> I'm look
I'm looking for any ideas on how to communicate a password
(entered into a browser form on a jsp page) to a servlet or bean securely.
As far as I can tell, on a POST my password text is plainly exposed
(unencrypted) as it traverses HTTP back to the server. This can't be
the norm. How do Yahoo,
I too am interested in JSP with secure sockets. If anyone has any pointers,
please advise. It could make the difference between me using JSP and (ugh)
ASP for my project.
Tim.
- Original Message -
From: Vincent Roderick <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Fri
Mustafa,
1) Why can't you redirect to a URL or jsp that is on a secure socket? I
don't see this as a big deal as long as your web server supports jsp and
secured sockets...(but I haven't tried it)
2) You can do this by handing out a session id from a database and using
hidde
Dear All ,
I am really Sorry for the misconvinience, and here is my list
1 - Does anyone can tell me how Secure Sockets play there role through JSP
2 - Any alternative Solution to handle Session Tracking
3 - How does the Instantiation of beans and JSP takes place on the Server
side when multiple
67 matches
Mail list logo
