What mechanisms do you developers typically use for preventing unauthorized
access to a web application? I'm trying to determine the best approach for
my web app. Here are the basic guidelines I need to follow:
1. We must limit access to the site to registered users.
2. We currently use BASIC
On Wed, 2004-10-06 at 11:59, Anderson, M. Paul wrote:
snip
3. We currently store passwords in a database in plain text but we now wish
to encrypt them.
If you look at the underlying code for the web mail client for yahoo.com
for example, you will find a small amount of JavaScript that encrypts
Message-
From: Anderson, M. Paul [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 06, 2004 12:00 PM
To: 'Tomcat Users List'
Subject: Authentication Mechanisms
What mechanisms do you developers typically use for preventing unauthorized
access to a web application? I'm trying to determine
Hello,
I have a web-application that has a JSP-based UI and an AXIS-based web
service. I need to use FORM-based authentication for the UI users and
BASIC-authentication for web service users.
Is it possible to have the two authentication mechanisms in one webapp,
or do I need to separate the UI
the two authentication mechanisms in one webapp,
or do I need to separate the UI and the web service in two webapps?
Well, anything is possible if you want to put enough work into it :). And
this one is pretty high on the work-scale. You'd need to implement your own
custom Authenticator
