nal Message-
> From: John Morrison [mailto:morr...@gmail.com]
> Sent: Thursday, November 12, 2009 9:04 AM
> To: users@tomcat.apache.org
> Subject: RE: Token Security
>
> Thanks guys, I've got what I need
Did I just hear... "D--- the torpedos!"
-Original Message-
From: John Morrison [mailto:morr...@gmail.com]
Sent: Thursday, November 12, 2009 9:04 AM
To: users@tomcat.apache.org
Subject: RE: Token Security
Thanks guys, I've got what I needed working. Most appreciated.
on [mailto:morr...@gmail.com]
Sent: Thursday, November 12, 2009 8:43 AM
To: Tomcat Users List
Subject: RE: Token Security
Nope. I've made it clear (and I've the email trail to prove) that I'm
doing this this way solely at the order of the powers that be.
On Thu, November 12, 2009 2:31 pm,
Thanks guys, I've got what I needed working. Most appreciated.
Regards,
John.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
be
> escorting you out???
>
> -Original Message-
> From: John Morrison [mailto:morr...@gmail.com]
> Sent: Thursday, November 12, 2009 8:18 AM
> To: users@tomcat.apache.org
> Subject: RE: Token Security
>
> On Thu, November 12, 2009 1:33 pm, Joseph Morgan wrote:
>> Joh
SAML doesn't require JAVA, and is XML (a place where MS is strong)... but since
it is XML, can be handled well by Java
-Original Message-
From: John Morrison [mailto:morr...@gmail.com]
Sent: Thursday, November 12, 2009 8:18 AM
To: users@tomcat.apache.org
Subject: RE: Token Securit
And let me guess... the day a costly security breach occurs, they'll be
escorting you out???
-Original Message-
From: John Morrison [mailto:morr...@gmail.com]
Sent: Thursday, November 12, 2009 8:18 AM
To: users@tomcat.apache.org
Subject: RE: Token Security
On Thu, November 12, 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
On 11/11/2009 5:29 PM, John Morrison wrote:
> Correct, at the moment there is no requirement to actually authenticate
> the user. However, I've been told to ensure that, if the client wishes
> (and pays) that the solution could be expanded to d
On Thu, November 12, 2009 1:33 pm, Joseph Morgan wrote:
> John,
>
> Just curious, but have you looked into existing token-based security
> mechanisms such as LTPA (if you're predominantly an IBM shop) or SAML?
Hi Joseph
I haven't to be honest; this isn't a java shop. MS is 99% of what we use
but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
On 11/11/2009 5:01 PM, John Morrison wrote:
> I've not come across filters before - I'll look into them in more depth at
> work tomorrow, however could you expound upon how you would envisage it
> working?
The filter simply checks your requirem
On Thu, November 12, 2009 1:49 pm, Joseph Morgan wrote:
>>Correct, at the moment there is no requirement to actually authenticate
>>the user. However, I've been told to ensure that, if the client wishes
>>(and pays) that the solution could be expanded to do so.
>
> I may have missed something, but
On Thu, November 12, 2009 1:49 pm, Joseph Morgan wrote:
>>Correct, at the moment there is no requirement to actually authenticate
>>the user. However, I've been told to ensure that, if the client wishes
>>(and pays) that the solution could be expanded to do so.
>
> I may have missed something, but
>Correct, at the moment there is no requirement to actually authenticate
>the user. However, I've been told to ensure that, if the client wishes
>(and pays) that the solution could be expanded to do so.
I may have missed something, but are you simply trying to ensure secondary
requests to web pa
e.org
Subject: Token Security
Hi,
I've been asked to put some security in place for a website, at the moment
there are two requirements with a possible extension;
1) The referer must be XXX (configurable)
2) There must be a token passed either GET or POST in the URL which
matches some internally
Hi Christopher,
On Wed, November 11, 2009 10:07 pm, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> John,
>
> On 11/11/2009 2:11 PM, John Morrison wrote:
>> 1) The referer must be XXX (configurable)
>> 2) There must be a token passed either GET or POST in the URL w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
On 11/11/2009 2:11 PM, John Morrison wrote:
> 1) The referer must be XXX (configurable)
> 2) There must be a token passed either GET or POST in the URL which
> matches some internally generated code.
I agree with Mark: a relatively simple Filte
On Wed, November 11, 2009 9:51 pm, Mark Thomas wrote:
> John Morrison wrote:
>> Hi,
>>
>> I've been asked to put some security in place for a website, at the
>> moment
>> there are two requirements with a possible extension;
>>
>> 1) The referer must be XXX (configurable)
>> 2) There must be a toke
John Morrison wrote:
> Hi,
>
> I've been asked to put some security in place for a website, at the moment
> there are two requirements with a possible extension;
>
> 1) The referer must be XXX (configurable)
> 2) There must be a token passed either GET or POST in the URL which
> matches some inte
Hi,
I've been asked to put some security in place for a website, at the moment
there are two requirements with a possible extension;
1) The referer must be XXX (configurable)
2) There must be a token passed either GET or POST in the URL which
matches some internally generated code.
The possible
19 matches
Mail list logo