Hi,
I have a question about password security. I have a requirement that the
password that is used to login into my web application is sent to the
server in a secure way. Some time ago there was a similar quetion to
this problem which proposed the use of an applet to do the encryption,
but this is not an option for us. I did some investigation and found
probably two methods of doing this in a 'standard' way.
1 Use digest authentication.
2 Use SSL for the password validation servlet.
However I'm not sure which one is the best.
1 Digest authentication
- Is the use of ssl required for this authentication scheme
- Can this scheme be completely implemented in java using
response.setHeader(...) or is it dependent of the webserver you are
running on?
- Can you do a "logout" so the browser forgets the username/password.
2 Use of SSL
- By the use of ssl we can use a standard html form with the action
redirected to a "https://server/LoginValidation" url. I assume that this
validation servlet will create an HttpSession and send a cookie back to
the browser. Could this be a problem when returning to
"http://server/..." using normal "http".
thanks,
Janco Tanis
------------------------------------------------------------
COAS, Your partner in computer aided services
Nijverheidsweg 34 Tel: +31 (0) 187 49 3222
Postbus 44 Fax: +31 (0) 187 49 2912
3250 AA Stellendam Email: [EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
