Rajendra Mishra <[EMAIL PROTECTED]> wrote:
__________
>Nikolaos,
> This is just a suggestion and might not be the best way...
> Write a java class which would return a new number. (remember to
>synchronize these methods). Thus if servlet1 calls IDGenerator.getNewID(),
>it would return 1. When servlet2 calls it, it would return 2 and so on.
>There would be a roll value as defined by you - 999999..(?) when you would
>strt again from 1.
> This would be a very crude method to define a user but nevertheless
>workable in, my opinion. What do you think??
The problem is that it is -easy- to
predict. So if Jane Hacker wants
to break into other peoples session,
all she has to do is get allocated a Id
and then edit the cookie to look at
'nearby' values.
Session cookies should be based on
random numbers, and checked for
uniqueness before use.
T.
URL http://www.westhawk.co.uk/
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
