Isn't it possible to put the pages under a directory with a restricted
Access Control?? Or
am I missing something. My impression was that by setting the directory
permissions
using your web server's ACL, static pages can be protected from requests??
Then the servlet
would be able to serve the pages from the directory somehow??
At 03:56 PM 06/05/2000 -0500, Steven D. Meacham wrote:
>There are a couple of solutions to this. The first one is for you to use
>the session object, setting a value in your login servlet that all the rest
>of the pages look for before displaying their content. This is the
>servlet-way of doing it and you'll find support on this list and in the
>archives.
>
>Second, is to use a 3rd party single-sign-on product. I don't know of any
>that work with Jigsaw, so you'd probably have to switch to Netscape or
>Microsoft's web servers. In this case, you'd probably eliminate your login
>servlet and set up your security in the 3rd party product's own proprietary
>fashion. This is usually very secure because I understand that these
>products run as server plug-ins, intercepting every HTTP request and
>authenticating/authorizing. You'd have to go elsewhere for support on this
>approach.
>
>Best,
>Steven
>
>> -----Original Message-----
>> From:
>> Sent: Monday, June 05, 2000 6:21 PM
>> Subject: regarding web security..
>>
>>
>> Received: from pmismtp04.wcomnet.com ([166.38.62.39]) by
>> omta3.mcit.com
>> (InterMail v03.02.07.05 118-131) with ESMTP
>> id <[EMAIL PROTECTED]>;
>> Mon, 5 Jun 2000 20:46:36 +0000
>> Received: from CONVERSION-DAEMON by pmismtp04.wcomnet.com
>> (PMDF V5.2-33 #42258)
>> id <[EMAIL PROTECTED]>; Mon,
>> 5 Jun 2000 20:41:44 +0000 (GMT)
>> Received: from pmismtp04.wcomnet.com by pmismtp04.wcomnet.com
>> (PMDF V5.2-33 #42258) with SMTP id
>> <[EMAIL PROTECTED]>;
>> Mon, 05 Jun 2000 20:41:43 +0000 (GMT)
>> Received: from pmesmtp02.wcom.com ([199.249.20.2])
>> by pmismtp04.wcomnet.com (PMDF V5.2-33 #42258)
>> with ESMTP id <[EMAIL PROTECTED]>; Mon,
>> 05 Jun 2000 20:41:24 +0000 (GMT)
>> Received: from CONVERSION-DAEMON by firewall.mcit.com (PMDF
>> V5.2-32 #42257)
>> id <[EMAIL PROTECTED]>; Mon, 05 Jun 2000
>> 20:45:31 +0000 (GMT)
>> Received: from mail.java.sun.com ([204.160.241.28])
>> by firewall.mcit.com (PMDF V5.2-32 #42257)
>> with ESMTP id <[EMAIL PROTECTED]>; Mon,
>> 05 Jun 2000 20:45:31 +0000 (GMT)
>> Received: from mail (mail.java.sun.com [204.160.241.28])
>> by mail.java.sun.com (8.10.0.Beta13+Sun/8.10.0.Beta13)
>> with ESMTP id e55KXrV08571; Mon, 05 Jun 2000 13:33:53 -0700 (PDT)
>> Received: from JAVA.SUN.COM by JAVA.SUN.COM (LISTSERV-TCP/IP
>> release 1.8d)
>> with spool id 395630 for [EMAIL PROTECTED]; Mon,
>> 05 Jun 2000 13:33:51 -0700
>> Received: from easi.soft.net. (server.easi.soft.net [164.164.23.5])
>> by mail.java.sun.com (8.10.0.Beta13+Sun/8.10.0.Beta13)
>> with ESMTP id e55KNkV02956 for <[EMAIL PROTECTED]>; Mon,
>> 05 Jun 2000 13:23:47 -0700 (PDT)
>> Received: from easi.soft.net ([209.142.252.173])
>> by easi.soft.net. (8.8.8/8.8.8) with ESMTP id BAA30956 for
>> <[EMAIL PROTECTED]>; Tue, 06 Jun 2000 01:54:33 +0530
>> Date: Mon, 05 Jun 2000 16:21:18 -0700
>> From: gsuresh <[EMAIL PROTECTED]>
>> Subject: regarding web security..
>> Sender:
>> "A mailing list for discussion about Sun Microsystem's Java
>> Servlet API Technology."
>> <[EMAIL PROTECTED]>
>> To: [EMAIL PROTECTED]
>> Reply-to:
>> "A mailing list for discussion about Sun Microsystem's Java
>> Servlet API
>> Technology." <[EMAIL PROTECTED]>
>> Message-id: <[EMAIL PROTECTED]>
>> MIME-version: 1.0
>> X-Mailer: Mozilla 4.73 [en] (Win98; U)
>> Content-type: text/plain; charset=x-user-defined
>> Content-transfer-encoding: 8bit
>> X-Accept-Language: en,Tamil
>> References: <[EMAIL PROTECTED]>
>> <[EMAIL PROTECTED]>
>>
>> Hi all,
>> Currently i am working in providing security for Intranet
>> of the company. I
>> am using Jigsaw for developement.
>> Intranet has 100's of pages, I don't want anyone to view
>> any of the pages
>> withou logging into the servlet. Now if the user knows the
>> url of any of the
>> page directly he is able to view that by directly typing in that.
>> for ex:
>> If my login servlet is list
>http://example:8001/servlet/IntranetMain and if
>the user types in this and does the operations he is able to view the pages.
>But if he know the url of the particular page then he can directly typin as
>http://example:80011/servlet/xxx/xx/yy.html
>which also displays him the page directly.
>I need immediate reply from any one whose has idea about this, i am in
>urgent
>need of the solution.
>with regards,
>suresh kumar.G
>
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
>___________________________________________________________________________
>To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
>of the message "signoff SERVLET-INTEREST".
>
>Archives: http://archives.java.sun.com/archives/servlet-interest.html
>Resources: http://java.sun.com/products/servlet/external-resources.html
>LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>
Rajesh Nair
[EMAIL PROTECTED]
Ph: 913 599 7201
----------
R&D
Informix Software
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
