Every security method you'll find will revolve around a user login (authentication). If the customer isn't already doing that, you'll run into problems. Once you have established trust between the system and the user, you move into the security checks (authorization). You'll need a solution for both.
Many people use security mechanisms built into Tomcat/J2EE. Many others steer clear and implement their own (my preference) or use a different framework. This is a matter of technical/political choice -- neither option is inherently better.
For info about J2EE security, see J2EE Servlet 2.3 Specification SRV 12.1 http://www.jcp.org/aboutJava/communityprocess/final/jsr053/
For info on other security schemes, listen for other responses or read the archives ... sorry, don't know of any concise references to point you to.
This is a very, very, general topic ... if you come up with some ideas or specific questions, feel free to post them and I'm sure people will chime in with their opinions.
justin
PS: Happy Halloween to all!
At 01:54 PM 10/31/2003, you wrote:
Hi Everyone,
I'm doing a project for a client and they want to employ some kind of security mechanism that will allow a customer can have access to their content but not their competitors, meaning:
* They have information that resides in a text based database.
* A customer can search for the information through a web form. The
information is returned based on a match of the zip code from the web form.
* They don't want competitors to get this information since it is their
intellectual property.
Currently, a session is set and a servlet makes sure that no one tries to retrieve information via the web form more than 3 times.
The problem is that someone can close and reopen a browser and start over. I'm also thinking that a semi smart programmer could bypass the whole browser and do it programmatically anyway.
Security is new to me, and I'm looking for suggestions on how to solve this.
Can someone suggest some general ideas, a book, or something to get me
started? I would surely appreciate it.
Thanks!
-Brian Menke
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
____________________________________ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php ____________________________________
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
