Hello 

Let me preface by saying my knowledge and experience with seurity is
primitive.

I am now working on a project wherein we have a set of ASP pages with a
custom authentication process. I have embedded a servlet into one of
these asp pages but want to avoid making the user authenticate twice
(once for the ASP pages, once again to access the servlet).

To that end, I have been doing a lot of online research, but haven't
found any pre-existing solutions (which surprises me). First question -
does anyone know of anything already out there? If I do have to create
my own solution, I was thinking of having IIS, on the user's
authentication, store the IP address of the authenticating user in a
file on the server (say %TOMCAT%\conf\auth-users.xml or something).
Then, when the user attempts to access the servlet, a custom Realm would
check to see if his/her ip is in auth-users.xml and grant/deny access
based on that.

My question is - is this feasible? Equally important, is it truly
secure?

Thanks for helping out a total security n00b.

 - John


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to