tomcat user authentication
0 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Chris_McAleenan
Posted On:   Monday, February 24, 2003 12:50 PM

I am new to web application design and need to make sure that my site is secure. I want to create a custom section for users only, much like when you log in to jguru. This is the method that I am using and the questions that I have: Using tomcat form-based authentication (JDBC), restricting users from viewing the 'users' section unless they have already registered and their username/password exists in the database. This is no problem. But now I want to populate their custom page with information from a database(all of which must be secure) relating to a specific user. It doesn't seem like it would be secure to simply call the getRemoteUser() method and use the returned username to draw information from the database. Is it? (by the way, everythi   More>>

I am new to web application design and need to make sure that my site is secure. I want to create a custom section for users only, much like when you log in to jguru. This is the method that I am using and the questions that I have:


Using tomcat form-based authentication (JDBC), restricting users from viewing the 'users' section unless they have already registered and their username/password exists in the database. This is no problem. But now I want to populate their custom page with information from a database(all of which must be secure) relating to a specific user. It doesn't seem like it would be secure to simply call the getRemoteUser() method and use the returned username to draw information from the database. Is it? (by the way, everything is done over an SSL connection). I would be concerned about users somehow simply creating a cookie to impersonate someone else. Please let me know your thoughts.


By the way, it doesn't seem like there are many good jsp user authentication tutorials out there... maybe someone could create one?

   <<Less
About | Sitemap | Contact