dcsimg
I want to write an access-restricted webapplication. What are my options?
1 posts in topic
Flat View  Flat View
TOPIC ACTIONS:
 

Posted By:   Anonymous
Posted On:   Tuesday, April 23, 2002 02:20 AM

The test-application consists of two pages. An admin-page that allows an administrator to alter data in a database and a user-page which displays the data. Anyone should be able to view the user-page so no security is needed for that one. The admin-page on the other hand needs some sort of protection. I don't know what's available but a usrname/password solution or maybe some sort of certificate. Preferably using encryption. A couple of features I would like to implement: If the admin has been idle for more than X minutes he loses his clearance. If someone without clearance happens to know the url to the admin-page he is denied access (redirected elsewhere). Passwords and usernames shouldn't be stored in plain-text.    More>>

The test-application consists of two pages. An admin-page that allows an administrator to alter data in a database and a user-page which displays the data. Anyone should be able to view the user-page so no security is needed for that one.



The admin-page on the other hand needs some sort of protection. I don't know what's available but a usrname/password solution or maybe some sort of certificate.
Preferably using encryption.



A couple of features I would like to implement:



If the admin has been idle for more than X minutes he loses his clearance. If someone without clearance happens to know the url to the admin-page he is denied access (redirected elsewhere). Passwords and usernames shouldn't be stored in plain-text.



Could you guys outline what needs to be learned and done?Where do I learn about all this stuff? Does anyone know of a good tutorial/HOWTO? Maybe a book called "Bank level security for Dummies"?

   <<Less

Re: I want to write an access-restricted webapplication. What are my options?

Posted By:   John_Hedden  
Posted On:   Friday, April 26, 2002 12:42 PM

Check into j_security_check. Its pretty slick. The app server does authentication for you and xml file allows you have different access levels.
About | Sitemap | Contact