Wrox Home  
Search P2P Archive for: Go
Shopping CartView Cart  |  My Account  |  Support
Home Browse Titles

P2P Archives
 

Archive Index
Back to Active P2P Forum

 


Wrox Chapters on Demand - Download the chapters you need and take them on the go!
Wrox First - Instant Access online to new Wrox books

New Titles for ASP.NET

Cover image for product 0470379308
Professional ASP.NET 3.5 Security, Membership, and Role Management with C# and VB
Cover image for product 047041569X
LINQ-ifying TheBeerHouse: An N-Tier LINQ Web Application with ASP.NET 2.0 Website Programming Problem Design Solution
View Code Camp Videos - Presentations by Wrox Authors
  Return to Index  

servlets thread: webpage login to system

Message #1 by Gearard Boland <gboland@s...> on Tue, 12 Feb 2002 14:24:28 -0500 (EST)
if you are happy to accept the default security level provided by HTTP basic
then just provide a HTML page to login and pass the details to a servlet
using a post request with user="" pass="" type fields (alternative names
would make it harder for people to sniff them automatically)

if this is not secure enough then probably an applet is better than HTTPS
because of the lower over head. An applet that hashes the password for
sending reasonably securely (64) is pretty slow but nowhere near as heavy
for your server as HTTPsing everyone through. If its for customers and your
data, then prob HTTP basic, if its their data then prob HTTPs, if its
internal then an applet is probably better (although implementing your own
security is a pain)

seeing that you are working with servlets, a servlet is the best idea. Look
into the HttpRequest objects from which you can get request values using the
getProperties() or getAttributes() methods or similar. These will return a
hashmap (I think?) that you pass your variable name to (user, pass) and will
return a string representing the values that you sent.

Good browsers will warn the user that you are asking to read their password
so that you might want to warn them to expect that on the login page. In
servlets, you need to propogate the session key yourself (as opposed to jsp
when you can switch it on by default - I think?) and that passes the session
key in the URL (see wrox.com or amazon for an example). The alternative is
temporary cookies, you can again DIY or switch your servers system on for
this automaticaly.

If you decide to DIY, then I would recommend that you write yourself a
pretty little base class that does it for you as much as possible as you
will be certainly sick of it otherwise

I hope this helps

chanoch

-----Original Message-----
From: Julio Oliveira [mailto:dblot@a...]
Sent: 14 February 2002 15:18
To: Servlets
Subject: [servlets] RE: webpage login to system


Hi
You must use a Servlet to take the login process.


Julio Oliveira
Buenos Aires - Argentina
------------------------
Oliveira_Julio@y...
ICQ  65689456


-----Mensaje original-----
De: Gearard Boland [mailto:gboland@s...]
Enviado el: Martes, 12 de Febrero de 2002 04:24 p.m.
Para: Servlets
Asunto: [servlets] webpage login to system


hi,

 I am working on a system that runs on a server.  I am using servlets for
the
 main processes, but am a little confused about the login.  I am creating a
 webpage for people to login to the system, and was wondering if a servlet
is
the
 thing to use for that.  Or should I use a cgi script or Applet?  How would
you
 get the data entered from the login applet or something into my system to
check
 the DB??

 Thanks,
 gearard

  Return to Index  
About Wrox  |  Contact Us  |  Subscribe to an RSS Feed of New Wrox Titles
Copyright © 2000-2004 by John Wiley & Sons, Inc. or related companies. All rights reserved. Please read our Privacy Policy