You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Frank Lawlor <fr...@athensgroup.com> on 2001/09/12 22:21:52 UTC
RE: request for suggestions on how to secure a web application... .
Re protection via Realms:
- a useful mechanism, but by itself might not do the whole job. For
example, if you
need to have users log into a specific domain (e.g. different clients
get different data)
(as happens in many apps) where the userid isn't enough info (one value
of Realms is
non-unique IDs), then you need to still force people thru a specific
login.
Re object in a session.
- Note that this can be fabricated by a hacker. For real security
you need to look at encrypting it with varying keys.
Frank Lawlor
Athens Group, Inc.
(512) 345-0600 x151
Athens Group, an employee-owned consulting firm integrating technology
strategy and software solutions.