Security in Web Application

SON1 · Jun 17, 2005

I am creating a web application.

I would like to create some sort of authentication/security around this web applictation. Ideally it should be portable (so using tomcat-users.xml to store username/passwords is out of the question).

I would like to keep users and their privilages and information in a DB table. Although i am familiar how to authenticate a user that comes from a DB, i am not sure how to keep the user username/password pass from jsp to jsp, or atlernative there is even an easier way of doing it.

How do i go about and do this ?

Thanx

sedj · Jun 17, 2005

Authenticate against the DB using JDBC.
If you need to store the login/password (and I would not !!!!), then use the session object.

--------------------------------------------------
Free Database Connection Pooling Software

http://www.primrose.org.uk

SON1 · Jun 17, 2005

what alternatives i have instead if using the session object ?

sedj · Jun 17, 2005

use the DB to store a "logged in or not" value, or store it on the URL (not recommended).

--------------------------------------------------
Free Database Connection Pooling Software

http://www.primrose.org.uk

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Security in Web Application

SON1

Programmer

sedj

Programmer

SON1

Programmer

sedj

Programmer

Similar threads

Part and Inventory Search

Sponsor