Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security

Status
Not open for further replies.
dennisGuru

dennisGuru

Programmer
Sep 14, 2001
37
NL
I have build a login page for my website. Through a servlet i can get access to my site. The username and password are stored in a mysql database. I have tomcat 4 as a webserver

To gain access I use a <FORM> But when you login everything is sent to the server in plain text. Is there a way to decode this.

I have looked at formbased security, but is not good because it uses the tomcat-users.xml.

Using a certificate (SSL) is a little to much for this website.

Are there any other options I should look at.
 
Sort by date Sort by votes
I meant by that when you login you press a button, like submit. You can see the contents of what you send with a sniffer. That means you can retreive the username and password in a very simple way.

Is there a way to login that makes sure that this is not possible. I have looked at SSL but this is to much for this application. Also j_security_check, but this way it isn't possible to add new users.

For now the username and password are retreived from a databse.
 
Upvote 0 Downvote
I'm sorry I don't know what a &quot;sniffer&quot; is.

As I said before do you mean you can see the password on the URL, as in my example ?

Have you tried the suggestions I made about session variables ?

If so, from what you say, I can only suggest MD5/PGP encription coupled with SSL !
 
Upvote 0 Downvote
A sniffer is a tool that monitors your network traffic. It can see the packets that you receive and send. When you download a file (or webpage) it has to come over your network. And the file is devided in packets that are send from a server to your computer. Your computer puts everything together.

With a sniffer you can see the contents of these packets.

For now I use the session variables. But this is not safe.

And in the url is not an option. Everyone can see that.

I have considered using SSL, but this is to much for the application i'm making. It is only a small one, with database access in it.
 
Upvote 0 Downvote
Well, if you don't want to use session variables, and you don't want to send the data on the URL, then you will have to use SSL. There is no other option I'm afraid for browser/server interaction (without the use of applets or activex etc etc - and that is going to be even more hassle than SSL.
 
Upvote 0 Downvote
Well, SSL it is.

Thanks for your help. I really appreciate it.

Dennis.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

kizzieb
  • Locked
  • Question
Login screen with security levels
Replies
0
Views
29
kizzieb
kizzieb
SON1
  • Locked
  • Question
Security in Web Application
Replies
3
Views
56
sedj
sedj
fatcodeguy
  • Locked
  • Question
Security Check on Every Page
Replies
3
Views
34
fatcodeguy
fatcodeguy
ankursaxena
  • Locked
  • Question
Want 2 know the best way 2 manage Security & Session for WebApps
Replies
0
Views
26
ankursaxena
ankursaxena
yama
  • Locked
  • Question
security 1
Replies
6
Views
54
fabriciovale
fabriciovale

Part and Inventory Search

Sponsor

Back
Top