This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JSP and the fly likes Suggestion for Secure site required Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Suggestion for Secure site required" Watch "Suggestion for Secure site required" New topic
Author

Suggestion for Secure site required

madhup narain
Ranch Hand

Joined: Dec 14, 2004
Posts: 148
Hi

I need some advice/suggestions. Initially i have no idea where i need to post this but i think JSP would be the correct forum.

We are supposed to build a web interface that would require only specific clients to access the website. Right now theres one way to authenticate the user using a login Id and a password.

In order to restrict the access of the site we would like to provide another level of security.

I was wondering is there any way of locking the site access to a particular computer?

Are Certificates a way out?

Is there anyway to make the access non distributable even if the user name and password is known or leaked?

Any help regarding this would be appreciated


Money for nothing and Java for Free
SCJP, SCWCD
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41034
    
  43
From the request you know the IP address of the client machine, or at least the IP address of the clients ISP. Depending on the circumstances it may be feasible to check that against a range of allowed addresses, and allow or deny access as appropriate.


Ping & DNS - my free Android networking tools app
madhup narain
Ranch Hand

Joined: Dec 14, 2004
Posts: 148
We were initially going on with the idea of checking IP addresse, but that may not be feasible if the client would be using a dial-up.

So is there anymore solution to doing this ?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41034
    
  43
Like you already suggested, client certificates would be a way to go.
madhup narain
Ranch Hand

Joined: Dec 14, 2004
Posts: 148
Hi

Where would be a good place for learning the basics of certificates, installing.

Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Suggestion for Secure site required
 
Similar Threads
Fast access to web in j2ee environment
Login to a ssl enabled site using encrypted password
Use wss4j for service and method level acces control
how do you store user's password?
Accessing LDAP Registry using Java API