aspose file tools*
The moose likes Servlets and the fly likes Is session security enough? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Is session security enough?" Watch "Is session security enough?" New topic
Author

Is session security enough?

Mark Reyes
Ranch Hand

Joined: Jul 09, 2007
Posts: 426
For this particular case, this is something that would be much better handled by a filter rather than within the servlets themselves


Hi Bear and Peter, I dont mean to hijack this thread but I have exactly the same case as what Peter wants to do. In my case, I already setup a filter to trap all incoming HTTP request.
Check for a principal in the session and set the Authorization scheme on the session (User is Admin/Guest/etc..).

I cant help but think that this is a good security scheme. My question is, are putting user authorization/authentication scheme on session considered 'secure-enough?' and there's no way of others being able to check its value since session runs on the server side? Thanks


Sean Clark ---> I love this place!!!
Me ------> I definitely love this place!!!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61433
    
  67

Split off this thread hijack into its own topic. Please start new topics for your own questions.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
 
 
subject: Is session security enough?