Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security implementation - suggestions

 
Rajesh Khan
Ranch Hand
Posts: 230
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am currently deciding on a method to implement security in my project. (i.e) if a user has logged in or not. My current idea is
setting up a session variable of a user if he has signed in "loggedin" is true and also username will be available. Also there will be a security filter since all my secure jsp pages will be in a folder called "secure".
So if the filter determines that a request is for a page in that particular folder it will look for the session object and other servlets/pages will be able to access the username too.. My second option is to usesomething like
http://www.securityfilter.org/ Has anyone ever used it before ?? Does my idea sound sensible ??
 
Tim Moores
Bartender
Posts: 2733
36
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Security is a huge subject with many facets. Before thinking about how you're going to implement it, you need to think about what you're trying to protect against - what are the most likely attacks, and which ones are most costly if they occur? That should drive the decisions about implementation. There are a number of useful links concerning web app security at http://www.coderanch.com/how-to/java/SecurityFaq#web-apps
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic