• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Need Help

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All
I am working on a financial product.product is completed. the technology used are Struts, AJAX etc.now i have to provide seesion level security. how can i do. please help.

Thanks,
Prabhash kumar
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is it session level security ?
 
prabhash singh
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rahul,
Session level security means , secure the session object. Becuase using Ajax with a web Application, it's easy for Hacker to hack the Session obejct.
Any advice to how to secure the session object at application level, not at Network level. I have already encrypted the password, any way to secure the session object.

Thanks in advance,

Regards,
Prabhash kumar (SCJP 1.4, SCWCD-preparing)
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Becuase using Ajax with a web Application, it's easy for Hacker to hack the Session obejct.


AJAX uses plain old HTTP, so it's as easy or hard to secure as all other web traffic. Hacking the session would at the least involve duplicating the session ID, which should be a cryptographic hash of some kind. That mechanism is used by just about all web servers, and generally considered to be secure enough. So can you explain to us why you think that with AJAX it is easy to hack a session?
[ November 08, 2006: Message edited by: Ulf Dittmer ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please correct me if I am wrong.The HTTPSession objects always reside on the server and the session ID is the things that is transfered to the client and server.Back and forth.So in this case your session object is safe and I do not think that this is dangerous.
 
If you want to look young and thin, hang around old, fat people. Or this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic