Win a copy of Node.js Design Patterns: Design and implement production-grade Node.js applications using proven patterns and techniques this week in the Server-Side JavaScript and NodeJS forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Rob Spoor
  • Tim Cooke
  • Junilu Lacar
Sheriffs:
  • Henry Wong
  • Liutauras Vilda
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Tim Holloway
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Mikalai Zaikin
  • Piet Souris

Need Help

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All
I am working on a financial product.product is completed. the technology used are Struts, AJAX etc.now i have to provide seesion level security. how can i do. please help.

Thanks,
Prabhash kumar
 
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What is it session level security ?
 
prabhash singh
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Rahul,
Session level security means , secure the session object. Becuase using Ajax with a web Application, it's easy for Hacker to hack the Session obejct.
Any advice to how to secure the session object at application level, not at Network level. I have already encrypted the password, any way to secure the session object.

Thanks in advance,

Regards,
Prabhash kumar (SCJP 1.4, SCWCD-preparing)
 
Rancher
Posts: 43026
76
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Becuase using Ajax with a web Application, it's easy for Hacker to hack the Session obejct.


AJAX uses plain old HTTP, so it's as easy or hard to secure as all other web traffic. Hacking the session would at the least involve duplicating the session ID, which should be a cryptographic hash of some kind. That mechanism is used by just about all web servers, and generally considered to be secure enough. So can you explain to us why you think that with AJAX it is easy to hack a session?
[ November 08, 2006: Message edited by: Ulf Dittmer ]
 
Rahul Bhattacharjee
Ranch Hand
Posts: 2308
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please correct me if I am wrong.The HTTPSession objects always reside on the server and the session ID is the things that is transfered to the client and server.Back and forth.So in this case your session object is safe and I do not think that this is dangerous.
 
Slideshow boring ... losing consciousness ... just gonna take a quick nap on this tiny ad ...
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop
https://coderanch.com/wiki/718759/books/Building-World-Backyard-Paul-Wheaton
reply
    Bookmark Topic Watch Topic
  • New Topic