• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to make this safe

 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I think this is not right forum to post this question but anyways...

I have an SQLApplet, SQLServlet and some javascript code.
No problem in accessing database values for document events like onClick etc...

This is an intranet arrangement. The problem is that I want only one department to access that data and not the others.

How to go for that?


Thanks in advance,

Maki Jav
 
Jesus Angeles
Ranch Hand
Posts: 2068
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
How does your system implement security (i.e. authentication and authorization)?
 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It is a simple password access. This password is saved in database.


Maki Jav
 
Jesus Angeles
Ranch Hand
Posts: 2068
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i am not sure how your system environment is...are you using jsp? lotus notes for front-end?

the center of your control is the user's identity

you can control his access on some levels, like in the sql query itself, or in the servlet
 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well my pages consist of JSPs.
Thank you for your reply...




Maki Jav
 
Jesus Angeles
Ranch Hand
Posts: 2068
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
in your servlet, if the user belongs to that department, then send a jsp that has that data, otherwise, send one with no such data
 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Well thanks for all the help...

I am much clear about it...

Thanx,

Maki Jav
 
Maki Jav
Ranch Hand
Posts: 447
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

As an after thought...
1) I was wondering how to block requests from other ip addresses than the ones you allow.
2) How to deny service if the request content is longer than a specific length (but how long it should be?). I hope that it will defer Dos(denial of service) attacks...

Thanx in Advance,


Maki Jav
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic