• Post Reply Bookmark Topic Watch Topic
  • New Topic

password protection

 
Alex Kravets
Ranch Hand
Posts: 476
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I wanted to find out more info on how web based username/password authentication is done, you know the ones they use at Yahoo! or any other password protected site. Is this does strictly through JDBC and cookies or something else is involved?
I just need some articles that I can read about this.
thanks,
Alex
 
Sean MacLean
author
Ranch Hand
Posts: 621
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you look at the security section of Sun's j2ee "Blueprints" document you see the concepts of authentication and authorization. Basically, you initial login must authenticate the user (i.e. prove that they are who they say they are). This generally means a call to a data store of some sort to compare the u/p with the db. After this, implementations vary on how to store a flag or login id or the actual user id somewhere for future reference (like checking to see if the user is login before they post to a newsgroup). This is authorization. For servlets you'd generally use the seesion object for that user or explicitly use a cookie yourself.
Sean
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!