This week's book giveaway is in the Agile and Other Processes forum.
We're giving away four copies of The Journey To Enterprise Agility and have Daryl Kulak & Hong Li on-line!
See this thread for details.
Win a copy of The Journey To Enterprise Agility this week in the Agile and Other Processes forum! And see the welcome thread for 20% off.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Jeanne Boyarsky
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Junilu Lacar
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Ganesh Patekar
  • Tim Moores
  • Pete Letkeman
  • Stephan van Hulst
Bartenders:
  • Carey Brown
  • Tim Holloway
  • Joe Ess

Want send username and password in url in some secure manner  RSS feed

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I have to send username and password in my url in some secure manner so that no one can see that info.I am using post call.Please share some idea.
Thanks
sudhanshu
 
Author and ninkuma
Marshal
Posts: 66783
168
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
SSL
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:SSL


Sorry i dont know abt this.
What is this SSL??
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66783
168
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.



thanks bear...
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 66783
168
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you are using Tomcat, here's the "how to".
 
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Send to where?
From where?

If you're sending the username and password back to your user's browser SSL may or may not be able to help you.
What exactly are you trying to do?
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ben Souther wrote:Send to where?
From where?

If you're sending the username and password back to your user's browser SSL may or may not be able to help you.
What exactly are you trying to do?



Actually i am trying to launch an application fron other application.In this case I have two scenarios..

1. either both application are on same java server
2.or they are on different server

I am sending username and password to retrieve the data from the storage area (u can say a database) to show in my second java application.
If you need some more info than just inform me.

Thanks,
sudhanshu
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:What is "abt"? Please use real words when posting to the forums.

SSL = Secure Socket Layer. A google search will tell you everything you need to know.



I dont think i can use SSL in my aaplication as it need some information to fill and also expiration thing..
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Are you ever sending the username and password to the browser?
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ben Souther wrote:Are you ever sending the username and password to the browser?



each time when i launch application(application launched in browser only) i am sending username and password using post and prob is anyone can see username and password in Browser URL
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you're sending the username and password to the browser, nothing is going to make this secure.
Any web user can right click on a page and see the text.

If you're submitting a form and the form's method attribute has a value of "get" then all of the form parameters will get sent as part of the querystring.
"Get" is the default method if no "method" attribute is present.

If you use method="post", then the parameters are not part of the URL. They get send in the body of the request and won't show up in the address widow of the browser.
Without SSL neither is secure. Anyone with a packet sniffer can read everything going over your network.

Even with SSL, there is still the danger that either the user of your application or someone else, if your user walks away from their machine can view the username and password simply by right clicking the page and viewing the source.
 
sudhanshu agarwal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Ben Souther wrote:If you're sending the username and password to the browser, nothing is going to make this secure.
Any web user can right click on a page and see the text.

If you're submitting a form and the form's method attribute has a value of "get" then all of the form parameters will get sent as part of the querystring.
"Get" is the default method if no "method" attribute is present.

If you use method="post", then the parameters are not part of the URL. They get send in the body of the request and won't show up in the address widow of the browser.
Without SSL neither is secure. Anyone with a packet sniffer can read everything going over your network.

Even with SSL, there is still the danger that either the user of your application or someone else, if your user walks away from their machine can view the username and password simply by right clicking the page and viewing the source.



So is there any other wayother than ssl for security or we have to implement something else
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You would have to implement something else.
Sending usernames and passwords down to the browser is never a secure way to do (SSO) single sign on.
 
Ranch Hand
Posts: 41
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You can encrypttion and decryption mechanism for sending your user name/password.

If your method if get or post. No one can see your plaing username password.

Moreover. i remember once more option. you can encode your URL . I am not sure about it. but you can do some investigation.

Please correct me if i am wrong.
 
Greenhorn
Posts: 27
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

You can pass encrypted form of user id & password in url.

You can create temporary table in database for storing user id & password which you are sending to other application and instead of sending userID and password you can send the slno from table for that userId and password.
Tell that application to retrieve userID & password from table.


 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!