John G Martinson

Encryption != Securty.

See this article

The problem lies in how the Jsessionid is created an used. If it is created in such a way that a third party can predict it or at least reasonably guess at it, it is not very secure. And remember that Tomcat and other Servlet containers are open source, and malicious people do look at the source code to see what is happening.

So the trick is to make up your own unique session id that cannot be guessed or predicted, find a way to change the sessionid on login or ignore the Jsessionid with in your servlet, put your new sessionid into a different cookie, and make your own session tracking, which may be a royal pain depending on how complex your app is.

The thing is I don't really know how to change the Jsessionid, so if someone else does, that would be good to see.

how can i make the session id more secure. can i use https instead of http to send request ?how https will help me ?

Well 1st you have to decide what is not secure enough about the session id. This should be something that is handled within the context of the servlet container. Unfortunately https may not help very much in gettting rid of attacks that involve taking advantage of session id cracks.

Which container are you using? and how does it implement the session id?
What kinds of attacks are you worried about? Answer those questions, and then you will start to be able to answer how to make the session id more secure.

From what I understand some of the big improvements are to speed things up on start up and speed up swing and AWT. Another big development is the support of other languages. I'm pretty excited about it.

Check http://weblogs.java.net/blog/kgh/archive/TK.2006.pdf for some more information about Mustang

With out your code, which can be extensive, it looks like somewhere you are trying to load a class named "for connect URL 'null'"

One thing i would like to see is what your hopenet.utils.ConnectionUtil.getConnection() looks like. This appears to be where the problem actually is

If you want to use Rich Text Formatting you might want to use JTextPane. It handles that sort of things and a whole lot more.

As for saving the formatting information, you do have the option of using XML. This will require that you figure out/find an XML structure to handle that.

On the other hand, JTextPane implements the serializable interface. This interface allows a class to be put in a linear format so that it can be passed into an io stream and re-instantiated into a working object.

I'm not sure exactly how that works in code, as I have never actaully done it myself, but that would probably be the easiest way to do it.

In the API doc it mentions that there will be compatibility issues from version to version and a better solution to take care of that.

Good luck.

Have you tried using a library. Apache has some good ones.
You might want to check out
Apache's HttpClient.

I hope that this helps.

-John Martinson
http://jgmartinson.blogspot.com/

Have lots of business cards, and lots of stories of how other clients have SAVED money because of your services. Practice them and be yourself.

Dear Esteemed Colleagues:

For the past few months I have been interning at GE Energy in Schenectady, NY as a Java/VBA developer. During this time I have grown significantly as a software developer. In September I will be returning to BYU-Idaho to begin the final year of my bachelor degree in Information Systems with an emphasis in programming.

When I return to school I would like to be able to continue working part time as a Java Developer. I have worked with JDBC, POI, XML, MySQL 4.0, Java runtime 1.3 and 1.5 and the Eclipse Development Environment. I have done some XHTML and other web development work.

I learn very quickly and would be a benefit to any firm looking to fill a junior level position. If anyone has such a position to fill either local to Rexburg/Idaho Falls or via telecommuting please let me know.

John Martinson