Gaurav Wadhwani

Ranch Hand
+ Follow
since Sep 21, 2010
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
In last 30 days
0
Forums and Threads

Recent posts by Gaurav Wadhwani

Why not use the counter approach. Increase it till a threshold is reached within a small interval and if so then block access.

The JSP for it would be something like this
11 years ago
JSP

I'm trying to keep the user logged in but once the user logs in it displays the message welcome, username. but when user clicks on change password link the it shows welcome null it means shows the user logged out kinda! please suggest what is happening?



For the first page, where the user enters username -> request.getParameter() will work because parameters have been set! . But it wont work for any subsequent request because there is no parameter set, so how can it fetch?
To make it work, you can

1. Get the parameters in the String-> request.getParameter("parameter");
2. Store the parameters as attributes for session - > hs.setAttribute("attribute", variable);
3. Make sure your session remains alive for the required interval -> hs.setMaxInactiveInterval(seconds); . Atleast 1 minute (depends on application)
4. For any other page to get the username, hs.getAttribute("name of attribute");
11 years ago
JSP
I tried the cde and it works fine in IE. Session id remains same even after refreshing. Also the value is incremented each time.

Maybe you need to delete cookies and try again. Or try in a different browser.
11 years ago
Hi,
I dont know if it is possible to ignore refresh. But why not store a session attribute indicating no of times refreshed in a particular interval. If it exceeds threshold we can block the access. What wrong with this strategy?
11 years ago
JSP
Tim the thing is, a sys admin can always look into your code and you wont get to know. This is a very general case, most of us cant afford a entire server.
12 years ago
I and the system admin both have access to my source code so the key is visible.

Even if i manually enter the key each time, then also he(system admin) can capture packet and see it!


If I use SSL to send the key then also he gets the SSL key in the source code. I want to find a way out of it
12 years ago
why are you hosting with people you don't trust?
This is a very general scenario, I cant afford a server of my own.

Why would they have access to your source code?
I didnt say this.


If the data is that important you should choose a hosting plan where you have root access to the server, and no sys admin can get at the server.



Yes I know this, but Is there no other option ?
12 years ago
This is not a JAVA specific security question.

I want to upload a web app on a server but the server is not owned by me. The data stored in DB on the server is important. To add security I can always encrypt the data in DB. Here, the operators of the server can however, get the copy of my encrypted DB and can also look in my source code to get the key for decryption. I need to store the key for decryption because I would need to display the records in the application.

How can I ensure that the server operators cannot get the data?
12 years ago
@Stefan : This is what Bear said which I wasnt aware. I had changed the code similar to what you suggested. And yes, i know about the SESSIONID cookie, but wanted to show it in some other way.

@William : The taglib idea is great. I would implement it sometime in my project.


Resolved :)

12 years ago
JSP
Thank bear and pual for the responses :)

Thippe, i just did that.

So a servlet before welcome.jsp has this code



and welcome.jsp changed to this




I thought you should be passing objects in Attributes of session and later using them.




Now If i type cast then it would be creating an object of SHA1, which is a java code.
What I want to do is, use this object to access the function calcSHA1().
12 years ago
JSP


Im using Tomcat 7. I dont know why am I getting the this error...
Here SHA1 is a java file in the same package as the JSP file.


Stacktrace:] with root cause
org.apache.jasper.JasperException: Unable to compile class for JSP:

An error occurred at line: 18 in the jsp file: /welcome.jsp
SHA1 cannot be resolved to a type
15: <h1> Hi, :)</h1>
16:
17: <%
18: SHA1 sh = new SHA1();
19: String SID = session.getId();
20: String HMAC_SID = sh.calcSHA1(SID);
21:

Stacktrace:
at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:102)
at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:331)
at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:457)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:378)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684)
at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:471)
at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:402)
at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329)
at LoginProcess.processRequest(LoginProcess.java:57)
at LoginProcess.doPost(LoginProcess.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1805)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
12 years ago
JSP

fred rosenberger wrote:Do you have any evidence that pressure would be consistent across time? I know that when I get mad, I tend to pound the keys a little harder (ok, a LOT harder) than when i am calm...Could a person's emotional state impact the results enough to skew your data?




I already said there are flaws, and it will only serve in addition to other techniques. And I think some IEEE paper says they have obtained a much higher accuracy with pressure
12 years ago
I believe Face recognition isnt a good technique for security related area. As face keeps changing, what is someone has changed their expressions, wears specs, twins, aging etc.There was this seminar at my college on it, I dont remember the name of the person, he had worked on FR. He said, what we test with our algorithms is on the training data ! And the accuracy was about 90% for the best algorithm keeping aside light fluctuations and others i mentioned. FR has to travel long.

Again, I know there are flaws to the one we are discussing but its comparitively much newer. But as i mentioned, no extra Hardware. Otherwise getting pressure sensitive keyboard is the easiest!
12 years ago

Akhilesh Trivedi wrote:

Gaurav Wadhwani wrote: ...i need something that can be put to use by most of us.



What use the pressure-sensing keyboard would do?




See, there are different parameters i need for making the profile f users....and i dont have sufficent ones...and pressure is an important one.
12 years ago

Saurabh Pillai wrote:

Gaurav Wadhwani wrote:I need topics for both subjects .



How can you make current communication over network more secure and better? More encryption in terms of bits? What's after HTTPS? HTTPS+? The problem with any security is the same technology can be used for malicious purpose too. How can you restrict or atleast limit it?

Do you want to implement a new network protocol? Why is it absolutely required to have your NEW protocol that can not be satisfied with existing technology?

Computer Network is vast field. Please specify for what stage you are looking the research topic for? Is it some college level paper presentation or some PhD level topic?



Its like, i want to get as many ideas or topics in hand so I can find something that suits my interest. I have topics, but some direction is needed.

I would like something in Traffic engineering, maybe routing or something else.
12 years ago