f



how secure is the security from my security form?

Hey, I have a question about how secure the following will be....

I want to have a login form that posts to itself, so when it loads it checks
if there is a username and password on the query list.

If there is not, it asks for one.

If there is, it checks to see if the information is valid.

If it is not valid, it deletes the attributes and calls itself again.

If it is valid it sets a particular session variable to be some value and
redirects to the next page.

Every page from there on in will check to see if the session variable is set
and if not will redirect back to the login page.

Are there any security risks/holes that I should know about?

Thanks in advance,
Aaron

PS I do have access to Tomcat, but have been unable to figure out how to set
it up (this is my first time setting up security for a site) - so if anyone
has any tips/links that information would be most appreciated.  Thanks
again.


0
Aaron
7/28/2003 1:13:21 AM
comp.lang.java.security 1502 articles. 0 followers. Post Follow

0 Replies
1495 Views

Similar Articles

[PageSpeed] 34

Reply:

Similar Artilces:

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

Secure your digital information assets with Secure Auditor Secure Windows with Secure Auditor
hey guys! If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Security problems in F-Secure Client Security?
Hello, as I have been testing F-Secure Policy Manager/Console (PM) and F-Secure Client Security (CS) I have found three very serious problems: In all cases the system envirionment has always been the same, Windows 2000 with latest service pack und latest fixes. A: F-Secure's Policy Manager 5.61 and Client Security 5.54 can't communicate together as CS doesn't find the management server anymore after installation :( This worked better with CS 5.50 and 5.52. B: The internet shield of CS can be bypassed, even when policy has been instructed to deny automatically and to forbid the client to use individual settings. Imagine that in a sensitive production environment, a real horror :( C: Under certain circumstances clients cannot scan for viruses anymore if the logged in user doesn't belong to the adminnistrator group. My question to you all is: Did you find same or similar problems, and if yes, did F-Secure agree that these are problems which may cause damage and whether you got any final solution from F-Secure? I have sent several notes and diags to them, well I can say support has tried to help, but there didn't come any real solution. Well, would be fine to get all your helpful feedback. Michael ...

Secure your digital information assets with Secure Auditor. Secure Windows with Secure Auditor
hey guys If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Security Wizard but Not Secure
Hello people. I have a database that: * was not secured originally * I applied the user-level security wizard to * has the Admin user demoted to the Users group * had the User's group with no permissions * the Admin user doesn't own any objects When I open this with my shortcut and new mdw file everything works as expected. When I open this with standard Access security.mdw, my database is still wide open. Any ideas what step I missed? Thanks <drink.the.koolaid@gmail.com> wrote in message news:1147781112.258494.175040@i39g2000cwa.googlegroups.com... > Hello people. >...

Secure Auditor secure your windows
Hi folks, Go and get a copy of Secure Auditor which is a unified digital risk management solution and provides 30 tools in 1 package. It performs scan and audit on your windows based machine so that you will be able to identify the weakest link in your network. It helps in compliance, penetration test and forensics as well. So get passwords of every windows and Oracle machine on your network within seconds. Asset management, MSSQL audit, Oracle audit and more than all Cisco Router audit is handy with Secure Auditor. Just check out the link http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button ...

Secure Auditor secure your windows
Hi folks, Go and get a copy of Secure Auditor which is a unified digital risk management solution and provides 30 tools in 1 package. It performs scan and audit on your windows based machine so that you will be able to identify the weakest link in your network. It helps in compliance, penetration test and forensics as well. So get passwords of every windows and Oracle machine on your network within seconds. Asset management, MSSQL audit, Oracle audit and more than all Cisco Router audit is handy with Secure Auditor. Just check out the link http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button On Mon, 14 Apr 2008 22:30:09 -0700, alban.thms@googlemail.com wrote: > Hi folks, Hi. >Go and get a copy of Secure Auditor which is a unified digital Go and f* yourself. -- Mladen Gogala http://mgogala.byethost5.com "Mladen Gogala" <mgogala@yahoo.com> schreef in bericht news:48059c03$0$6432$834e42db@reader.greatnowhere.com... > On Mon, 14 Apr 2008 22:30:09 -0700, alban.thms@googlemail.com wrote: > >> Hi folks, > > Hi. > >>Go and get a copy of Secure Auditor which is a unified digital > > Go and f* yourself. > > > -- > Mladen Gogala > http://mgogala.byethost5.com Right and don't f*** with Trojans here please. Shakespeare What's in a horse.... On Wed, 16 Apr 2008 09:46:12 +0200, Shakespeare wrote: > Right and don't f*** with Trojans...

security consultant breaks security ..
"John Schiefer .. admitted that he gained access without authorisation to hundreds of thousands of computers .. and that he remotely controlled these compromised machines through computer servers" "The malware .. would access private communications .. Schiefer and others would then use those communications to find out a users=92 account name(s), or usernames, and that user=92s password(s)" "Schiefer would then access accounts and make purchases unbeknowst to the true owner. Schiefer also admitted to giving those usernames and passwords to others" http://blogs.z...

Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005
Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- Security programs 2005 - Utimaco SafeGuard Advanced Security v4.30.0.335 Multi CD NR 17 543 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Base Module Multi CD NR 17 544 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Multi CD NR 17 545 Symantec Norton Internet Security 2005 CD NR 17 234 Symantec Client Security Corporate Edition v2.0 CD NR 15 321 Symantec Mail Security for Microsoft Exchange 4.0 CD NR 13 364 Steganos Internet Security 7 CD NR 16 968 McAfee Internet Security Suite V7.0 2005 CD NR 16 727 Security Service (c) McAfee CD NR 11 362 Symantec Norton Internet Security v3.0 For Mac OSX CD NR 12 698 Microsoft Windows XP SP2, With Advanced Security Technologies. CD NR 16 244 PANDA PLATINUM INTERNET SECURITY V8.05 SUB100 CD NR 16 096 Panda Platinum Internet SEcurity *Englsih-Spanish* 14 184 IBM Tivoli Security Manager v5.1 (c) IBM ...

Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005
Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- Security programs 2005 - Utimaco SafeGuard Advanced Security v4.30.0.335 Multi CD NR 17 543 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Base Module Multi CD NR 17 544 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Multi CD NR 17 545 Symantec Norton Internet Security 2005 CD NR 17 234 Symantec Client Security Corporate Edition v2.0 CD NR 15 321 Symantec Mail Security for Microsoft Exchange 4.0 CD NR 13 364 Steganos Internet Security 7 CD NR 16 968 McAfee Internet Security Suite V7.0 2005 CD NR 16 727 Security Service (c) McAfee CD NR 11 362 Symantec Norton Internet Security v3.0 For Mac OSX CD NR 12 698 Microsoft Windows XP SP2, With Advanced Security Technologies. CD NR 16 244 PANDA PLATINUM INTERNET SECURITY V8.05 SUB100 CD NR 16 096 Panda Platinum Internet SEcurity *Englsih-Spanish* 14 184 IBM Tivoli Security Manager v5.1 (c) IBM CD NR 15 750 Finjan Vital Securit...

Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005
Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- Security programs 2005 - Utimaco SafeGuard Advanced Security v4.30.0.335 Multi CD NR 17 543 Utimaco SafeGuard Advanced Security v4.30.0.335 Terminal Server Base Module Multi CD NR 17 544 Utimaco SafeGuard Advanced Security v4.30.0.335 ...

pgp programs 2005 -, Security programs 2005
pgp programs 2005 -, Security programs 2005 - , Firewall programs 2005 -, Antivirus programs 2005 -, APPDEV DOT NET SECURITY, Linux Security and Firewall programs 2005 -, CiscoWorks ( CW ) Security programs 2005 - , ---------------------------------------------------------------------------- pgp programs 2005 - PGP.CommandLine.for.Linux.v8.5.0 PGP.CommandLine.for.Solaris.v8.5.0 PGP.CommandLine.v8.5.0 (week 31/2004) PGP.Desktop.v8.1.for.Windows PGP.Personal.Desktop.v8.1.for.Macintosh (week 26/2004) PGP.Enterprise.v8.0.3 (week 49/20030 PGP.v8.0.3 (week 42/2003) 15/...

SSRT3627 Security Bulletin Rev.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ----------------------------------------------------------------- **REVISED 01** Source: HEWLETT-PACKARD COMPANY SECURITY BULLETIN: HPSBUX0309-280 Originally issued: 15 Sept. 2003 Last revised: 17 Oct. 2003 SSRT3627 Potential Sec. Vulnerability in Java VM (J2SE) and Java Secure Socket Extension (JSSE) (Rev. 1) ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin provided that it remains complete and intact. The information in the following Security Bulle...

Is there any c/c++ counterpart library for java.security.* and javax.security.* ?
Hi all, Is there any c/c++ counterpart library for java.security.* and javax.security.* ? I want to convert a Java project, which depends on java.security.* and javax.security.*, to native c/c++ project. Any suggestions? Thank you in advance! Best Regards, Xie, Bo xiebopublic@gmail.com wrote: > Hi all, > > Is there any c/c++ counterpart library for java.security.* and > javax.security.* ? I want to convert a Java project, which depends on > java.security.* and javax.security.*, to native c/c++ project. > Any suggestions? Over on sci.crypt, http://www.eskimo.com/~wei...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45283832410)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45283832410) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45285057606)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45285057606) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in confidence to <staffing@eurosoft-inc.com> ..45285057606. ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284757611)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284757611) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284132404)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284132404) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in confidence to <staffing@eurosoft-inc.com> ..45284132404. ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284132404)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284132404) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in confidence to <staffing@eurosoft-inc.com> ..45284132404. ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45285332409)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45285332409) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in confidence to <staffing@eurosoft-inc.com> ..45285332409. ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45285332409)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45285332409) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284457607)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284457607) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45283832410)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45283832410) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in confidence to <staffing@eurosoft-inc.com> ..45283832410. ...

US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284757611)
US-AL-Huntsville: SAP Security Admin, SAP R/3 Security, BW Security; C-P (45284757611) ====================================================================================== Position: SAP Security Admin Reference: SMC01136 Location: Huntsville AL Duration: C-P 7+yrs of related experience including detailed knowledge of SAP R/3 Security. Experience with design, development, testing, implementation and on-going maintenance of MIS security systems. SAP R/3 & BW Security Please send your current resume in confidence to <staffing@eurosoft-inc.com> ..45284757611. ...

Web resources about - how secure is the security from my security form? - comp.lang.java.security

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Apple hires former Microsoft, Amazon executive to head corporate security
... executive to oversee its corporate digital defenses, according to Reuters . George Stathakopoulos was vice president of information security ...

Nexus Devices getting a Second March 2016 Security Update
When it comes to security updates, once a month is usually pretty outstanding. Especially when it comes to comparing Nexus or unlocked devices ...

Apple’s top security expert to testify in court this Tuesday
Next Monday, Apple will once take command of the tech news cycle when it introduces a range of new hardware , including a brand new 4-inch iPhone ...

Ted Cruz Announces National Security Team, Including Frank Gaffney, Michael Ledeen, Elliott Abrams
Senator Ted Cruz (R-TX) announced his team of national security advisers on Thursday. The group includes a wide range of views, especially on ...

Only 1 woman on UN Security Council _ from the United States
... — The number of women diplomats at the United Nations has always been low and for the last 70 years only a few have gotten seats on the Security ...

Q&A: Symantec CEO On Split, New Security-Focused Channel Vision And Apple Vs. FBI *
Symantec has had a busy year, completing its split, landing a massive strategic investment, and continuing to roll out new products and partner ...

Resources last updated: 3/20/2016 6:10:12 PM