5 messages in com.mysql.lists.javaRE: java servlet | From | Sent On | Attachments |
|---|---|---|
| Bin Cai | 15 Nov 2001 10:22 | |
| Ylan Segal | 15 Nov 2001 10:52 | |
| Chris Gerrist | 15 Nov 2001 10:54 | |
| lawrence lu | 15 Nov 2001 11:02 | |
| xudin | 18 Nov 2001 11:29 |
| Subject: | RE: java servlet |
|---|---|
| From: | Ylan Segal (yl...@digiworks.tv) |
| Date: | 11/15/2001 10:52:15 AM |
| List: | com.mysql.lists.java |
You can try setting an object in session object like a boolean flag. Then,
in the rest of your application you check for it. If the user has typed the URL directly, then he won't have the flag in its session and you can redirect him back to the login.
Ylan
-----Original Message----- From: Bin Cai [mailto:ca...@ugrad.cs.ualberta.ca] Sent: Thursday, November 15, 2001 12:22 PM To: ja...@lists.mysql.com Subject: java servlet
Hi, listers, I have one concern. but I don't know if it is the problem. I am developing web-base application. I am using java servlet ,tomcat and mysql as database. I am doing administrator part,(adding students and questions for exams) first go to mainpage for administrator called "Administratorlogin", enter the login and password. if they are valid, anoter servlet "Adminmenu" invoked ( in this servlet, teacher can add student and questions). but my concern is people can also get access directly to Adminmenu page by typing the URL of this servlet, get around the login phase. this is security problem. How can i prevent people get access directly to "Adminmenu" page. make sure only one way to get access to Adminmenu page, Administratorlogin -->Adminmenu
Besides, can anyone recommend me some good website to me give me some idea about how the "administrator" interface should looks like and how the program goes?
Thanks in advance bin
--------------------------------------------------------------------- Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before posting. To request this thread, e-mail java...@lists.mysql.com
To unsubscribe, send a message to the address shown in the List-Unsubscribe header of this message. If you cannot see it, e-mail java...@lists.mysql.com instead.