Topic: Large-scale Servlet Programming (IBM WebSphere Developer Domain) |
 Print this page
|
| 1.Large-scale Servlet Programming (IBM WebSphere Developer Domain) | Copy to clipboard |
|
Posted by: why Posted on: 2003-06-22 13:20 Large-scale Servlet Programming by Kyle Brown, Rachel Reinitz, and Skyler Thomas Click here to open a new window | |
| 2.Re:Large-scale Servlet Programming (IBM WebSphere Developer Domain) [Re: why] | Copy to clipboard |
|
Posted by: archonLing Posted on: 2003-06-23 00:42 Good article. At my work, my boss made up his mind in keep everything in hidden fields. It adds a lot more work while doing web devleopement. This article seems to suggest using EJB for session data to be the best solution. It would work only if the project manager is willing to increase at least 20% of his project budget. With current economic environment, not many people would go for it. It is just my 2 cents. | |
| 3.Re:Large-scale Servlet Programming (IBM WebSphere Developer Domain) [Re: why] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-06-23 06:26 This is typical IBM out-of-mind solution,  .Database calls are expensive. WS 3.0 uses this strategy, didn't work well and later on they changed. For security reasons, we have to ask clients to turn on cookies. Otherwise they is always a way to break in with false identity. | |
| 4.Re:Large-scale Servlet Programming (IBM WebSphere Developer Domain) [Re: why] | Copy to clipboard |
|
Posted by: archonLing Posted on: 2003-06-23 14:50 How does turn on cookies help security? I though storing client data in cookies raises security issues. My company uses Netegrity's Siteminder for global user authentication. I guess the autherication server did not scale up so well. They are trying to fix the preformance issue for several weeks now. Hee, hee... Every time they made a configuraiton change/software update, it would break someone's application. Some of them are mission critical. It pissed quite some people off. lol | |
| 5.Re:Large-scale Servlet Programming (IBM WebSphere Developer Domain) [Re: why] | Copy to clipboard |
|
Posted by: floater Posted on: 2003-06-24 02:04 1. You need to have a way to identify clients. 2. cookie in memory is pretty safe 3. cookie is used for session only, *** identifies the identity. 4. crossing server/app is a pain in terms of maintaining sessions across apps/servers. 5. content in cookie is one-way hashed, somewhat business meaningless, time dependent. 6. some session mechnism is cookie oriented too. 7. hijacking the session is useless unless you have the *** too to identify yourself. | |
 |
Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1 客服电话 18559299278 客服信箱 714923@qq.com 客服QQ 714923 |