Re: SSL Authentication using Java or JSP

From: "Oliver Wong" <owong@xxxxxxxxxxxxxx>
Date: Thu, 29 Jun 2006 22:35:35 GMT

"Susanne Kaufmann" <susikaufmann2003@xxxxxxxxxxx> wrote in message news:1151617197.966209.304320@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

e.g. make all of your links call a "authenticateRequest()" function in
your applet that makes an SSL call to the server, retrieves a new cookie
value, and sets it in the browser, and then allows the link click to
continue, so the browser sends the new cookie to the server as part of
the request.

Thank you for spending your time. Sorry, but what do you mean with
"setting a new cookie value in the browser"? I understand the things
before (I hope). The browser wants to open a site, the site calls a
authenticateRequest to the Java-Applet. But what happens then? Why do I
need a new Cookie-Value?

The new cookie acts as a security token. The Applet autenticates itself and asks for a password. The server checks the credentials, then gives the applet the password. The applet gives the password to the browser. The browser tries to connect to the site using the password from the applet. The server checks the password, then changes it. It'll only tell the new password to the applet, not the browser.

- Oliver

.

Follow-Ups:
- Re: SSL Authentication using Java or JSP
  - From: Susanne Kaufmann

References:
- SSL Authentication using Java or JSP
  - From: Susanne Kaufmann
- Re: SSL Authentication using Java or JSP
  - From: Jan Peter Stotz
- Re: SSL Authentication using Java or JSP
  - From: Oliver Wong
- Re: SSL Authentication using Java or JSP
  - From: Rogan Dawes
- Re: SSL Authentication using Java or JSP
  - From: Susanne Kaufmann
- Re: SSL Authentication using Java or JSP
  - From: Rogan Dawes
- Re: SSL Authentication using Java or JSP
  - From: Susanne Kaufmann
- Re: SSL Authentication using Java or JSP
  - From: Rogan Dawes
- Re: SSL Authentication using Java or JSP
  - From: Susanne Kaufmann

Prev by Date: Re: SSL Authentication using Java or JSP
Next by Date: Re: JSP Editor
Previous by thread: Re: SSL Authentication using Java or JSP
Next by thread: Re: SSL Authentication using Java or JSP
Index(es):
- Date
- Thread

Relevant Pages

Re: deleting cookies and local browser time versus server time
... Our server ... is in a different time zone than the browser I'm developing on. ... How can I test cookie expiration with that? ...
(comp.lang.php)
Re: password questions
... What's usually done in the PHP world is that the first time a browser ... goes to a site, it has no cookie, and says so when asked for one. ... server then asks for username and password, ... A cracker makes a request, trying to masquerade as the authenticated ...
(comp.lang.java.programmer)
RE: forms authentication cookie problem
... authentication cookie. ... what's going on on the server. ... >324488 Forms Authentication and View State Fail ... >characters, the browser will still request the page, but ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: Delivering on talk
... Paul Rubin wrote: ... > turn off the applet (set a cookie that JS would check before starting ... The Applet right now (loading from my server in an embedded frame/layer) ... Turning off the Applet with a cookie I've considered as well. ...
(sci.crypt)
[REVS] Cross Site Cooking
... Get your security news from a reliable source. ... On sites where authentication data is tied on a server to a session ID, ... Let's begin with a quick primer on cookie parsing: ... For security purposes, the browser ...
(Securiteam)