Validating

I was just wondering how one could validate the actual user is making a request.

Scenario:

I have a DB with a table like so:

forumID, attribute1, attribute2, attribute3.

Now lets say I write a servlet that does an update on this table, and that each specific "forumID" only belongs to a certain user and should only be updated by a certain user. How can I make sure that the proper user is making the request. Since anyone can just make a request with URL like http://somesite/context/updateForum?forumID=5,attri...., there is really nothing to validate the user.

One obvious method that comes to mind is just store the userID in a session variable (after login lets say) and also store that value with each entry in the table. and then compare entries. However these seems redundant to me and was wondering if there is a better way to do this?

Thanks,

Rob

[905 byte] By [robcioa] at [2007-11-27 3:45:38]

«« Windows vs. Unix
»» Issue with double quote in list box

# 1

You're going to need to store a password, or data supporting some other kind of authentication mechanism.

Then when your servlet wants to change data, the first thing it will do is look at the authentication data, and confirm that the user is properly authenticated.

Typically, authentication is done first, earlier, as part of a separate authentication step (i.e., logging in), and then a token is created that represents or encapsulates the user's authenticated state. This token is stored in the session, typically.

Does that answer your question?

paulcwa at 2007-7-12 8:49:22 >

top of Java-index,Java Essentials,Java Programming...

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Validating

Java Essentials New Topic

Java Essentials Hot Topic

Java Essentials

All Classified