April 10th, 2003, 01:13 PM
|
|
Clueless llama
|
|
Join Date: Feb 2001
Location: Lincoln, NE. USA
|
|
|
He wants a browser based app that is available on the internet but does not want to bother with logging in? Typical. If the web server is accessible from the internet, you obviously need to have some sort of protection. If the web app is only available on an intranet, then you might be able to forgo any protection.
Your idea of modifying the cookie on startup is doable. You will still have protection and the availability of users "on the road" to be able to use the app, but they will be prompted (which is not much of a hardship) when accessing from an 'open' computer.
Incidentally, persistent cookies are generally not considered a 'safe' way of protecting a web site. All any user has to do to gain access unlawfully is to copy the cookie and place it on another computer somewhere.
A web app by it's very definition is accessible to the world. If you want global access, but don't want the whole world to be in your stuff, the accepted practice is to have the user log in when they initally enter. It is a necessary evil. However, it is not uncommon for non-technical people to not understand this and want it to work like their 'old' system.
As far as I know you can't have it both ways. If you want global accessibility, you must log in. If you want to restrict access to only at work, then you can forgo logging in (in some cases).
EDIT: I reread your post. If all you want is the users name and don't need their password, you can get this from the system using System.getProperty("user.name"). However, you must make the applet a signed applet or you will get a security exception.
Last edited by Nemi : April 10th, 2003 at 01:19 PM.
|
Dev Shed Forums Sponsor:
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
